Joe Sandbox Cloud Basic Analysis Report

Loading Joe Sandbox Report ...

Edit tour

Windows Analysis Report
Setup.exe

Overview

General Information

Sample name:Setup.exe
Analysis ID:1525890
MD5:a496dae5f3d0664308aa6a8284ebed86
SHA1:7aedb3b07f3de8793263d3c58f930379d5d7f2fd
SHA256:1934cc0f8bd680d20eed2e2a88015319d27e31bf3f743d8fbda883ac3b07ae0d
Infos:

Detection

Score:42
Range:0 - 100
Whitelisted:false
Confidence:100%

Compliance

Score:35
Range:0 - 100

Signatures

Multi AV Scanner detection for dropped file
Creates multiple autostart registry keys
Queries sensitive disk information (via WMI, Win32_DiskDrive, often done to detect virtual machines)
Checks if Antivirus/Antispyware/Firewall program is installed (via WMI)
Contains functionality for read data from the clipboard
Contains functionality to check if a debugger is running (IsDebuggerPresent)
Contains functionality to check if a debugger is running (OutputDebugString,GetLastError)
Contains functionality to dynamically determine API calls
Contains functionality to query CPU information (cpuid)
Contains functionality to query locales information (e.g. system language)
Contains functionality to retrieve information about pressed keystrokes
Contains functionality to shutdown / reboot the system
Contains functionality to simulate keystroke presses
Contains functionality which may be used to detect a debugger (GetProcessHeap)
Contains long sleeps (>= 3 min)
Creates a process in suspended mode (likely to inject code)
Detected non-DNS traffic on DNS port
Detected potential crypto function
Drops PE files
EXE planting / hijacking vulnerabilities found
Found dropped PE file which has not been started or loaded
Found evasive API chain (date check)
Found large amount of non-executed APIs
Found potential string decryption / allocating functions
IP address seen in connection with other malware
JA3 SSL client fingerprint seen in connection with other malware
May sleep (evasive loops) to hinder dynamic analysis
Monitors certain registry keys / values for changes (often done to protect autostart functionality)
PE file contains an invalid checksum
PE file contains more sections than normal
PE file contains sections with non-standard names
Queries sensitive BIOS Information (via WMI, Win32_Bios & Win32_BaseBoard, often done to detect virtual machines)
Queries sensitive Operating System Information (via WMI, Win32_ComputerSystem, often done to detect virtual machines)
Queries sensitive processor information (via WMI, Win32_Processor, often done to detect virtual machines)
Queries the volume information (name, serial number etc) of a device
Sample execution stops while process was sleeping (likely an evasion)
Sample file is different than original file name gathered from version info
Sigma detected: CurrentVersion Autorun Keys Modification
Stores files to the Windows start menu directory
Uses 32bit PE files
Uses code obfuscation techniques (call, push, ret)

Classification

Process Tree

  • System is w10x64
  • Setup.exe (PID: 7480 cmdline: "C:\Users\user\Desktop\Setup.exe" MD5: A496DAE5F3D0664308AA6A8284EBED86)
    • chrome.exe (PID: 7656 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized --single-argument https://pcapp.store/installing.php?guid=71434D56-1548-ED3D-AEE6-C75AECD93BF0&winver=19045&version=fa.1091x&nocache=20241004100016.659&_fcid=1728048003008516 MD5: 45DE480806D1B5D462A7DDE4DCEFC4E4)
      • chrome.exe (PID: 7872 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2072 --field-trial-handle=1976,i,400288646878977216,18295332373340912217,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8 MD5: 45DE480806D1B5D462A7DDE4DCEFC4E4)
      • chrome.exe (PID: 7404 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=5280 --field-trial-handle=1976,i,400288646878977216,18295332373340912217,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8 MD5: 45DE480806D1B5D462A7DDE4DCEFC4E4)
      • chrome.exe (PID: 5012 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5460 --field-trial-handle=1976,i,400288646878977216,18295332373340912217,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8 MD5: 45DE480806D1B5D462A7DDE4DCEFC4E4)
    • nsr7B99.tmp (PID: 9108 cmdline: "C:\Users\user\AppData\Local\Temp\nsr7B99.tmp" /internal 1728048003008516 /force MD5: 7D864ECA0B76FBC20223DFA8A0CBD588)
      • PcAppStore.exe (PID: 8400 cmdline: "C:\Users\user\PCAppStore\PcAppStore.exe" /init default MD5: B9769675AB9AA29B4D54C8140A1E218E)
        • explorer.exe (PID: 2580 cmdline: C:\Windows\Explorer.EXE MD5: 662F4F92FDE3557E86D110526BB578D5)
      • Watchdog.exe (PID: 8408 cmdline: "C:\Users\user\PCAppStore\Watchdog.exe" /guid=71434D56-1548-ED3D-AEE6-C75AECD93BF0 /rid=20241004100207.8525974062 /ver=fa.1091x MD5: C8C3AC12EF71E9CE0C7911250B85154C)
  • cleanup

Malware Configuration

No configs have been found

Yara Signatures

No yara matches

Sigma Signatures

Sigma detected: CurrentVersion Autorun Keys Modification
Source: Registry Key setAuthor: Victor Sergeev, Daniil Yugoslavskiy, Gleb Sukhodolskiy, Timur Zinniatullin, oscd.community, Tim Shelton, frack113 (split): Data: Details: "C:\Users\user\PCAppStore\PCAppStore.exe" /init default, EventID: 13, EventType: SetValue, Image: C:\Users\user\AppData\Local\Temp\nsr7B99.tmp, ProcessId: 9108, TargetObject: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\PCAppStore

Suricata Signatures

No Suricata rule has matched

Joe Sandbox Signatures

Click to jump to signature section

Show All Signature Results

AV Detection

barindex
Multi AV Scanner detection for dropped file
Source: C:\Users\user\PCAppStore\Uninstaller.exeReversingLabs: Detection: 25%
Source: C:\Users\user\AppData\Local\Temp\nsr7B99.tmpEXE: C:\Users\user\PCAppStore\Uninstaller.exeJump to behavior
Source: C:\Users\user\AppData\Local\Temp\nsr7B99.tmpEXE: C:\Users\user\PCAppStore\Watchdog.exeJump to behavior
Source: C:\Users\user\AppData\Local\Temp\nsr7B99.tmpEXE: C:\Users\user\PCAppStore\nwjs\NW_store.exeJump to behavior
Source: C:\Users\user\AppData\Local\Temp\nsr7B99.tmpEXE: C:\Users\user\PCAppStore\PcAppStore.exeJump to behavior
Source: C:\Users\user\AppData\Local\Temp\nsr7B99.tmpEXE: C:\Users\user\PCAppStore\AutoUpdater.exeJump to behavior
Source: C:\Users\user\AppData\Local\Temp\nsr7B99.tmpEXE: C:\Users\user\PCAppStore\nwjs\notification_helper.exeJump to behavior
Source: https://pcapp.store/?p=lpd_installing_r2&guid=71434D56-1548-ED3D-AEE6-C75AECD93BF0&_fcid=1728048003008516&_winver=19045&version=fa.1091xHTTP Parser: No favicon
Source: https://pcapp.store/?p=lpd_installing_r2&guid=71434D56-1548-ED3D-AEE6-C75AECD93BF0&_fcid=1728048003008516&_winver=19045&version=fa.1091xHTTP Parser: No favicon
Source: https://pcapp.store/?p=lpd_installing_r2&guid=71434D56-1548-ED3D-AEE6-C75AECD93BF0&_fcid=1728048003008516&_winver=19045&version=fa.1091xHTTP Parser: No favicon

Compliance

barindex
EXE planting / hijacking vulnerabilities found
Source: C:\Users\user\AppData\Local\Temp\nsr7B99.tmpEXE: C:\Users\user\PCAppStore\Uninstaller.exeJump to behavior
Source: C:\Users\user\AppData\Local\Temp\nsr7B99.tmpEXE: C:\Users\user\PCAppStore\Watchdog.exeJump to behavior
Source: C:\Users\user\AppData\Local\Temp\nsr7B99.tmpEXE: C:\Users\user\PCAppStore\nwjs\NW_store.exeJump to behavior
Source: C:\Users\user\AppData\Local\Temp\nsr7B99.tmpEXE: C:\Users\user\PCAppStore\PcAppStore.exeJump to behavior
Source: C:\Users\user\AppData\Local\Temp\nsr7B99.tmpEXE: C:\Users\user\PCAppStore\AutoUpdater.exeJump to behavior
Source: C:\Users\user\AppData\Local\Temp\nsr7B99.tmpEXE: C:\Users\user\PCAppStore\nwjs\notification_helper.exeJump to behavior
Uses 32bit PE files
Source: Setup.exeStatic PE information: RELOCS_STRIPPED, EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, LOCAL_SYMS_STRIPPED, 32BIT_MACHINE
Creates a software uninstall entry
Source: C:\Users\user\AppData\Local\Temp\nsr7B99.tmpRegistry value created: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\PCAppStoreJump to behavior
Creates license or readme file
Source: C:\Users\user\AppData\Local\Temp\nsr7B99.tmpFile created: C:\Users\user\PCAppStore\ui\static\js\2.801b9d83.chunk.js.LICENSE.txtJump to behavior
Source: C:\Users\user\AppData\Local\Temp\nsr7B99.tmpFile created: C:\Users\user\PCAppStore\ReadMe.txtJump to behavior
PE / OLE file has a valid certificate
Source: Setup.exeStatic PE information: certificate valid
Uses secure TLS version for HTTPS connections
Source: unknownHTTPS traffic detected: 207.246.91.177:443 -> 192.168.2.4:49731 version: TLS 1.2
Source: unknownHTTPS traffic detected: 207.211.211.27:443 -> 192.168.2.4:49740 version: TLS 1.2
Source: unknownHTTPS traffic detected: 4.245.163.56:443 -> 192.168.2.4:49760 version: TLS 1.2
Source: unknownHTTPS traffic detected: 184.28.90.27:443 -> 192.168.2.4:49788 version: TLS 1.2
Source: unknownHTTPS traffic detected: 184.28.90.27:443 -> 192.168.2.4:49796 version: TLS 1.2
Source: unknownHTTPS traffic detected: 13.85.23.206:443 -> 192.168.2.4:63056 version: TLS 1.2
Source: unknownHTTPS traffic detected: 4.175.87.197:443 -> 192.168.2.4:63058 version: TLS 1.2
Source: unknownHTTPS traffic detected: 4.245.163.56:443 -> 192.168.2.4:63061 version: TLS 1.2
Source: unknownHTTPS traffic detected: 4.245.163.56:443 -> 192.168.2.4:63062 version: TLS 1.2
Source: unknownHTTPS traffic detected: 13.107.246.60:443 -> 192.168.2.4:63067 version: TLS 1.2
Source: unknownHTTPS traffic detected: 45.32.1.23:443 -> 192.168.2.4:63276 version: TLS 1.2
Source: unknownHTTPS traffic detected: 45.32.1.23:443 -> 192.168.2.4:63370 version: TLS 1.2
Source: unknownHTTPS traffic detected: 45.32.1.23:443 -> 192.168.2.4:63373 version: TLS 1.2
Source: unknownHTTPS traffic detected: 18.173.205.111:443 -> 192.168.2.4:63372 version: TLS 1.2
Contains modern PE file flags such as dynamic base (ASLR) or NX
Source: Setup.exeStatic PE information: DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE
Binary contains paths to debug symbols
Source: Binary string: C:\Users\zak\Downloads\Inetc\Unicode\Plugins\inetc.pdb source: Setup.exe, 00000000.00000002.2581156480.000000000040A000.00000004.00000001.01000000.00000003.sdmp
Source: Binary string: C:\Build\Build_1091x_D20240904T085718\fa_rss\AppStoreUpdater\Release\auto_updater.pdb source: nsr7B99.tmp, 0000000B.00000002.3118453750.0000000002C2B000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: C:\Build\Build_1091x_D20240904T085718\fa_rss\Watchdog\x64\Release\Watchdog.pdb source: nsr7B99.tmp, 0000000B.00000002.3118453750.0000000002839000.00000004.00000020.00020000.00000000.sdmp, Watchdog.exe, 0000000D.00000000.2964054733.00007FF74EE0A000.00000002.00000001.01000000.00000015.sdmp, Watchdog.exe, 0000000D.00000002.3062518813.00007FF74EE0A000.00000002.00000001.01000000.00000015.sdmp
Source: Binary string: C:\Build\Build_1091x_D20240904T085718\fa_rss\AppStoreUpdater\Release\auto_updater.pdb1 source: nsr7B99.tmp, 0000000B.00000002.3118453750.0000000002C2B000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: C:\Build\Build_1091x_D20240904T085718\fa_rss\engine\Release\PCAppStore.pdb source: nsr7B99.tmp, 0000000B.00000002.3118453750.0000000002C2B000.00000004.00000020.00020000.00000000.sdmp, PcAppStore.exe, 0000000C.00000002.3060819819.00007FF751C94000.00000002.00000001.01000000.00000014.sdmp, PcAppStore.exe, 0000000C.00000000.2963791742.00007FF751C94000.00000002.00000001.01000000.00000014.sdmp
Source: C:\Users\user\Desktop\Setup.exeCode function: 0_2_00405C49 GetTempPathW,DeleteFileW,lstrcatW,lstrcatW,lstrlenW,FindFirstFileW,FindNextFileW,FindClose,0_2_00405C49
Source: C:\Users\user\Desktop\Setup.exeCode function: 0_2_00406873 FindFirstFileW,FindClose,0_2_00406873
Source: C:\Users\user\Desktop\Setup.exeCode function: 0_2_0040290B FindFirstFileW,0_2_0040290B
Source: C:\Users\user\AppData\Local\Temp\nsr7B99.tmpCode function: 11_2_00405D74 CloseHandle,GetTempPathW,DeleteFileW,lstrcatW,lstrcatW,lstrlenW,FindFirstFileW,FindNextFileW,FindClose,11_2_00405D74
Source: C:\Users\user\AppData\Local\Temp\nsr7B99.tmpCode function: 11_2_0040699E FindFirstFileW,FindClose,11_2_0040699E
Source: C:\Users\user\AppData\Local\Temp\nsr7B99.tmpCode function: 11_2_0040290B FindFirstFileW,11_2_0040290B
Source: C:\Users\user\PCAppStore\PcAppStore.exeCode function: 12_2_00007FF751C2D224 GetFileAttributesExW,GetLastError,FindFirstFileW,GetLastError,FindClose,__std_fs_open_handle,CloseHandle,GetFileInformationByHandleEx,GetLastError,CloseHandle,GetFileInformationByHandleEx,GetLastError,CloseHandle,GetFileInformationByHandleEx,GetLastError,CloseHandle,CloseHandle,CloseHandle,12_2_00007FF751C2D224
Source: C:\Users\user\PCAppStore\PcAppStore.exeCode function: 12_2_00007FF751C2D174 FindClose,FindFirstFileExW,GetLastError,GetCurrentDirectoryW,GetLastError,12_2_00007FF751C2D174
Source: C:\Users\user\PCAppStore\Watchdog.exeCode function: 13_2_00007FF74EDF1690 FindClose,FindFirstFileExW,GetLastError,13_2_00007FF74EDF1690
Source: C:\Users\user\PCAppStore\Watchdog.exeCode function: 13_2_00007FF74EDF1704 GetFileAttributesExW,GetLastError,FindFirstFileW,GetLastError,FindClose,__std_fs_open_handle,CloseHandle,GetFileInformationByHandleEx,GetLastError,CloseHandle,GetFileInformationByHandleEx,GetLastError,CloseHandle,GetFileInformationByHandleEx,GetLastError,CloseHandle,CloseHandle,CloseHandle,13_2_00007FF74EDF1704
Source: C:\Users\user\PCAppStore\Watchdog.exeCode function: 13_2_00007FF74EE002E0 _invalid_parameter_noinfo,FindFirstFileExW,FindNextFileW,FindClose,FindClose,13_2_00007FF74EE002E0
Source: global trafficTCP traffic: 192.168.2.4:63055 -> 162.159.36.2:53
Source: Joe Sandbox ViewIP Address: 104.248.126.225 104.248.126.225
Source: Joe Sandbox ViewIP Address: 195.181.170.18 195.181.170.18
Source: Joe Sandbox ViewIP Address: 239.255.255.250 239.255.255.250
Source: Joe Sandbox ViewIP Address: 207.211.211.27 207.211.211.27
Source: Joe Sandbox ViewJA3 fingerprint: 28a2c9bd18a11de089ef85a160da29e4
Source: Joe Sandbox ViewJA3 fingerprint: a0e9f5d64349fb13191bc781f81f42e1
Source: Joe Sandbox ViewJA3 fingerprint: 37f463bf4616ecd445d4a1937da06e19
Source: unknownTCP traffic detected without corresponding DNS query: 173.222.162.32
Source: unknownTCP traffic detected without corresponding DNS query: 4.245.163.56
Source: unknownTCP traffic detected without corresponding DNS query: 4.245.163.56
Source: unknownTCP traffic detected without corresponding DNS query: 4.245.163.56
Source: unknownTCP traffic detected without corresponding DNS query: 4.245.163.56
Source: unknownTCP traffic detected without corresponding DNS query: 4.245.163.56
Source: unknownTCP traffic detected without corresponding DNS query: 4.245.163.56
Source: unknownTCP traffic detected without corresponding DNS query: 173.222.162.32
Source: unknownTCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknownTCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknownTCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknownTCP traffic detected without corresponding DNS query: 4.245.163.56
Source: unknownTCP traffic detected without corresponding DNS query: 4.245.163.56
Source: unknownTCP traffic detected without corresponding DNS query: 4.245.163.56
Source: unknownTCP traffic detected without corresponding DNS query: 4.245.163.56
Source: unknownTCP traffic detected without corresponding DNS query: 4.245.163.56
Source: unknownTCP traffic detected without corresponding DNS query: 4.245.163.56
Source: unknownTCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknownTCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknownTCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknownTCP traffic detected without corresponding DNS query: 4.245.163.56
Source: unknownTCP traffic detected without corresponding DNS query: 4.245.163.56
Source: unknownTCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknownTCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknownTCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknownTCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknownTCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknownTCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknownTCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknownTCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknownTCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknownTCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknownTCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknownTCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknownTCP traffic detected without corresponding DNS query: 162.159.36.2
Source: unknownTCP traffic detected without corresponding DNS query: 162.159.36.2
Source: unknownTCP traffic detected without corresponding DNS query: 162.159.36.2
Source: unknownTCP traffic detected without corresponding DNS query: 162.159.36.2
Source: unknownTCP traffic detected without corresponding DNS query: 13.85.23.206
Source: unknownTCP traffic detected without corresponding DNS query: 13.85.23.206
Source: unknownTCP traffic detected without corresponding DNS query: 13.85.23.206
Source: unknownTCP traffic detected without corresponding DNS query: 13.85.23.206
Source: unknownTCP traffic detected without corresponding DNS query: 13.85.23.206
Source: unknownTCP traffic detected without corresponding DNS query: 13.85.23.206
Source: unknownTCP traffic detected without corresponding DNS query: 13.85.23.206
Source: unknownTCP traffic detected without corresponding DNS query: 4.245.163.56
Source: unknownTCP traffic detected without corresponding DNS query: 4.245.163.56
Source: unknownTCP traffic detected without corresponding DNS query: 4.245.163.56
Source: unknownTCP traffic detected without corresponding DNS query: 4.245.163.56
Source: unknownTCP traffic detected without corresponding DNS query: 4.175.87.197
Source: C:\Users\user\AppData\Local\Temp\nsr7B99.tmpCode function: 11_2_6FB5332C lstrcmpiW,lstrcmpiW,InternetOpenW,GlobalAlloc,lstrcmpiW,GetLastError,lstrlenW,lstrlenW,GlobalAlloc,GlobalAlloc,InternetCrackUrlW,InternetConnectW,lstrcpyW,lstrcpyW,InternetSetOptionW,lstrlenW,InternetSetOptionW,lstrlenW,InternetSetOptionW,InternetSetOptionW,lstrlenW,InternetSetOptionW,lstrlenW,InternetSetOptionW,InternetSetOptionW,InternetSetOptionW,InternetSetOptionW,HttpOpenRequestW,HttpAddRequestHeadersW,HttpAddRequestHeadersW,lstrcmpiW,HttpAddRequestHeadersW,lstrlenW,lstrlenW,GlobalAlloc,lstrcpyW,lstrcatW,lstrcatW,lstrcatW,HttpAddRequestHeadersW,GlobalFree,GetLastError,lstrcmpiW,lstrlenW,HttpSendRequestW,GetLastError,lstrlenW,HttpSendRequestW,GetLastError,GlobalFree,GlobalFree,HttpSendRequestW,GetLastError,InternetQueryDataAvailable,GlobalAlloc,InternetReadFile,GetLastError,GlobalFree,GetLastError,HttpQueryInfoW,GetLastError,GlobalAlloc,HttpQueryInfoW,GlobalFree,InternetCloseHandle,GetLastError,InternetCloseHandle,GetLastError,GetLastError,GlobalFree,GlobalFree,GlobalFree,GlobalFree,InternetCloseHandle,GetLastError,11_2_6FB5332C
Source: global trafficHTTP traffic detected: GET /pixel.gif?guid=71434D56-1548-ED3D-AEE6-C75AECD93BF0&version=fa.1091x&evt_src=fa_mini_installer&evt_action=show_page&p=wel&_fcid=1728048003008516 HTTP/1.1User-Agent: NSIS_Inetc (Mozilla)Host: pcapp.storeConnection: Keep-AliveCache-Control: no-cache
Source: global trafficHTTP traffic detected: GET /pixel.gif?guid=71434D56-1548-ED3D-AEE6-C75AECD93BF0&version=fa.1091x&evt_src=fa_mini_installer&evt_action=show_page&p=installing&_fcid=1728048003008516 HTTP/1.1User-Agent: NSIS_Inetc (Mozilla)Host: pcapp.storeConnection: Keep-AliveCache-Control: no-cache
Source: global trafficHTTP traffic detected: GET /pixel.gif?guid=71434D56-1548-ED3D-AEE6-C75AECD93BF0&version=fa.1091x&evt_src=fa_mini_installer&evt_action=start&permision=&_fcid=1728048003008516 HTTP/1.1User-Agent: NSIS_Inetc (Mozilla)Host: pcapp.storeConnection: Keep-AliveCache-Control: no-cache
Source: global trafficHTTP traffic detected: GET /pixel.gif?guid=71434D56-1548-ED3D-AEE6-C75AECD93BF0&version=fa.1091x&evt_src=fa_mini_installer&evt_action=download_start&_fcid=1728048003008516 HTTP/1.1User-Agent: NSIS_Inetc (Mozilla)Host: pcapp.storeConnection: Keep-AliveCache-Control: no-cache
Source: global trafficHTTP traffic detected: GET /installing.php?guid=71434D56-1548-ED3D-AEE6-C75AECD93BF0&winver=19045&version=fa.1091x&nocache=20241004100016.659&_fcid=1728048003008516 HTTP/1.1Host: pcapp.storeConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Upgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: noneSec-Fetch-Mode: navigateSec-Fetch-User: ?1Sec-Fetch-Dest: documentAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global trafficHTTP traffic detected: GET /download.php?&src=mini_installer&file=1&mini_ver=fa.1091x HTTP/1.1User-Agent: NSIS_Inetc (Mozilla)Host: delivery.pcapp.storeConnection: Keep-AliveCache-Control: no-cache
Source: global trafficHTTP traffic detected: GET /?p=lpd_installing_r2&guid=71434D56-1548-ED3D-AEE6-C75AECD93BF0&_fcid=1728048003008516&_winver=19045&version=fa.1091x HTTP/1.1Host: pcapp.storeConnection: keep-aliveUpgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: noneSec-Fetch-Mode: navigateSec-Fetch-User: ?1Sec-Fetch-Dest: documentsec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global trafficHTTP traffic detected: GET /lp/lpd_installing_r2/src/lpd_installing_r2.min.css?nocache=1709636059406 HTTP/1.1Host: pcapp.storeConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: text/css,*/*;q=0.1Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: styleReferer: https://pcapp.store/?p=lpd_installing_r2&guid=71434D56-1548-ED3D-AEE6-C75AECD93BF0&_fcid=1728048003008516&_winver=19045&version=fa.1091xAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global trafficHTTP traffic detected: GET /images/front_img/lp/lpd_installing_r2/img/done_windows_icon.svg HTTP/1.1Host: pcapp.storeConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://pcapp.store/?p=lpd_installing_r2&guid=71434D56-1548-ED3D-AEE6-C75AECD93BF0&_fcid=1728048003008516&_winver=19045&version=fa.1091xAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global trafficHTTP traffic detected: GET /src/main.js HTTP/1.1Host: pcapp.storeConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: */*Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://pcapp.store/?p=lpd_installing_r2&guid=71434D56-1548-ED3D-AEE6-C75AECD93BF0&_fcid=1728048003008516&_winver=19045&version=fa.1091xAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global trafficHTTP traffic detected: GET /lp/lpd_installing_r2/src/lpd_installing_r2.min.js?nocache=1709636059406 HTTP/1.1Host: pcapp.storeConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: */*Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://pcapp.store/?p=lpd_installing_r2&guid=71434D56-1548-ED3D-AEE6-C75AECD93BF0&_fcid=1728048003008516&_winver=19045&version=fa.1091xAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global trafficHTTP traffic detected: GET /images/front_img/lp/lpd_installing_r2/img/done_cursor_icon.svg HTTP/1.1Host: pcapp.storeConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://pcapp.store/lp/lpd_installing_r2/src/lpd_installing_r2.min.css?nocache=1709636059406Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: _fcid=1728048003008516
Source: global trafficHTTP traffic detected: GET /src/main.js HTTP/1.1Host: pcapp.storeConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: */*Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: _fcid=1728048003008516
Source: global trafficHTTP traffic detected: GET /lp/lpd_installing_r2/src/lpd_installing_r2.min.js?nocache=1709636059406 HTTP/1.1Host: pcapp.storeConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: */*Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: _fcid=1728048003008516
Source: global trafficHTTP traffic detected: GET /pcapp/images/front_img/lp/lpd_installing_r2/img/done_windows_icon.svg HTTP/1.1Host: repository.pcapp.storeConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8Sec-Fetch-Site: same-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://pcapp.store/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: _fcid=1728048003008516
Source: global trafficHTTP traffic detected: GET /pcapp/images/front_img/lp/lpd_installing_r2/img/done_cursor_icon.svg HTTP/1.1Host: repository.pcapp.storeConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8Sec-Fetch-Site: same-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://pcapp.store/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: _fcid=1728048003008516
Source: global trafficHTTP traffic detected: GET /td/rul/858128210?random=1728050423031&cv=11&fst=1728050423031&fmt=3&bg=ffffff&guid=ON&async=1&gtm=45be4a20v9103256652za200&gcd=13l3l3l3l1l1&dma=0&tag_exp=101671035~101747727&u_w=1280&u_h=1024&url=https%3A%2F%2Fpcapp.store%2F%3Fp%3Dlpd_installing_r2%26guid%3D71434D56-1548-ED3D-AEE6-C75AECD93BF0%26_fcid%3D1728048003008516%26_winver%3D19045%26version%3Dfa.1091x&hn=www.googleadservices.com&frm=0&tiba=APP%20STORE%3A%20Installing&npa=0&pscdl=noapi&auid=1413056622.1728050423&uaa=x86&uab=64&uafvl=Google%2520Chrome%3B117.0.5938.132%7CNot%253BA%253DBrand%3B8.0.0.0%7CChromium%3B117.0.5938.132&uamb=0&uam=&uap=Windows&uapv=10.0.0&uaw=0&fledge=1&data=event%3Dgtag.config HTTP/1.1Host: td.doubleclick.netConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Upgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7X-Client-Data: CKq1yQEIi7bJAQiktskBCKmdygEIoOHKAQiWocsBCJz+zAEIhaDNAQi5ys0BCIrTzQEY9snNARjrjaUXSec-Fetch-Site: cross-siteSec-Fetch-Mode: navigateSec-Fetch-Dest: iframeReferer: https://pcapp.store/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global trafficHTTP traffic detected: GET /td/rul/858128210?random=1728050423090&cv=11&fst=1728050423090&fmt=3&bg=ffffff&guid=ON&async=1&gtm=45be4a20v9103256652za200&gcd=13l3l3l3l1l1&dma=0&tag_exp=101671035~101747727&u_w=1280&u_h=1024&url=https%3A%2F%2Fpcapp.store%2F%3Fp%3Dlpd_installing_r2%26guid%3D71434D56-1548-ED3D-AEE6-C75AECD93BF0%26_fcid%3D1728048003008516%26_winver%3D19045%26version%3Dfa.1091x&hn=www.googleadservices.com&frm=0&tiba=APP%20STORE%3A%20Installing&npa=0&pscdl=noapi&auid=1413056622.1728050423&uaa=x86&uab=64&uafvl=Google%2520Chrome%3B117.0.5938.132%7CNot%253BA%253DBrand%3B8.0.0.0%7CChromium%3B117.0.5938.132&uamb=0&uam=&uap=Windows&uapv=10.0.0&uaw=0&fledge=1&data=event%3Dpage_view HTTP/1.1Host: td.doubleclick.netConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Upgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7X-Client-Data: CKq1yQEIi7bJAQiktskBCKmdygEIoOHKAQiWocsBCJz+zAEIhaDNAQi5ys0BCIrTzQEY9snNARjrjaUXSec-Fetch-Site: cross-siteSec-Fetch-Mode: navigateSec-Fetch-Dest: iframeReferer: https://pcapp.store/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global trafficHTTP traffic detected: GET /pagead/viewthroughconversion/858128210/?random=1728050423031&cv=11&fst=1728050423031&bg=ffffff&guid=ON&async=1&gtm=45be4a20v9103256652za200&gcd=13l3l3l3l1l1&dma=0&tag_exp=101671035~101747727&u_w=1280&u_h=1024&url=https%3A%2F%2Fpcapp.store%2F%3Fp%3Dlpd_installing_r2%26guid%3D71434D56-1548-ED3D-AEE6-C75AECD93BF0%26_fcid%3D1728048003008516%26_winver%3D19045%26version%3Dfa.1091x&hn=www.googleadservices.com&frm=0&tiba=APP%20STORE%3A%20Installing&npa=0&pscdl=noapi&auid=1413056622.1728050423&uaa=x86&uab=64&uafvl=Google%2520Chrome%3B117.0.5938.132%7CNot%253BA%253DBrand%3B8.0.0.0%7CChromium%3B117.0.5938.132&uamb=0&uam=&uap=Windows&uapv=10.0.0&uaw=0&fledge=1&data=event%3Dgtag.config&rfmt=3&fmt=4 HTTP/1.1Host: googleads.g.doubleclick.netConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: */*X-Client-Data: CKq1yQEIi7bJAQiktskBCKmdygEIoOHKAQiWocsBCJz+zAEIhaDNAQi5ys0BCIrTzQEY9snNARjrjaUXSec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://pcapp.store/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global trafficHTTP traffic detected: GET /td/ga/rul?tid=G-VFQWFX3X1C&gacid=1613511744.1728050423&gtm=45je4a20v898645365za200&dma=0&gcd=13l3l3l3l1l1&npa=0&pscdl=noapi&aip=1&fledge=1&frm=0&tag_exp=101671035~101747727&z=502626798 HTTP/1.1Host: td.doubleclick.netConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Upgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7X-Client-Data: CKq1yQEIi7bJAQiktskBCKmdygEIoOHKAQiWocsBCJz+zAEIhaDNAQi5ys0BCIrTzQEY9snNARjrjaUXSec-Fetch-Site: cross-siteSec-Fetch-Mode: navigateSec-Fetch-Dest: iframeReferer: https://pcapp.store/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global trafficHTTP traffic detected: GET /pagead/viewthroughconversion/858128210/?random=1728050423090&cv=11&fst=1728050423090&bg=ffffff&guid=ON&async=1&gtm=45be4a20v9103256652za200&gcd=13l3l3l3l1l1&dma=0&tag_exp=101671035~101747727&u_w=1280&u_h=1024&url=https%3A%2F%2Fpcapp.store%2F%3Fp%3Dlpd_installing_r2%26guid%3D71434D56-1548-ED3D-AEE6-C75AECD93BF0%26_fcid%3D1728048003008516%26_winver%3D19045%26version%3Dfa.1091x&hn=www.googleadservices.com&frm=0&tiba=APP%20STORE%3A%20Installing&npa=0&pscdl=noapi&auid=1413056622.1728050423&uaa=x86&uab=64&uafvl=Google%2520Chrome%3B117.0.5938.132%7CNot%253BA%253DBrand%3B8.0.0.0%7CChromium%3B117.0.5938.132&uamb=0&uam=&uap=Windows&uapv=10.0.0&uaw=0&fledge=1&data=event%3Dpage_view&rfmt=3&fmt=4 HTTP/1.1Host: googleads.g.doubleclick.netConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: */*X-Client-Data: CKq1yQEIi7bJAQiktskBCKmdygEIoOHKAQiWocsBCJz+zAEIhaDNAQi5ys0BCIrTzQEY9snNARjrjaUXSec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://pcapp.store/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global trafficHTTP traffic detected: GET /pagead/viewthroughconversion/858128210/?random=1728050424541&cv=11&fst=1728050424541&bg=ffffff&guid=ON&async=1&gtm=45be4a20v9103256652za200&gcd=13l3l3l3l1l1&dma=0&tag_exp=101671035~101747727&u_w=1280&u_h=1024&url=https%3A%2F%2Fpcapp.store%2F%3Fp%3Dlpd_installing_r2%26guid%3D71434D56-1548-ED3D-AEE6-C75AECD93BF0%26_fcid%3D1728048003008516%26_winver%3D19045%26version%3Dfa.1091x&label=kTaFCIuq0YYZENL-l5kD&hn=www.googleadservices.com&frm=0&tiba=APP%20STORE%3A%20Installing&value=1&currency_code=USD&npa=0&pscdl=noapi&auid=1413056622.1728050423&uaa=x86&uab=64&uafvl=Google%2520Chrome%3B117.0.5938.132%7CNot%253BA%253DBrand%3B8.0.0.0%7CChromium%3B117.0.5938.132&uamb=0&uam=&uap=Windows&uapv=10.0.0&uaw=0&fledge=1&data=event%3Dconversion&rfmt=3&fmt=4 HTTP/1.1Host: googleads.g.doubleclick.netConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: */*X-Client-Data: CKq1yQEIi7bJAQiktskBCKmdygEIoOHKAQiWocsBCJz+zAEIhaDNAQi5ys0BCIrTzQEY9snNARjrjaUXSec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://pcapp.store/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global trafficHTTP traffic detected: GET /td/rul/858128210?random=1728050424541&cv=11&fst=1728050424541&fmt=3&bg=ffffff&guid=ON&async=1&gtm=45be4a20v9103256652za200&gcd=13l3l3l3l1l1&dma=0&tag_exp=101671035~101747727&u_w=1280&u_h=1024&url=https%3A%2F%2Fpcapp.store%2F%3Fp%3Dlpd_installing_r2%26guid%3D71434D56-1548-ED3D-AEE6-C75AECD93BF0%26_fcid%3D1728048003008516%26_winver%3D19045%26version%3Dfa.1091x&label=kTaFCIuq0YYZENL-l5kD&hn=www.googleadservices.com&frm=0&tiba=APP%20STORE%3A%20Installing&value=1&currency_code=USD&npa=0&pscdl=noapi&auid=1413056622.1728050423&uaa=x86&uab=64&uafvl=Google%2520Chrome%3B117.0.5938.132%7CNot%253BA%253DBrand%3B8.0.0.0%7CChromium%3B117.0.5938.132&uamb=0&uam=&uap=Windows&uapv=10.0.0&uaw=0&fledge=1&data=event%3Dconversion HTTP/1.1Host: td.doubleclick.netConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Upgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7X-Client-Data: CKq1yQEIi7bJAQiktskBCKmdygEIoOHKAQiWocsBCJz+zAEIhaDNAQi5ys0BCIrTzQEY9snNARjrjaUXSec-Fetch-Site: cross-siteSec-Fetch-Mode: navigateSec-Fetch-Dest: iframeReferer: https://pcapp.store/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global trafficHTTP traffic detected: GET /SLS/%7B522D76A4-93E1-47F8-B8CE-07C937AD1A1E%7D/x64/10.0.19045.2006/0?CH=700&L=en-GB&P=&PT=0x30&WUA=10.0.19041.1949&MK=byR+Araygn2HoGg&MD=4T1WPHdf HTTP/1.1Connection: Keep-AliveAccept: */*User-Agent: Windows-Update-Agent/10.0.10011.16384 Client-Protocol/2.33Host: slscr.update.microsoft.com
Source: global trafficHTTP traffic detected: GET /pagead/1p-user-list/858128210/?random=1728050423031&cv=11&fst=1728050400000&bg=ffffff&guid=ON&async=1&gtm=45be4a20v9103256652za200&gcd=13l3l3l3l1l1&dma=0&tag_exp=101671035~101747727&u_w=1280&u_h=1024&url=https%3A%2F%2Fpcapp.store%2F%3Fp%3Dlpd_installing_r2%26guid%3D71434D56-1548-ED3D-AEE6-C75AECD93BF0%26_fcid%3D1728048003008516%26_winver%3D19045%26version%3Dfa.1091x&hn=www.googleadservices.com&frm=0&tiba=APP%20STORE%3A%20Installing&npa=0&pscdl=noapi&auid=1413056622.1728050423&uaa=x86&uab=64&uafvl=Google%2520Chrome%3B117.0.5938.132%7CNot%253BA%253DBrand%3B8.0.0.0%7CChromium%3B117.0.5938.132&uamb=0&uam=&uap=Windows&uapv=10.0.0&uaw=0&fledge=1&data=event%3Dgtag.config&rfmt=3&fmt=3&is_vtc=1&cid=CAQSGwDpaXnfMyJhrDhaB3exTGr8QiAbkrI9dhntbA&random=412081743&rmt_tld=0&ipr=y HTTP/1.1Host: www.google.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8X-Client-Data: CKq1yQEIi7bJAQiktskBCKmdygEIoOHKAQiWocsBCJz+zAEIhaDNAQi5ys0BCIrTzQEY9snNARjrjaUXSec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://pcapp.store/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global trafficHTTP traffic detected: GET /pagead/1p-user-list/858128210/?random=1728050423090&cv=11&fst=1728050400000&bg=ffffff&guid=ON&async=1&gtm=45be4a20v9103256652za200&gcd=13l3l3l3l1l1&dma=0&tag_exp=101671035~101747727&u_w=1280&u_h=1024&url=https%3A%2F%2Fpcapp.store%2F%3Fp%3Dlpd_installing_r2%26guid%3D71434D56-1548-ED3D-AEE6-C75AECD93BF0%26_fcid%3D1728048003008516%26_winver%3D19045%26version%3Dfa.1091x&hn=www.googleadservices.com&frm=0&tiba=APP%20STORE%3A%20Installing&npa=0&pscdl=noapi&auid=1413056622.1728050423&uaa=x86&uab=64&uafvl=Google%2520Chrome%3B117.0.5938.132%7CNot%253BA%253DBrand%3B8.0.0.0%7CChromium%3B117.0.5938.132&uamb=0&uam=&uap=Windows&uapv=10.0.0&uaw=0&fledge=1&data=event%3Dpage_view&rfmt=3&fmt=3&is_vtc=1&cid=CAQSGwDpaXnfHC5MIpIlTCTLIfAxrOxhncFxOihRsw&random=1571864367&rmt_tld=0&ipr=y HTTP/1.1Host: www.google.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8X-Client-Data: CKq1yQEIi7bJAQiktskBCKmdygEIoOHKAQiWocsBCJz+zAEIhaDNAQi5ys0BCIrTzQEY9snNARjrjaUXSec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://pcapp.store/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global trafficHTTP traffic detected: GET /pixelgif.php HTTP/1.1Host: pcapp.storeConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: */*Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: _fcid=1728048003008516; _gcl_au=1.1.1413056622.1728050423; _ga=GA1.1.1613511744.1728050423; guid=71434D56-1548-ED3D-AEE6-C75AECD93BF0; _ga_VFQWFX3X1C=GS1.1.1728050423.1.0.1728050423.60.0.0
Source: global trafficHTTP traffic detected: GET /api/api.php HTTP/1.1Host: pcapp.storeConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: */*Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: _fcid=1728048003008516; _gcl_au=1.1.1413056622.1728050423; _ga=GA1.1.1613511744.1728050423; guid=71434D56-1548-ED3D-AEE6-C75AECD93BF0; _ga_VFQWFX3X1C=GS1.1.1728050423.1.0.1728050423.60.0.0
Source: global trafficHTTP traffic detected: GET /pagead/viewthroughconversion/858128210/?random=1728050423031&cv=11&fst=1728050423031&bg=ffffff&guid=ON&async=1&gtm=45be4a20v9103256652za200&gcd=13l3l3l3l1l1&dma=0&tag_exp=101671035~101747727&u_w=1280&u_h=1024&url=https%3A%2F%2Fpcapp.store%2F%3Fp%3Dlpd_installing_r2%26guid%3D71434D56-1548-ED3D-AEE6-C75AECD93BF0%26_fcid%3D1728048003008516%26_winver%3D19045%26version%3Dfa.1091x&hn=www.googleadservices.com&frm=0&tiba=APP%20STORE%3A%20Installing&npa=0&pscdl=noapi&auid=1413056622.1728050423&uaa=x86&uab=64&uafvl=Google%2520Chrome%3B117.0.5938.132%7CNot%253BA%253DBrand%3B8.0.0.0%7CChromium%3B117.0.5938.132&uamb=0&uam=&uap=Windows&uapv=10.0.0&uaw=0&fledge=1&data=event%3Dgtag.config&rfmt=3&fmt=4 HTTP/1.1Host: googleads.g.doubleclick.netConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: */*X-Client-Data: CKq1yQEIi7bJAQiktskBCKmdygEIoOHKAQiWocsBCJz+zAEIhaDNAQi5ys0BCIrTzQEY9snNARjrjaUXSec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: test_cookie=CheckForPermission
Source: global trafficHTTP traffic detected: GET /pcapp/images/front_img/lp/lpd_installing_r2/img/done_windows_icon.svg HTTP/1.1Host: repository.pcapp.storeConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: */*Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: _fcid=1728048003008516; _gcl_au=1.1.1413056622.1728050423; _ga=GA1.1.1613511744.1728050423; guid=71434D56-1548-ED3D-AEE6-C75AECD93BF0; _ga_VFQWFX3X1C=GS1.1.1728050423.1.0.1728050423.60.0.0
Source: global trafficHTTP traffic detected: GET /pcapp/images/front_img/lp/lpd_installing_r2/img/done_cursor_icon.svg HTTP/1.1Host: repository.pcapp.storeConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: */*Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: _fcid=1728048003008516; _gcl_au=1.1.1413056622.1728050423; _ga=GA1.1.1613511744.1728050423; guid=71434D56-1548-ED3D-AEE6-C75AECD93BF0; _ga_VFQWFX3X1C=GS1.1.1728050423.1.0.1728050423.60.0.0
Source: global trafficHTTP traffic detected: GET /pagead/viewthroughconversion/858128210/?random=1728050423090&cv=11&fst=1728050423090&bg=ffffff&guid=ON&async=1&gtm=45be4a20v9103256652za200&gcd=13l3l3l3l1l1&dma=0&tag_exp=101671035~101747727&u_w=1280&u_h=1024&url=https%3A%2F%2Fpcapp.store%2F%3Fp%3Dlpd_installing_r2%26guid%3D71434D56-1548-ED3D-AEE6-C75AECD93BF0%26_fcid%3D1728048003008516%26_winver%3D19045%26version%3Dfa.1091x&hn=www.googleadservices.com&frm=0&tiba=APP%20STORE%3A%20Installing&npa=0&pscdl=noapi&auid=1413056622.1728050423&uaa=x86&uab=64&uafvl=Google%2520Chrome%3B117.0.5938.132%7CNot%253BA%253DBrand%3B8.0.0.0%7CChromium%3B117.0.5938.132&uamb=0&uam=&uap=Windows&uapv=10.0.0&uaw=0&fledge=1&data=event%3Dpage_view&rfmt=3&fmt=4 HTTP/1.1Host: googleads.g.doubleclick.netConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: */*X-Client-Data: CKq1yQEIi7bJAQiktskBCKmdygEIoOHKAQiWocsBCJz+zAEIhaDNAQi5ys0BCIrTzQEY9snNARjrjaUXSec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: test_cookie=CheckForPermission
Source: global trafficHTTP traffic detected: GET /api/api.php HTTP/1.1Host: pcapp.storeConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: */*Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: _fcid=1728048003008516; _gcl_au=1.1.1413056622.1728050423; _ga=GA1.1.1613511744.1728050423; guid=71434D56-1548-ED3D-AEE6-C75AECD93BF0; _ga_VFQWFX3X1C=GS1.1.1728050423.1.0.1728050423.60.0.0
Source: global trafficHTTP traffic detected: GET /pagead/1p-user-list/858128210/?random=1728050424541&cv=11&fst=1728050400000&bg=ffffff&guid=ON&async=1&gtm=45be4a20v9103256652za200&gcd=13l3l3l3l1l1&dma=0&tag_exp=101671035~101747727&u_w=1280&u_h=1024&url=https%3A%2F%2Fpcapp.store%2F%3Fp%3Dlpd_installing_r2%26guid%3D71434D56-1548-ED3D-AEE6-C75AECD93BF0%26_fcid%3D1728048003008516%26_winver%3D19045%26version%3Dfa.1091x&label=kTaFCIuq0YYZENL-l5kD&hn=www.googleadservices.com&frm=0&tiba=APP%20STORE%3A%20Installing&value=1&currency_code=USD&npa=0&pscdl=noapi&auid=1413056622.1728050423&uaa=x86&uab=64&uafvl=Google%2520Chrome%3B117.0.5938.132%7CNot%253BA%253DBrand%3B8.0.0.0%7CChromium%3B117.0.5938.132&uamb=0&uam=&uap=Windows&uapv=10.0.0&uaw=0&fledge=1&data=event%3Dconversion&rfmt=3&fmt=3&is_vtc=1&cid=CAQSGwDpaXnfrQKJZqhbwCZL-JlMDajsFktEauMEvw&random=1288843383&rmt_tld=0&ipr=y HTTP/1.1Host: www.google.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8X-Client-Data: CKq1yQEIi7bJAQiktskBCKmdygEIoOHKAQiWocsBCJz+zAEIhaDNAQi5ys0BCIrTzQEY9snNARjrjaUXSec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://pcapp.store/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global trafficHTTP traffic detected: GET /pagead/viewthroughconversion/858128210/?random=1728050424541&cv=11&fst=1728050424541&bg=ffffff&guid=ON&async=1&gtm=45be4a20v9103256652za200&gcd=13l3l3l3l1l1&dma=0&tag_exp=101671035~101747727&u_w=1280&u_h=1024&url=https%3A%2F%2Fpcapp.store%2F%3Fp%3Dlpd_installing_r2%26guid%3D71434D56-1548-ED3D-AEE6-C75AECD93BF0%26_fcid%3D1728048003008516%26_winver%3D19045%26version%3Dfa.1091x&label=kTaFCIuq0YYZENL-l5kD&hn=www.googleadservices.com&frm=0&tiba=APP%20STORE%3A%20Installing&value=1&currency_code=USD&npa=0&pscdl=noapi&auid=1413056622.1728050423&uaa=x86&uab=64&uafvl=Google%2520Chrome%3B117.0.5938.132%7CNot%253BA%253DBrand%3B8.0.0.0%7CChromium%3B117.0.5938.132&uamb=0&uam=&uap=Windows&uapv=10.0.0&uaw=0&fledge=1&data=event%3Dconversion&rfmt=3&fmt=4 HTTP/1.1Host: googleads.g.doubleclick.netConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: */*X-Client-Data: CKq1yQEIi7bJAQiktskBCKmdygEIoOHKAQiWocsBCJz+zAEIhaDNAQi5ys0BCIrTzQEY9snNARjrjaUXSec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: test_cookie=CheckForPermission
Source: global trafficHTTP traffic detected: GET /pagead/1p-user-list/858128210/?random=1728050423031&cv=11&fst=1728050400000&bg=ffffff&guid=ON&async=1&gtm=45be4a20v9103256652za200&gcd=13l3l3l3l1l1&dma=0&tag_exp=101671035~101747727&u_w=1280&u_h=1024&url=https%3A%2F%2Fpcapp.store%2F%3Fp%3Dlpd_installing_r2%26guid%3D71434D56-1548-ED3D-AEE6-C75AECD93BF0%26_fcid%3D1728048003008516%26_winver%3D19045%26version%3Dfa.1091x&hn=www.googleadservices.com&frm=0&tiba=APP%20STORE%3A%20Installing&npa=0&pscdl=noapi&auid=1413056622.1728050423&uaa=x86&uab=64&uafvl=Google%2520Chrome%3B117.0.5938.132%7CNot%253BA%253DBrand%3B8.0.0.0%7CChromium%3B117.0.5938.132&uamb=0&uam=&uap=Windows&uapv=10.0.0&uaw=0&fledge=1&data=event%3Dgtag.config&rfmt=3&fmt=3&is_vtc=1&cid=CAQSGwDpaXnfMyJhrDhaB3exTGr8QiAbkrI9dhntbA&random=412081743&rmt_tld=0&ipr=y HTTP/1.1Host: www.google.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: */*X-Client-Data: CKq1yQEIi7bJAQiktskBCKmdygEIoOHKAQiWocsBCJz+zAEIhaDNAQi5ys0BCIrTzQEY9snNARjrjaUXSec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global trafficHTTP traffic detected: GET /pagead/1p-user-list/858128210/?random=1728050423090&cv=11&fst=1728050400000&bg=ffffff&guid=ON&async=1&gtm=45be4a20v9103256652za200&gcd=13l3l3l3l1l1&dma=0&tag_exp=101671035~101747727&u_w=1280&u_h=1024&url=https%3A%2F%2Fpcapp.store%2F%3Fp%3Dlpd_installing_r2%26guid%3D71434D56-1548-ED3D-AEE6-C75AECD93BF0%26_fcid%3D1728048003008516%26_winver%3D19045%26version%3Dfa.1091x&hn=www.googleadservices.com&frm=0&tiba=APP%20STORE%3A%20Installing&npa=0&pscdl=noapi&auid=1413056622.1728050423&uaa=x86&uab=64&uafvl=Google%2520Chrome%3B117.0.5938.132%7CNot%253BA%253DBrand%3B8.0.0.0%7CChromium%3B117.0.5938.132&uamb=0&uam=&uap=Windows&uapv=10.0.0&uaw=0&fledge=1&data=event%3Dpage_view&rfmt=3&fmt=3&is_vtc=1&cid=CAQSGwDpaXnfHC5MIpIlTCTLIfAxrOxhncFxOihRsw&random=1571864367&rmt_tld=0&ipr=y HTTP/1.1Host: www.google.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: */*X-Client-Data: CKq1yQEIi7bJAQiktskBCKmdygEIoOHKAQiWocsBCJz+zAEIhaDNAQi5ys0BCIrTzQEY9snNARjrjaUXSec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global trafficHTTP traffic detected: GET /lp/appstore/img/favicon.ico HTTP/1.1Host: pcapp.storeConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://pcapp.store/?p=lpd_installing_r2&guid=71434D56-1548-ED3D-AEE6-C75AECD93BF0&_fcid=1728048003008516&_winver=19045&version=fa.1091xAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: _fcid=1728048003008516; _gcl_au=1.1.1413056622.1728050423; _ga=GA1.1.1613511744.1728050423; guid=71434D56-1548-ED3D-AEE6-C75AECD93BF0; _ga_VFQWFX3X1C=GS1.1.1728050423.1.0.1728050423.60.0.0
Source: global trafficHTTP traffic detected: GET /fs/windows/config.json HTTP/1.1Connection: Keep-AliveAccept: */*Accept-Encoding: identityIf-Unmodified-Since: Tue, 16 May 2017 22:58:00 GMTRange: bytes=0-2147483646User-Agent: Microsoft BITS/7.8Host: fs.microsoft.com
Source: global trafficHTTP traffic detected: GET /pagead/1p-user-list/858128210/?random=1728050424541&cv=11&fst=1728050400000&bg=ffffff&guid=ON&async=1&gtm=45be4a20v9103256652za200&gcd=13l3l3l3l1l1&dma=0&tag_exp=101671035~101747727&u_w=1280&u_h=1024&url=https%3A%2F%2Fpcapp.store%2F%3Fp%3Dlpd_installing_r2%26guid%3D71434D56-1548-ED3D-AEE6-C75AECD93BF0%26_fcid%3D1728048003008516%26_winver%3D19045%26version%3Dfa.1091x&label=kTaFCIuq0YYZENL-l5kD&hn=www.googleadservices.com&frm=0&tiba=APP%20STORE%3A%20Installing&value=1&currency_code=USD&npa=0&pscdl=noapi&auid=1413056622.1728050423&uaa=x86&uab=64&uafvl=Google%2520Chrome%3B117.0.5938.132%7CNot%253BA%253DBrand%3B8.0.0.0%7CChromium%3B117.0.5938.132&uamb=0&uam=&uap=Windows&uapv=10.0.0&uaw=0&fledge=1&data=event%3Dconversion&rfmt=3&fmt=3&is_vtc=1&cid=CAQSGwDpaXnfrQKJZqhbwCZL-JlMDajsFktEauMEvw&random=1288843383&rmt_tld=0&ipr=y HTTP/1.1Host: www.google.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: */*X-Client-Data: CKq1yQEIi7bJAQiktskBCKmdygEIoOHKAQiWocsBCJz+zAEIhaDNAQi5ys0BCIrTzQEY9snNARjrjaUXSec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global trafficHTTP traffic detected: GET /lp/appstore/img/favicon.ico HTTP/1.1Host: pcapp.storeConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: */*Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: _fcid=1728048003008516; _gcl_au=1.1.1413056622.1728050423; _ga=GA1.1.1613511744.1728050423; guid=71434D56-1548-ED3D-AEE6-C75AECD93BF0; _ga_VFQWFX3X1C=GS1.1.1728050423.1.0.1728050423.60.0.0
Source: global trafficHTTP traffic detected: GET /api/api.php HTTP/1.1Host: pcapp.storeConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: */*Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: _fcid=1728048003008516; _gcl_au=1.1.1413056622.1728050423; _ga=GA1.1.1613511744.1728050423; guid=71434D56-1548-ED3D-AEE6-C75AECD93BF0; _ga_VFQWFX3X1C=GS1.1.1728050423.1.0.1728050423.60.0.0
Source: global trafficHTTP traffic detected: GET /api/api.php HTTP/1.1Host: pcapp.storeConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: */*Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: _fcid=1728048003008516; _gcl_au=1.1.1413056622.1728050423; _ga=GA1.1.1613511744.1728050423; guid=71434D56-1548-ED3D-AEE6-C75AECD93BF0; _ga_VFQWFX3X1C=GS1.1.1728050423.1.0.1728050423.60.0.0
Source: global trafficHTTP traffic detected: GET /api/api.php HTTP/1.1Host: pcapp.storeConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: */*Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: _fcid=1728048003008516; _gcl_au=1.1.1413056622.1728050423; _ga=GA1.1.1613511744.1728050423; guid=71434D56-1548-ED3D-AEE6-C75AECD93BF0; _ga_VFQWFX3X1C=GS1.1.1728050423.1.0.1728050423.60.0.0
Source: global trafficHTTP traffic detected: GET /clientwebservice/ping HTTP/1.1Connection: Keep-AliveUser-Agent: DNS resiliency checker/1.0Host: fe3cr.delivery.mp.microsoft.com
Source: global trafficHTTP traffic detected: GET /sls/ping HTTP/1.1Connection: Keep-AliveUser-Agent: DNS resiliency checker/1.0Host: slscr.update.microsoft.com
Source: global trafficHTTP traffic detected: GET /api/api.php HTTP/1.1Host: pcapp.storeConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: */*Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: _fcid=1728048003008516; _gcl_au=1.1.1413056622.1728050423; _ga=GA1.1.1613511744.1728050423; guid=71434D56-1548-ED3D-AEE6-C75AECD93BF0; _ga_VFQWFX3X1C=GS1.1.1728050423.1.0.1728050423.60.0.0
Source: global trafficHTTP traffic detected: GET /SLS/%7B522D76A4-93E1-47F8-B8CE-07C937AD1A1E%7D/x64/10.0.19045.2006/0?CH=700&L=en-GB&P=&PT=0x30&WUA=10.0.19041.1949&MK=byR+Araygn2HoGg&MD=4T1WPHdf HTTP/1.1Connection: Keep-AliveAccept: */*User-Agent: Windows-Update-Agent/10.0.10011.16384 Client-Protocol/2.33Host: slscr.update.microsoft.com
Source: global trafficHTTP traffic detected: GET /SLS/%7BE7A50285-D08D-499D-9FF8-180FDC2332BC%7D/x64/10.0.19045.2006/0?CH=700&L=en-GB&P=&PT=0x30&WUA=10.0.19041.1949&MK=byR+Araygn2HoGg&MD=4T1WPHdf HTTP/1.1Connection: Keep-AliveAccept: */*User-Agent: Windows-Update-Agent/10.0.10011.16384 Client-Protocol/2.33Host: slscr.update.microsoft.com
Source: global trafficHTTP traffic detected: GET /api/api.php HTTP/1.1Host: pcapp.storeConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: */*Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: _fcid=1728048003008516; _gcl_au=1.1.1413056622.1728050423; _ga=GA1.1.1613511744.1728050423; guid=71434D56-1548-ED3D-AEE6-C75AECD93BF0; _ga_VFQWFX3X1C=GS1.1.1728050423.1.0.1728050423.60.0.0
Source: global trafficHTTP traffic detected: GET /api/api.php HTTP/1.1Host: pcapp.storeConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: */*Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: _fcid=1728048003008516; _gcl_au=1.1.1413056622.1728050423; _ga=GA1.1.1613511744.1728050423; guid=71434D56-1548-ED3D-AEE6-C75AECD93BF0; _ga_VFQWFX3X1C=GS1.1.1728050423.1.0.1728050423.60.0.0
Source: global trafficHTTP traffic detected: GET /rules/other-Win32-v19.bundle HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global trafficHTTP traffic detected: GET /api/api.php HTTP/1.1Host: pcapp.storeConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: */*Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: _fcid=1728048003008516; _gcl_au=1.1.1413056622.1728050423; _ga=GA1.1.1613511744.1728050423; guid=71434D56-1548-ED3D-AEE6-C75AECD93BF0; _ga_VFQWFX3X1C=GS1.1.1728050423.1.0.1728050423.60.0.0
Source: global trafficHTTP traffic detected: GET /rules/rule120609v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global trafficHTTP traffic detected: GET /rules/rule224902v2s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global trafficHTTP traffic detected: GET /rules/rule120600v4s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global trafficHTTP traffic detected: GET /rules/rule120608v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global trafficHTTP traffic detected: GET /rules/rule120402v21s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global trafficHTTP traffic detected: GET /rules/rule120610v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global trafficHTTP traffic detected: GET /rules/rule120611v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global trafficHTTP traffic detected: GET /rules/rule120613v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global trafficHTTP traffic detected: GET /rules/rule120612v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global trafficHTTP traffic detected: GET /rules/rule120614v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global trafficHTTP traffic detected: GET /rules/rule120615v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global trafficHTTP traffic detected: GET /rules/rule120617v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global trafficHTTP traffic detected: GET /rules/rule120616v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global trafficHTTP traffic detected: GET /rules/rule120618v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global trafficHTTP traffic detected: GET /rules/rule120619v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global trafficHTTP traffic detected: GET /rules/rule120620v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global trafficHTTP traffic detected: GET /rules/rule120621v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global trafficHTTP traffic detected: GET /rules/rule120622v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global trafficHTTP traffic detected: GET /rules/rule120623v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global trafficHTTP traffic detected: GET /rules/rule120624v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global trafficHTTP traffic detected: GET /rules/rule120625v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global trafficHTTP traffic detected: GET /rules/rule120626v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global trafficHTTP traffic detected: GET /rules/rule120628v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global trafficHTTP traffic detected: GET /rules/rule120629v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global trafficHTTP traffic detected: GET /rules/rule120627v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global trafficHTTP traffic detected: GET /rules/rule120631v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global trafficHTTP traffic detected: GET /rules/rule120630v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global trafficHTTP traffic detected: GET /rules/rule120632v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global trafficHTTP traffic detected: GET /rules/rule120633v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global trafficHTTP traffic detected: GET /rules/rule120634v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global trafficHTTP traffic detected: GET /api/api.php HTTP/1.1Host: pcapp.storeConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: */*Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: _fcid=1728048003008516; _gcl_au=1.1.1413056622.1728050423; _ga=GA1.1.1613511744.1728050423; guid=71434D56-1548-ED3D-AEE6-C75AECD93BF0; _ga_VFQWFX3X1C=GS1.1.1728050423.1.0.1728050423.60.0.0
Source: global trafficHTTP traffic detected: GET /rules/rule120636v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global trafficHTTP traffic detected: GET /rules/rule120635v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global trafficHTTP traffic detected: GET /rules/rule120637v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global trafficHTTP traffic detected: GET /rules/rule120638v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global trafficHTTP traffic detected: GET /rules/rule120639v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global trafficHTTP traffic detected: GET /rules/rule120640v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global trafficHTTP traffic detected: GET /rules/rule120642v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global trafficHTTP traffic detected: GET /rules/rule120641v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global trafficHTTP traffic detected: GET /rules/rule120643v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global trafficHTTP traffic detected: GET /rules/rule120644v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global trafficHTTP traffic detected: GET /rules/rule120645v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global trafficHTTP traffic detected: GET /rules/rule120647v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global trafficHTTP traffic detected: GET /rules/rule120646v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global trafficHTTP traffic detected: GET /rules/rule120648v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global trafficHTTP traffic detected: GET /rules/rule120649v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global trafficHTTP traffic detected: GET /rules/rule120651v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global trafficHTTP traffic detected: GET /rules/rule120650v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global trafficHTTP traffic detected: GET /rules/rule120652v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global trafficHTTP traffic detected: GET /rules/rule120653v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global trafficHTTP traffic detected: GET /rules/rule120654v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global trafficHTTP traffic detected: GET /rules/rule120656v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global trafficHTTP traffic detected: GET /rules/rule120655v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global trafficHTTP traffic detected: GET /rules/rule120658v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global trafficHTTP traffic detected: GET /rules/rule120659v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global trafficHTTP traffic detected: GET /rules/rule120660v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global trafficHTTP traffic detected: GET /rules/rule120657v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global trafficHTTP traffic detected: GET /rules/rule120661v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global trafficHTTP traffic detected: GET /rules/rule120662v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global trafficHTTP traffic detected: GET /rules/rule120663v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global trafficHTTP traffic detected: GET /rules/rule120664v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global trafficHTTP traffic detected: GET /api/api.php HTTP/1.1Host: pcapp.storeConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: */*Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: _fcid=1728048003008516; _gcl_au=1.1.1413056622.1728050423; _ga=GA1.1.1613511744.1728050423; guid=71434D56-1548-ED3D-AEE6-C75AECD93BF0; _ga_VFQWFX3X1C=GS1.1.1728050423.1.0.1728050423.60.0.0
Source: global trafficHTTP traffic detected: GET /rules/rule120665v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global trafficHTTP traffic detected: GET /rules/rule120666v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global trafficHTTP traffic detected: GET /rules/rule120668v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global trafficHTTP traffic detected: GET /rules/rule120667v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global trafficHTTP traffic detected: GET /rules/rule120669v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global trafficHTTP traffic detected: GET /rules/rule120670v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global trafficHTTP traffic detected: GET /rules/rule120671v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global trafficHTTP traffic detected: GET /rules/rule120672v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global trafficHTTP traffic detected: GET /rules/rule120673v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global trafficHTTP traffic detected: GET /rules/rule120674v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global trafficHTTP traffic detected: GET /rules/rule120675v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global trafficHTTP traffic detected: GET /rules/rule120676v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global trafficHTTP traffic detected: GET /rules/rule120678v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global trafficHTTP traffic detected: GET /rules/rule120677v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global trafficHTTP traffic detected: GET /rules/rule120679v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global trafficHTTP traffic detected: GET /rules/rule120681v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global trafficHTTP traffic detected: GET /rules/rule120680v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global trafficHTTP traffic detected: GET /rules/rule120682v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global trafficHTTP traffic detected: GET /rules/rule120602v10s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global trafficHTTP traffic detected: GET /rules/rule120601v3s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global trafficHTTP traffic detected: GET /rules/rule700201v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global trafficHTTP traffic detected: GET /rules/rule224901v11s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global trafficHTTP traffic detected: GET /rules/rule701201v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global trafficHTTP traffic detected: GET /rules/rule701200v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global trafficHTTP traffic detected: GET /rules/rule700200v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global trafficHTTP traffic detected: GET /rules/rule702350v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global trafficHTTP traffic detected: GET /rules/rule701250v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global trafficHTTP traffic detected: GET /rules/rule701251v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global trafficHTTP traffic detected: GET /rules/rule702351v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global trafficHTTP traffic detected: GET /rules/rule700051v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global trafficHTTP traffic detected: GET /api/api.php HTTP/1.1Host: pcapp.storeConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: */*Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: _fcid=1728048003008516; _gcl_au=1.1.1413056622.1728050423; _ga=GA1.1.1613511744.1728050423; guid=71434D56-1548-ED3D-AEE6-C75AECD93BF0; _ga_VFQWFX3X1C=GS1.1.1728050423.1.0.1728050423.60.0.0
Source: global trafficHTTP traffic detected: GET /rules/rule700050v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global trafficHTTP traffic detected: GET /rules/rule702950v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global trafficHTTP traffic detected: GET /rules/rule702951v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global trafficHTTP traffic detected: GET /rules/rule701151v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global trafficHTTP traffic detected: GET /rules/rule701150v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global trafficHTTP traffic detected: GET /rules/rule702201v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global trafficHTTP traffic detected: GET /rules/rule700400v2s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global trafficHTTP traffic detected: GET /rules/rule702200v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global trafficHTTP traffic detected: GET /rules/rule700351v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global trafficHTTP traffic detected: GET /rules/rule700401v2s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global trafficHTTP traffic detected: GET /rules/rule703901v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global trafficHTTP traffic detected: GET /rules/rule700350v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global trafficHTTP traffic detected: GET /rules/rule703900v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global trafficHTTP traffic detected: GET /rules/rule701501v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global trafficHTTP traffic detected: GET /rules/rule701500v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global trafficHTTP traffic detected: GET /rules/rule702800v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global trafficHTTP traffic detected: GET /rules/rule702801v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global trafficHTTP traffic detected: GET /rules/rule703501v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global trafficHTTP traffic detected: GET /rules/rule703350v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global trafficHTTP traffic detected: GET /rules/rule703351v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global trafficHTTP traffic detected: GET /rules/rule701801v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global trafficHTTP traffic detected: GET /rules/rule703500v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global trafficHTTP traffic detected: GET /rules/rule701800v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global trafficHTTP traffic detected: GET /rules/rule701051v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global trafficHTTP traffic detected: GET /rules/rule701050v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global trafficHTTP traffic detected: GET /rules/rule702751v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global trafficHTTP traffic detected: GET /rules/rule702300v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global trafficHTTP traffic detected: GET /rules/rule702301v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global trafficHTTP traffic detected: GET /rules/rule703401v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global trafficHTTP traffic detected: GET /rules/rule702750v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global trafficHTTP traffic detected: GET /api/api.php HTTP/1.1Host: pcapp.storeConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: */*Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: _fcid=1728048003008516; _gcl_au=1.1.1413056622.1728050423; _ga=GA1.1.1613511744.1728050423; guid=71434D56-1548-ED3D-AEE6-C75AECD93BF0; _ga_VFQWFX3X1C=GS1.1.1728050423.1.0.1728050423.60.0.0
Source: global trafficHTTP traffic detected: GET /rules/rule703400v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global trafficHTTP traffic detected: GET /rules/rule702501v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global trafficHTTP traffic detected: GET /rules/rule702500v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global trafficHTTP traffic detected: GET /rules/rule700501v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global trafficHTTP traffic detected: GET /rules/rule700500v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global trafficHTTP traffic detected: GET /rules/rule702551v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global trafficHTTP traffic detected: GET /rules/rule702550v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global trafficHTTP traffic detected: GET /rules/rule701351v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global trafficHTTP traffic detected: GET /rules/rule701350v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global trafficHTTP traffic detected: GET /rules/rule702151v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global trafficHTTP traffic detected: GET /rules/rule702150v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global trafficHTTP traffic detected: GET /rules/rule700750v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global trafficHTTP traffic detected: GET /rules/rule700751v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global trafficHTTP traffic detected: GET /rules/rule703000v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global trafficHTTP traffic detected: GET /rules/rule703001v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global trafficHTTP traffic detected: GET /rules/rule700151v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global trafficHTTP traffic detected: GET /rules/rule703451v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global trafficHTTP traffic detected: GET /rules/rule700150v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global trafficHTTP traffic detected: GET /rules/rule703450v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global trafficHTTP traffic detected: GET /rules/rule700901v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global trafficHTTP traffic detected: GET /rules/rule700900v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global trafficHTTP traffic detected: GET /rules/rule702251v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global trafficHTTP traffic detected: GET /rules/rule702250v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global trafficHTTP traffic detected: GET /rules/rule702651v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global trafficHTTP traffic detected: GET /rules/rule702650v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global trafficHTTP traffic detected: GET /rules/rule703101v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global trafficHTTP traffic detected: GET /rules/rule703100v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global trafficHTTP traffic detected: GET /rules/rule702901v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global trafficHTTP traffic detected: GET /rules/rule702900v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global trafficHTTP traffic detected: GET /rules/rule703601v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global trafficHTTP traffic detected: GET /rules/rule703600v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global trafficHTTP traffic detected: GET /api/api.php HTTP/1.1Host: pcapp.storeConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: */*Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: _fcid=1728048003008516; _gcl_au=1.1.1413056622.1728050423; _ga=GA1.1.1613511744.1728050423; guid=71434D56-1548-ED3D-AEE6-C75AECD93BF0; _ga_VFQWFX3X1C=GS1.1.1728050423.1.0.1728050423.60.0.0
Source: global trafficHTTP traffic detected: GET /rules/rule703851v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global trafficHTTP traffic detected: GET /rules/rule703850v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global trafficHTTP traffic detected: GET /rules/rule703801v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global trafficHTTP traffic detected: GET /rules/rule703800v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global trafficHTTP traffic detected: GET /rules/rule703701v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global trafficHTTP traffic detected: GET /rules/rule703700v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global trafficHTTP traffic detected: GET /rules/rule703751v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global trafficHTTP traffic detected: GET /rules/rule703750v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global trafficHTTP traffic detected: GET /rules/rule701301v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global trafficHTTP traffic detected: GET /rules/rule701701v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global trafficHTTP traffic detected: GET /rules/rule701300v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global trafficHTTP traffic detected: GET /rules/rule704051v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global trafficHTTP traffic detected: GET /rules/rule704050v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global trafficHTTP traffic detected: GET /rules/rule701700v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global trafficHTTP traffic detected: GET /rules/rule702051v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global trafficHTTP traffic detected: GET /rules/rule700701v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global trafficHTTP traffic detected: GET /rules/rule700700v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global trafficHTTP traffic detected: GET /rules/rule702050v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global trafficHTTP traffic detected: GET /rules/rule700551v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global trafficHTTP traffic detected: GET /pixel.gif?guid=71434D56-1548-ED3D-AEE6-C75AECD93BF0&version=fa.1091x&evt_src=fa_mini_installer&evt_action=download_done&result=12345678-1234-5678-90AB-CDDEEFAABBCC&_fcid=1728048003008516 HTTP/1.1User-Agent: NSIS_Inetc (Mozilla)Host: pcapp.storeConnection: Keep-AliveCache-Control: no-cache
Source: global trafficHTTP traffic detected: GET /rules/rule700550v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global trafficHTTP traffic detected: GET /rules/rule703651v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global trafficHTTP traffic detected: GET /rules/rule703650v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global trafficHTTP traffic detected: GET /rules/rule700601v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global trafficHTTP traffic detected: GET /rules/rule700600v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global trafficHTTP traffic detected: GET /rules/rule702851v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global trafficHTTP traffic detected: GET /rules/rule703150v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global trafficHTTP traffic detected: GET /rules/rule703151v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global trafficHTTP traffic detected: GET /rules/rule703951v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global trafficHTTP traffic detected: GET /rules/rule703950v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global trafficHTTP traffic detected: GET /pixel.gif?guid=71434D56-1548-ED3D-AEE6-C75AECD93BF0&version=fa.1091x&evt_src=fa_mini_installer&evt_action=done&_fcid=1728048003008516 HTTP/1.1User-Agent: NSIS_Inetc (Mozilla)Host: pcapp.storeConnection: Keep-AliveCache-Control: no-cache
Source: global trafficHTTP traffic detected: GET /api/api.php HTTP/1.1Host: pcapp.storeConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: */*Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: _fcid=1728048003008516; _gcl_au=1.1.1413056622.1728050423; _ga=GA1.1.1613511744.1728050423; guid=71434D56-1548-ED3D-AEE6-C75AECD93BF0; _ga_VFQWFX3X1C=GS1.1.1728050423.1.0.1728050423.60.0.0
Source: global trafficHTTP traffic detected: GET /rules/rule702850v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global trafficHTTP traffic detected: GET /rules/rule700001v2s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global trafficHTTP traffic detected: GET /rules/rule700000v2s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global trafficHTTP traffic detected: GET /rules/rule701400v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global trafficHTTP traffic detected: GET /rules/rule701401v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global trafficHTTP traffic detected: GET /pixel.gif?guid=71434D56-1548-ED3D-AEE6-C75AECD93BF0&version=fa.1091x&evt_src=fa_installer&evt_action=internal&prev_v=fa.1091x HTTP/1.1User-Agent: NSIS_Inetc (Mozilla)Host: pcapp.storeConnection: Keep-AliveCache-Control: no-cache
Source: global trafficHTTP traffic detected: GET /rules/rule701951v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global trafficHTTP traffic detected: GET /rules/rule701950v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global trafficHTTP traffic detected: GET /rules/rule700850v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global trafficHTTP traffic detected: GET /rules/rule700851v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global trafficHTTP traffic detected: GET /rules/rule701851v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global trafficHTTP traffic detected: GET /pixel.gif?guid=71434D56-1548-ED3D-AEE6-C75AECD93BF0&version=fa.1091x&evt_src=fa_installer&evt_action=start&permision= HTTP/1.1User-Agent: NSIS_Inetc (Mozilla)Host: pcapp.storeConnection: Keep-AliveCache-Control: no-cache
Source: global trafficHTTP traffic detected: GET /rules/rule700101v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global trafficHTTP traffic detected: GET /rules/rule701850v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global trafficHTTP traffic detected: GET /rules/rule703051v3s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global trafficHTTP traffic detected: GET /rules/rule703050v3s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global trafficHTTP traffic detected: GET /rules/rule702101v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global trafficHTTP traffic detected: GET /pixel.gif?guid=71434D56-1548-ED3D-AEE6-C75AECD93BF0&version=fa.1091x&evt_src=fa_installer&evt_action=installing&e=03000200-0400-0500-0006-000700080009&u=66 HTTP/1.1User-Agent: NSIS_Inetc (Mozilla)Host: pcapp.storeConnection: Keep-AliveCache-Control: no-cache
Source: global trafficHTTP traffic detected: GET /rules/rule702100v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global trafficHTTP traffic detected: GET /rules/rule700950v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global trafficHTTP traffic detected: GET /rules/rule700100v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global trafficHTTP traffic detected: GET /rules/rule700951v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global trafficHTTP traffic detected: GET /rules/rule703551v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global trafficHTTP traffic detected: GET /rules/rule703550v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global trafficHTTP traffic detected: GET /rules/rule702700v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global trafficHTTP traffic detected: GET /rules/rule700451v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global trafficHTTP traffic detected: GET /rules/rule702701v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global trafficHTTP traffic detected: GET /rules/rule700450v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global trafficHTTP traffic detected: GET /rules/rule701901v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global trafficHTTP traffic detected: GET /rules/rule701900v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global trafficHTTP traffic detected: GET /rules/rule704001v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global trafficHTTP traffic detected: GET /rules/rule704000v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global trafficHTTP traffic detected: GET /rules/rule703251v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global trafficHTTP traffic detected: GET /rules/rule703250v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global trafficHTTP traffic detected: GET /rules/rule702400v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global trafficHTTP traffic detected: GET /rules/rule702401v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global trafficHTTP traffic detected: GET /api/api.php HTTP/1.1Host: pcapp.storeConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: */*Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: _fcid=1728048003008516; _gcl_au=1.1.1413056622.1728050423; _ga=GA1.1.1613511744.1728050423; guid=71434D56-1548-ED3D-AEE6-C75AECD93BF0; _ga_VFQWFX3X1C=GS1.1.1728050423.1.0.1728050423.60.0.0
Source: global trafficHTTP traffic detected: GET /rules/rule701550v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global trafficHTTP traffic detected: GET /rules/rule701551v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global trafficHTTP traffic detected: GET /rules/rule700301v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global trafficHTTP traffic detected: GET /rules/rule700300v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global trafficHTTP traffic detected: GET /rules/rule702001v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global trafficHTTP traffic detected: GET /rules/rule702601v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global trafficHTTP traffic detected: GET /rules/rule702600v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global trafficHTTP traffic detected: GET /rules/rule703201v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global trafficHTTP traffic detected: GET /rules/rule703200v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global trafficHTTP traffic detected: GET /rules/rule700251v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global trafficHTTP traffic detected: GET /rules/rule700250v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global trafficHTTP traffic detected: GET /rules/rule700650v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global trafficHTTP traffic detected: GET /rules/rule700651v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global trafficHTTP traffic detected: GET /rules/rule702000v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global trafficHTTP traffic detected: GET /rules/rule703301v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global trafficHTTP traffic detected: GET /rules/rule703300v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global trafficHTTP traffic detected: GET /rules/rule701751v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global trafficHTTP traffic detected: GET /rules/rule701750v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global trafficHTTP traffic detected: GET /rules/rule701651v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global trafficHTTP traffic detected: GET /rules/rule701650v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global trafficHTTP traffic detected: GET /rules/rule702451v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global trafficHTTP traffic detected: GET /rules/rule702450v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global trafficHTTP traffic detected: GET /rules/rule701101v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global trafficHTTP traffic detected: GET /rules/rule120128v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global trafficHTTP traffic detected: GET /rules/rule120603v8s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global trafficHTTP traffic detected: GET /rules/rule701100v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global trafficHTTP traffic detected: GET /api/api.php HTTP/1.1Host: pcapp.storeConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: */*Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: _fcid=1728048003008516; _gcl_au=1.1.1413056622.1728050423; _ga=GA1.1.1613511744.1728050423; guid=71434D56-1548-ED3D-AEE6-C75AECD93BF0; _ga_VFQWFX3X1C=GS1.1.1728050423.1.0.1728050423.60.0.0
Source: global trafficHTTP traffic detected: GET /rules/rule230104v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global trafficHTTP traffic detected: GET /rules/rule230158v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global trafficHTTP traffic detected: GET /rules/rule230162v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global trafficHTTP traffic detected: GET /rules/rule230157v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global trafficHTTP traffic detected: GET /rules/rule230164v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global trafficHTTP traffic detected: GET /rules/rule230165v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global trafficHTTP traffic detected: GET /rules/rule230166v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global trafficHTTP traffic detected: GET /rules/rule230167v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global trafficHTTP traffic detected: GET /rules/rule230171v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global trafficHTTP traffic detected: GET /rules/rule230168v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global trafficHTTP traffic detected: GET /rules/rule230169v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global trafficHTTP traffic detected: GET /rules/rule230170v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global trafficHTTP traffic detected: GET /rules/rule230172v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global trafficHTTP traffic detected: GET /rules/rule230173v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global trafficHTTP traffic detected: GET /rules/rule230174v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global trafficHTTP traffic detected: GET /rules/rule120119v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global trafficHTTP traffic detected: GET /rules/rule120607v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global trafficHTTP traffic detected: GET /rules/rule704101v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global trafficHTTP traffic detected: GET /rules/rule224900v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global trafficHTTP traffic detected: GET /rules/rule704201v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global trafficHTTP traffic detected: GET /rules/rule704100v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global trafficHTTP traffic detected: GET /rules/rule704200v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global trafficHTTP traffic detected: GET /rules/rule704150v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global trafficHTTP traffic detected: GET /rules/rule704151v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global trafficHTTP traffic detected: GET /rules/rule226009v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global trafficHTTP traffic detected: GET /api/api.php HTTP/1.1Host: pcapp.storeConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: */*Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: _fcid=1728048003008516; _gcl_au=1.1.1413056622.1728050423; _ga=GA1.1.1613511744.1728050423; guid=71434D56-1548-ED3D-AEE6-C75AECD93BF0; _ga_VFQWFX3X1C=GS1.1.1728050423.1.0.1728050423.60.0.0
Source: global trafficHTTP traffic detected: GET /api/api.php HTTP/1.1Host: pcapp.storeConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: */*Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: _fcid=1728048003008516; _gcl_au=1.1.1413056622.1728050423; _ga=GA1.1.1613511744.1728050423; guid=71434D56-1548-ED3D-AEE6-C75AECD93BF0; _ga_VFQWFX3X1C=GS1.1.1728050423.1.0.1728050423.60.0.0
Source: global trafficHTTP traffic detected: GET /api/api.php HTTP/1.1Host: pcapp.storeConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: */*Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: _fcid=1728048003008516; _gcl_au=1.1.1413056622.1728050423; _ga=GA1.1.1613511744.1728050423; guid=71434D56-1548-ED3D-AEE6-C75AECD93BF0; _ga_VFQWFX3X1C=GS1.1.1728050423.1.0.1728050423.60.0.0
Source: global trafficHTTP traffic detected: GET /api/api.php HTTP/1.1Host: pcapp.storeConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: */*Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: _fcid=1728048003008516; _gcl_au=1.1.1413056622.1728050423; _ga=GA1.1.1613511744.1728050423; guid=71434D56-1548-ED3D-AEE6-C75AECD93BF0; _ga_VFQWFX3X1C=GS1.1.1728050423.1.0.1728050423.60.0.0
Source: global trafficHTTP traffic detected: GET /api/api.php HTTP/1.1Host: pcapp.storeConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: */*Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: _fcid=1728048003008516; _gcl_au=1.1.1413056622.1728050423; _ga=GA1.1.1613511744.1728050423; guid=71434D56-1548-ED3D-AEE6-C75AECD93BF0; _ga_VFQWFX3X1C=GS1.1.1728050423.1.0.1728050423.60.0.0
Source: global trafficHTTP traffic detected: GET /pixel.gif?guid=71434D56-1548-ED3D-AEE6-C75AECD93BF0&version=fa.1091x&evt_src=fa_installer&evt_action=localmac&addon[]=EC-F4-BB-EA-15-88 HTTP/1.1User-Agent: NSIS_Inetc (Mozilla)Host: pcapp.storeConnection: Keep-AliveCache-Control: no-cache
Source: global trafficHTTP traffic detected: GET /pixel.gif?guid=71434D56-1548-ED3D-AEE6-C75AECD93BF0&version=fa.1091x&inst_parent=&evt_src=fa_installer&evt_action=done HTTP/1.1User-Agent: NSIS_Inetc (Mozilla)Host: pcapp.storeConnection: Keep-AliveCache-Control: no-cache
Source: global trafficHTTP traffic detected: GET /pixel.gif?guid=71434D56-1548-ED3D-AEE6-C75AECD93BF0&version=fa.1091x&evt_src=fa_product&evt_action=channel&id=-3&eng_time=1728056206325&nocache=5974703 HTTP/1.1Connection: Keep-AliveUser-Agent: WinHTTP 1.0Host: pcapp.store
Source: global trafficHTTP traffic detected: GET /api/api.php HTTP/1.1Host: pcapp.storeConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: */*Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: _fcid=1728048003008516; _gcl_au=1.1.1413056622.1728050423; _ga=GA1.1.1613511744.1728050423; guid=71434D56-1548-ED3D-AEE6-C75AECD93BF0; _ga_VFQWFX3X1C=GS1.1.1728050423.1.0.1728050423.60.0.0
Source: global trafficHTTP traffic detected: GET /p.gif?guid=71434D56-1548-ED3D-AEE6-C75AECD93BF0&version=fa.1091x&evt_src=watch_dog&evt_action=signal_event&data={"counter":0,"rid":"20241004100207.8525974062","isPCAppRunning":1,"isNWStoreRunning":0,"registryInfo":{"pcAppInAutostart":1},"filesystemInfo":{"uiFolderExists":1,"uiFilesCount":55,"nwjsFolderExists":1,"nwjsFilesCount":132,"AutoUpdaterExeExists":1,"PcAppStoreExeExists":1,"pcappstoreIcoExists":1,"UninstallerExeExists":1,"NW_storeExeExists":1,"startupFolderLnkExists":1}}&eng_time=1728056325&nocache=10553 HTTP/1.1Accept: */*UA-CPU: AMD64Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; Win64; x64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: d74queuslupub.cloudfront.netConnection: Keep-Alive
Source: global trafficHTTP traffic detected: GET /p.gif?guid=71434D56-1548-ED3D-AEE6-C75AECD93BF0&version=fa.1091x&evt_src=watch_dog&evt_action=signal_event&data={"counter":1,"rid":"20241004100207.8525974062","isPCAppRunning":1,"isNWStoreRunning":0,"registryInfo":{"pcAppInAutostart":1},"filesystemInfo":{"uiFolderExists":1,"uiFilesCount":55,"nwjsFolderExists":1,"nwjsFilesCount":132,"AutoUpdaterExeExists":1,"PcAppStoreExeExists":1,"pcappstoreIcoExists":1,"UninstallerExeExists":1,"NW_storeExeExists":1,"startupFolderLnkExists":1}}&eng_time=1728059084&nocache=15059 HTTP/1.1Accept: */*UA-CPU: AMD64Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; Win64; x64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: d74queuslupub.cloudfront.netConnection: Keep-Alive
Source: global trafficHTTP traffic detected: GET /p.gif?guid=71434D56-1548-ED3D-AEE6-C75AECD93BF0&version=fa.1091x&evt_src=watch_dog&evt_action=signal_event&data={"counter":2,"rid":"20241004100207.8525974062","isPCAppRunning":1,"isNWStoreRunning":0,"registryInfo":{"pcAppInAutostart":1},"filesystemInfo":{"uiFolderExists":1,"uiFilesCount":55,"nwjsFolderExists":1,"nwjsFilesCount":132,"AutoUpdaterExeExists":1,"PcAppStoreExeExists":1,"pcappstoreIcoExists":1,"UninstallerExeExists":1,"NW_storeExeExists":1,"startupFolderLnkExists":1}}&eng_time=1728061363&nocache=18785 HTTP/1.1Accept: */*UA-CPU: AMD64Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; Win64; x64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: d74queuslupub.cloudfront.netConnection: Keep-Alive
Source: global trafficHTTP traffic detected: GET /api/api.php HTTP/1.1Host: pcapp.storeConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: */*Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: _fcid=1728048003008516; _gcl_au=1.1.1413056622.1728050423; _ga=GA1.1.1613511744.1728050423; guid=71434D56-1548-ED3D-AEE6-C75AECD93BF0; _ga_VFQWFX3X1C=GS1.1.1728050423.1.0.1728050423.60.0.0
Source: global trafficHTTP traffic detected: GET /p.gif?guid=71434D56-1548-ED3D-AEE6-C75AECD93BF0&version=fa.1091x&evt_src=watch_dog&evt_action=signal_event&data={"counter":3,"rid":"20241004100207.8525974062","isPCAppRunning":1,"isNWStoreRunning":0,"registryInfo":{"pcAppInAutostart":1},"filesystemInfo":{"uiFolderExists":1,"uiFilesCount":55,"nwjsFolderExists":1,"nwjsFilesCount":132,"AutoUpdaterExeExists":1,"PcAppStoreExeExists":1,"pcappstoreIcoExists":1,"UninstallerExeExists":1,"NW_storeExeExists":1,"startupFolderLnkExists":1}}&eng_time=1728063402&nocache=22116 HTTP/1.1Accept: */*UA-CPU: AMD64Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; Win64; x64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: d74queuslupub.cloudfront.netConnection: Keep-Alive
Source: global trafficHTTP traffic detected: GET /p.gif?guid=71434D56-1548-ED3D-AEE6-C75AECD93BF0&version=fa.1091x&evt_src=watch_dog&evt_action=signal_event&data={"counter":4,"rid":"20241004100207.8525974062","isPCAppRunning":1,"isNWStoreRunning":0,"registryInfo":{"pcAppInAutostart":1},"filesystemInfo":{"uiFolderExists":1,"uiFilesCount":55,"nwjsFolderExists":1,"nwjsFilesCount":132,"AutoUpdaterExeExists":1,"PcAppStoreExeExists":1,"pcappstoreIcoExists":1,"UninstallerExeExists":1,"NW_storeExeExists":1,"startupFolderLnkExists":1}}&eng_time=1728065320&nocache=25251 HTTP/1.1Accept: */*UA-CPU: AMD64Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; Win64; x64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: d74queuslupub.cloudfront.netConnection: Keep-Alive
Source: global trafficHTTP traffic detected: GET /api/api.php HTTP/1.1Host: pcapp.storeConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: */*Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: _fcid=1728048003008516; _gcl_au=1.1.1413056622.1728050423; _ga=GA1.1.1613511744.1728050423; guid=71434D56-1548-ED3D-AEE6-C75AECD93BF0; _ga_VFQWFX3X1C=GS1.1.1728050423.1.0.1728050423.60.0.0
Source: global trafficDNS traffic detected: DNS query: pcapp.store
Source: global trafficDNS traffic detected: DNS query: delivery.pcapp.store
Source: global trafficDNS traffic detected: DNS query: repository.pcapp.store
Source: global trafficDNS traffic detected: DNS query: google.com
Source: global trafficDNS traffic detected: DNS query: www.google.com
Source: global trafficDNS traffic detected: DNS query: googleads.g.doubleclick.net
Source: global trafficDNS traffic detected: DNS query: td.doubleclick.net
Source: global trafficDNS traffic detected: DNS query: analytics.google.com
Source: global trafficDNS traffic detected: DNS query: stats.g.doubleclick.net
Source: global trafficDNS traffic detected: DNS query: 206.23.85.13.in-addr.arpa
Source: global trafficDNS traffic detected: DNS query: 197.87.175.4.in-addr.arpa
Source: global trafficDNS traffic detected: DNS query: d74queuslupub.cloudfront.net
Source: unknownHTTP traffic detected: POST /inst_cpg.php?guid=71434D56-1548-ED3D-AEE6-C75AECD93BF0&_fcid=1728048003008516&version=fa.1091x&src=pcapp_mini&uc=16le HTTP/1.1Content-Type: application/jsonUser-Agent: NSIS_wininetHost: pcapp.storeContent-Length: 2904Cache-Control: no-cache
Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Fri, 04 Oct 2024 14:00:26 GMTContent-Type: text/html; charset=UTF-8Transfer-Encoding: chunkedConnection: closeVary: Accept-EncodingVary: Accept-Encoding
Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Fri, 04 Oct 2024 14:00:27 GMTContent-Type: text/html; charset=UTF-8Transfer-Encoding: chunkedConnection: closeVary: Accept-EncodingVary: Accept-Encoding
Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Fri, 04 Oct 2024 14:00:30 GMTContent-Type: text/html; charset=UTF-8Transfer-Encoding: chunkedConnection: closeVary: Accept-EncodingVary: Accept-Encoding
Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Fri, 04 Oct 2024 14:00:35 GMTContent-Type: text/html; charset=UTF-8Transfer-Encoding: chunkedConnection: closeVary: Accept-EncodingVary: Accept-Encoding
Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Fri, 04 Oct 2024 14:00:40 GMTContent-Type: text/html; charset=UTF-8Transfer-Encoding: chunkedConnection: closeVary: Accept-EncodingVary: Accept-Encoding
Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Fri, 04 Oct 2024 14:00:45 GMTContent-Type: text/html; charset=UTF-8Transfer-Encoding: chunkedConnection: closeVary: Accept-EncodingVary: Accept-Encoding
Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Fri, 04 Oct 2024 14:00:50 GMTContent-Type: text/html; charset=UTF-8Transfer-Encoding: chunkedConnection: closeVary: Accept-EncodingVary: Accept-Encoding
Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Fri, 04 Oct 2024 14:00:55 GMTContent-Type: text/html; charset=UTF-8Transfer-Encoding: chunkedConnection: closeVary: Accept-EncodingVary: Accept-Encoding
Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Fri, 04 Oct 2024 14:01:00 GMTContent-Type: text/html; charset=UTF-8Transfer-Encoding: chunkedConnection: closeVary: Accept-EncodingVary: Accept-Encoding
Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Fri, 04 Oct 2024 14:01:05 GMTContent-Type: text/html; charset=UTF-8Transfer-Encoding: chunkedConnection: closeVary: Accept-EncodingVary: Accept-Encoding
Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Fri, 04 Oct 2024 14:01:10 GMTContent-Type: text/html; charset=UTF-8Transfer-Encoding: chunkedConnection: closeVary: Accept-EncodingVary: Accept-Encoding
Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Fri, 04 Oct 2024 14:01:15 GMTContent-Type: text/html; charset=UTF-8Transfer-Encoding: chunkedConnection: closeVary: Accept-EncodingVary: Accept-Encoding
Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Fri, 04 Oct 2024 14:01:20 GMTContent-Type: text/html; charset=UTF-8Transfer-Encoding: chunkedConnection: closeVary: Accept-EncodingVary: Accept-Encoding
Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Fri, 04 Oct 2024 14:01:25 GMTContent-Type: text/html; charset=UTF-8Transfer-Encoding: chunkedConnection: closeVary: Accept-EncodingVary: Accept-Encoding
Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Fri, 04 Oct 2024 14:01:30 GMTContent-Type: text/html; charset=UTF-8Transfer-Encoding: chunkedConnection: closeVary: Accept-EncodingVary: Accept-Encoding
Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Fri, 04 Oct 2024 14:01:35 GMTContent-Type: text/html; charset=UTF-8Transfer-Encoding: chunkedConnection: closeVary: Accept-EncodingVary: Accept-Encoding
Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Fri, 04 Oct 2024 14:01:40 GMTContent-Type: text/html; charset=UTF-8Transfer-Encoding: chunkedConnection: closeVary: Accept-EncodingVary: Accept-Encoding
Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Fri, 04 Oct 2024 14:01:45 GMTContent-Type: text/html; charset=UTF-8Transfer-Encoding: chunkedConnection: closeVary: Accept-EncodingVary: Accept-Encoding
Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Fri, 04 Oct 2024 14:01:50 GMTContent-Type: text/html; charset=UTF-8Transfer-Encoding: chunkedConnection: closeVary: Accept-EncodingVary: Accept-Encoding
Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Fri, 04 Oct 2024 14:01:55 GMTContent-Type: text/html; charset=UTF-8Transfer-Encoding: chunkedConnection: closeVary: Accept-EncodingVary: Accept-Encoding
Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Fri, 04 Oct 2024 14:02:00 GMTContent-Type: text/html; charset=UTF-8Transfer-Encoding: chunkedConnection: closeVary: Accept-EncodingVary: Accept-Encoding
Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Fri, 04 Oct 2024 14:02:05 GMTContent-Type: text/html; charset=UTF-8Transfer-Encoding: chunkedConnection: closeVary: Accept-EncodingVary: Accept-Encoding
Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Fri, 04 Oct 2024 14:02:10 GMTContent-Type: text/html; charset=UTF-8Transfer-Encoding: chunkedConnection: closeVary: Accept-EncodingVary: Accept-Encoding
Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Fri, 04 Oct 2024 14:02:15 GMTContent-Type: text/html; charset=UTF-8Transfer-Encoding: chunkedConnection: closeVary: Accept-EncodingVary: Accept-Encoding
Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Fri, 04 Oct 2024 14:02:20 GMTContent-Type: text/html; charset=UTF-8Transfer-Encoding: chunkedConnection: closeVary: Accept-EncodingVary: Accept-Encoding
Source: Setup.exeString found in binary or memory: http://cacerts.digicert.com/DigiCertAssuredIDRootCA.crt0E
Source: explorer.exe, 0000000E.00000002.3108337133.000000000982D000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 0000000E.00000000.2992360703.00000000079FB000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 0000000E.00000000.2997571470.000000000982D000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 0000000E.00000002.3075310275.00000000079FB000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://cacerts.digicert.com/DigiCertGlobalRootG2.crt0
Source: Setup.exeString found in binary or memory: http://cacerts.digicert.com/DigiCertTrustedG4CodeSigningRSA4096SHA3842021CA1.crt0
Source: Setup.exeString found in binary or memory: http://cacerts.digicert.com/DigiCertTrustedG4RSA4096SHA256TimeStampingCA.crt0
Source: Setup.exeString found in binary or memory: http://cacerts.digicert.com/DigiCertTrustedRootG4.crt0C
Source: node.dll.11.drString found in binary or memory: http://code.google.com/p/closure-compiler/wiki/SourceMaps
Source: PcAppStore.exe, 0000000C.00000002.3059751958.0000028CE8151000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl.mic
Source: Setup.exeString found in binary or memory: http://crl3.digicert.com/DigiCertAssuredIDRootCA.crl0
Source: explorer.exe, 0000000E.00000002.3108337133.000000000982D000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 0000000E.00000000.2992360703.00000000079FB000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 0000000E.00000000.2997571470.000000000982D000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 0000000E.00000002.3075310275.00000000079FB000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://crl3.digicert.com/DigiCertGlobalRootG2.crl07
Source: Setup.exeString found in binary or memory: http://crl3.digicert.com/DigiCertTrustedG4CodeSigningRSA4096SHA3842021CA1.crl0S
Source: Setup.exeString found in binary or memory: http://crl3.digicert.com/DigiCertTrustedG4RSA4096SHA256TimeStampingCA.crl0
Source: Setup.exeString found in binary or memory: http://crl3.digicert.com/DigiCertTrustedRootG4.crl0
Source: explorer.exe, 0000000E.00000002.3108337133.000000000982D000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 0000000E.00000000.2992360703.00000000079FB000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 0000000E.00000000.2997571470.000000000982D000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 0000000E.00000002.3075310275.00000000079FB000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://crl4.digicert.com/DigiCertGlobalRootG2.crl0
Source: Setup.exeString found in binary or memory: http://crl4.digicert.com/DigiCertTrustedG4CodeSigningRSA4096SHA3842021CA1.crl0
Source: node.dll.11.drString found in binary or memory: http://marijnhaverbeke.nl/git/acorn
Source: node.dll.11.drString found in binary or memory: http://narwhaljs.org)
Source: Setup.exeString found in binary or memory: http://nsis.sf.net/NSIS_ErrorError
Source: Setup.exeString found in binary or memory: http://ocsp.digicert.com0
Source: Setup.exeString found in binary or memory: http://ocsp.digicert.com0A
Source: Setup.exeString found in binary or memory: http://ocsp.digicert.com0C
Source: Setup.exeString found in binary or memory: http://ocsp.digicert.com0X
Source: explorer.exe, 0000000E.00000000.2992360703.00000000078AD000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 0000000E.00000002.3075310275.00000000078AD000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://ocsp.digicert.comhttp://crl3.digicert.com/DigiCertGlobalRootG2.crlhttp://crl4.digicert.com/Di
Source: explorer.exe, 0000000E.00000000.2996471283.0000000008720000.00000002.00000001.00040000.00000000.sdmp, explorer.exe, 0000000E.00000000.2995759088.0000000007F40000.00000002.00000001.00040000.00000000.sdmp, explorer.exe, 0000000E.00000002.3117852812.0000000009B60000.00000002.00000001.00040000.00000000.sdmpString found in binary or memory: http://schemas.micro
Source: node.dll.11.drString found in binary or memory: http://src.chromium.org/viewvc/blink/trunk/Source/devtools/front_end/SourceMap.js
Source: node.dll.11.drString found in binary or memory: http://userguide.icu-project.org/strings/properties
Source: node.dll.11.drString found in binary or memory: http://www.apache.org/licenses/LICENSE-2.0
Source: Setup.exeString found in binary or memory: http://www.digicert.com/CPS0
Source: node.dll.11.drString found in binary or memory: http://www.midnight-commander.org/browser/lib/tty/key.c
Source: node.dll.11.drString found in binary or memory: http://www.squid-cache.org/Doc/config/half_closed_clients/
Source: explorer.exe, 0000000E.00000000.3030957464.000000000C5AA000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 0000000E.00000002.3122793853.000000000C5AA000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://activity.windows.com/UserActivity.ReadWrite.CreatedByAppie
Source: explorer.exe, 0000000E.00000000.2992360703.00000000079FB000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 0000000E.00000002.3075310275.00000000079FB000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://aka.ms/Vh5j3k
Source: explorer.exe, 0000000E.00000000.2992360703.00000000079FB000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 0000000E.00000002.3075310275.00000000079FB000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://aka.ms/odirmr
Source: explorer.exe, 0000000E.00000002.3122793853.000000000C54A000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 0000000E.00000000.3030957464.000000000C5AA000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 0000000E.00000000.3030957464.000000000C54A000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 0000000E.00000002.3122793853.000000000C5AA000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://android.notify.windows.com/iOS
Source: explorer.exe, 0000000E.00000002.3122793853.000000000C54A000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 0000000E.00000000.3030957464.000000000C54A000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://android.notify.windows.com/iOSd
Source: explorer.exe, 0000000E.00000002.3108337133.00000000097D4000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 0000000E.00000000.2997571470.00000000097D4000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://api.msn.com/
Source: explorer.exe, 0000000E.00000002.3108337133.00000000097D4000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 0000000E.00000000.2997571470.00000000097D4000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://api.msn.com/q
Source: explorer.exe, 0000000E.00000000.2976851999.0000000001240000.00000004.00000020.00020000.00000000.sdmp, explorer.exe, 0000000E.00000000.2978829878.0000000003700000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 0000000E.00000002.3062139591.0000000003700000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 0000000E.00000002.3057199415.0000000001240000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://api.msn.com/v1/News/Feed/Windows?apikey=qrUeHGGYvVowZJuHA3XaH0uUvg1ZJ0GUZnXk3mxxPF&ocid=wind
Source: explorer.exe, 0000000E.00000002.3108337133.00000000096DF000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 0000000E.00000000.2997571470.00000000096DF000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://api.msn.com/v1/news/Feed/Windows?&
Source: explorer.exe, 0000000E.00000000.2992360703.0000000007900000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 0000000E.00000002.3075310275.0000000007900000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://api.msn.com/v1/news/Feed/Windows?activityId=0CC40BF291614022B7DF6E2143E8A6AF&timeOut=5000&oc
Source: explorer.exe, 0000000E.00000000.2992360703.0000000007900000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 0000000E.00000002.3108337133.00000000097D4000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 0000000E.00000002.3075310275.0000000007900000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 0000000E.00000000.2997571470.00000000097D4000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://api.msn.com:443/v1/news/Feed/Windows?
Source: explorer.exe, 0000000E.00000002.3108337133.00000000096DF000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 0000000E.00000000.2997571470.00000000096DF000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://arc.msn.comi
Source: explorer.exe, 0000000E.00000002.3075310275.0000000007900000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://assets.msn.com/staticsb/statics/latest/traffic/Notification/desktop/svg/RoadHazard.svg
Source: explorer.exe, 0000000E.00000002.3075310275.0000000007900000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://assets.msn.com/weathermapdata/1/static/finance/1stparty/FinanceTaskbarIcons/Finance_Earnings
Source: explorer.exe, 0000000E.00000002.3075310275.0000000007900000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://assets.msn.com/weathermapdata/1/static/weather/Icons/JyNGQgA=/Condition/AAehR3S.svg
Source: explorer.exe, 0000000E.00000000.2992360703.0000000007900000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 0000000E.00000002.3075310275.0000000007900000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://assets.msn.com/weathermapdata/1/static/weather/Icons/JyNGQgA=/Teaser/humidity.svg
Source: node.dll.11.drString found in binary or memory: https://bugs.chromium.org/p/v8/issues/detail?id=10201
Source: node.dll.11.drString found in binary or memory: https://bugzilla.mozilla.org/show_bug.cgi?id=745678
Source: explorer.exe, 0000000E.00000000.2992360703.0000000007900000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 0000000E.00000002.3075310275.0000000007900000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://cdn.query.prod.cms.msn.com/cms/api/amp/binary/AA13f2DV
Source: explorer.exe, 0000000E.00000000.2992360703.0000000007900000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 0000000E.00000002.3075310275.0000000007900000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://cdn.query.prod.cms.msn.com/cms/api/amp/binary/AA13f2DV-dark
Source: explorer.exe, 0000000E.00000000.2992360703.00000000078AD000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 0000000E.00000002.3075310275.00000000078AD000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://cdn.query.prod.cms.msn.com/cms/api/amp/binary/AA13gHZu
Source: explorer.exe, 0000000E.00000000.2992360703.00000000078AD000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 0000000E.00000002.3075310275.00000000078AD000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://cdn.query.prod.cms.msn.com/cms/api/amp/binary/AA13gHZu-dark
Source: explorer.exe, 0000000E.00000000.2992360703.0000000007900000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 0000000E.00000002.3075310275.0000000007900000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://cdn.query.prod.cms.msn.com/cms/api/amp/binary/AA13gMeu
Source: explorer.exe, 0000000E.00000000.2992360703.0000000007900000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 0000000E.00000002.3075310275.0000000007900000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://cdn.query.prod.cms.msn.com/cms/api/amp/binary/AA13gMeu-dark
Source: explorer.exe, 0000000E.00000000.2992360703.0000000007900000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 0000000E.00000002.3075310275.0000000007900000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://cdn.query.prod.cms.msn.com/cms/api/amp/binary/AA13gTUY
Source: explorer.exe, 0000000E.00000000.2992360703.0000000007900000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 0000000E.00000002.3075310275.0000000007900000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://cdn.query.prod.cms.msn.com/cms/api/amp/binary/AA13gTUY-dark
Source: nsr7B99.tmp, 0000000B.00000002.3118453750.0000000002839000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://chrome.google.com/webstore/category/extensions
Source: nsr7B99.tmp, 0000000B.00000002.3118453750.0000000002F98000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://chrome.google.com/webstore?hl=th&category=theme81https://myactivity.google.com/myactivity/?u
Source: nsr7B99.tmp, 0000000B.00000002.3118453750.0000000002839000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://chrome.google.com/webstore?hl=tr&category=theme81https://myactivity.google.com/myactivity/?u
Source: nsr7B99.tmp, 0000000B.00000002.3118453750.0000000002839000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://chrome.google.com/webstore?hl=trCtrl$1
Source: nsr7B99.tmp, 0000000B.00000002.3118453750.0000000002839000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://chrome.google.com/webstore?hl=uk&category=theme81https://myactivity.google.com/myactivity/?u
Source: nsr7B99.tmp, 0000000B.00000002.3118453750.0000000002839000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://chrome.google.com/webstore?hl=ukCtrl$1
Source: nsr7B99.tmp, 0000000B.00000002.3118453750.0000000002839000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://chrome.google.com/webstore?hl=ur&category=theme81https://myactivity.google.com/myactivity/?u
Source: nsr7B99.tmp, 0000000B.00000002.3118453750.0000000002839000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://chrome.google.com/webstore?hl=urCtrl$2
Source: nsr7B99.tmp, 0000000B.00000002.3118453750.0000000002839000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://chrome.google.com/webstore?hl=vi&category=theme81https://myactivity.google.com/myactivity/?u
Source: nsr7B99.tmp, 0000000B.00000002.3118453750.0000000002839000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://chrome.google.com/webstore?hl=viCtrl$1
Source: nsr7B99.tmp, 0000000B.00000002.3118453750.0000000002839000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://chrome.google.com/webstore?hl=zh-CN&category=theme81https://myactivity.google.com/myactivity
Source: nsr7B99.tmp, 0000000B.00000002.3118453750.0000000002839000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://chrome.google.com/webstore?hl=zh-CNCtrl$1
Source: nsr7B99.tmp, 0000000B.00000002.3118453750.0000000002839000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://chrome.google.com/webstore?hl=zh-TW&category=theme81https://myactivity.google.com/myactivity
Source: nsr7B99.tmp, 0000000B.00000002.3118453750.0000000002839000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://chrome.google.com/webstore?hl=zh-TWCtrl$1
Source: nsr7B99.tmp, 0000000B.00000002.3118453750.0000000002839000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://chromeenterprise.google/policies/#BrowserSwitcherEnabled
Source: nsr7B99.tmp, 0000000B.00000002.3118453750.0000000002839000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://chromeenterprise.google/policies/#BrowserSwitcherExternalGreylistUrl
Source: nsr7B99.tmp, 0000000B.00000002.3118453750.0000000002839000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://chromeenterprise.google/policies/#BrowserSwitcherExternalSitelistUrl
Source: nsr7B99.tmp, 0000000B.00000002.3118453750.0000000002839000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://chromeenterprise.google/policies/#BrowserSwitcherUrlGreylist
Source: nsr7B99.tmp, 0000000B.00000002.3118453750.0000000002839000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://chromeenterprise.google/policies/#BrowserSwitcherUrlList
Source: nsr7B99.tmp, 0000000B.00000002.3118453750.0000000002839000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://chromeenterprise.google/policies/#BrowserSwitcherUseIeSitelist
Source: nsr7B99.tmp, 0000000B.00000002.3118453750.0000000002839000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://chromestatus.com/features#browsers.chrome.status%3A%22Deprecated%22
Source: node.dll.11.drString found in binary or memory: https://code.google.com/p/chromium/issues/detail?id=25916
Source: node.dll.11.drString found in binary or memory: https://console.spec.whatwg.org/#clear
Source: node.dll.11.drString found in binary or memory: https://console.spec.whatwg.org/#console-namespace
Source: node.dll.11.drString found in binary or memory: https://console.spec.whatwg.org/#count
Source: node.dll.11.drString found in binary or memory: https://console.spec.whatwg.org/#count-map
Source: node.dll.11.drString found in binary or memory: https://console.spec.whatwg.org/#countreset
Source: node.dll.11.drString found in binary or memory: https://console.spec.whatwg.org/#table
Source: node.dll.11.drString found in binary or memory: https://crbug.com/v8/7848
Source: node.dll.11.drString found in binary or memory: https://cs.chromium.org/chromium/src/v8/tools/SourceMap.js?rcl=dd10454c1d
Source: Watchdog.exe, 0000000D.00000002.3059218606.000002B7C5C8C000.00000004.00000020.00020000.00000000.sdmp, Watchdog.exe, 0000000D.00000002.3059218606.000002B7C5CF7000.00000004.00000020.00020000.00000000.sdmp, Watchdog.exe, 0000000D.00000003.3004378739.000002B7C5CB3000.00000004.00000020.00020000.00000000.sdmp, Watchdog.exe, 0000000D.00000002.3061849410.000002B7C7A70000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://d74queuslupub.cloudfront.net/
Source: Watchdog.exe, 0000000D.00000002.3061849410.000002B7C7A70000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://d74queuslupub.cloudfront.net/PCAppStore
Source: Watchdog.exe, 0000000D.00000002.3061849410.000002B7C7A70000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://d74queuslupub.cloudfront.net/ata
Source: Watchdog.exe, 0000000D.00000002.3059218606.000002B7C5C8C000.00000004.00000020.00020000.00000000.sdmp, Watchdog.exe, 0000000D.00000003.3004378739.000002B7C5CB3000.00000004.00000020.00020000.00000000.sdmp, Watchdog.exe, 0000000D.00000003.3004378739.000002B7C5CF7000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://d74queuslupub.cloudfront.net/c
Source: Watchdog.exe, 0000000D.00000002.3061849410.000002B7C7A70000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://d74queuslupub.cloudfront.net/p.gif?guid=%ws&version=%ws&evt_src=watch_dog&evt_action=signal_
Source: Watchdog.exe, 0000000D.00000002.3061849410.000002B7C7A70000.00000004.00000020.00020000.00000000.sdmp, Watchdog.exe, 0000000D.00000003.3004011272.000002B7C7A78000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://d74queuslupub.cloudfront.net/p.gif?guid=71434D56-1548-ED3D-AEE6-C75AECD93BF0&version=fa.1091
Source: node.dll.11.drString found in binary or memory: https://datatracker.ietf.org/doc/html/rfc7230#section-5.4
Source: node.dll.11.drString found in binary or memory: https://datatracker.ietf.org/doc/html/rfc7231#section-6.4
Source: node.dll.11.drString found in binary or memory: https://datatracker.ietf.org/doc/html/rfc7238
Source: Setup.exe, 00000000.00000002.2581408056.00000000004BA000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://delivery.pcapp.store/
Source: Setup.exe, 00000000.00000003.2578689908.0000000002F23000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://delivery.pcapp.store/download.php?&src=mini_installer&file=1&mini_K
Source: Setup.exe, 00000000.00000002.2581408056.00000000004E6000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://delivery.pcapp.store/download.php?&src=mini_installer&file=1&mini_ver=&evt_src=fa_mini_insta
Source: Setup.exe, 00000000.00000002.2581156480.0000000000436000.00000004.00000001.01000000.00000003.sdmpString found in binary or memory: https://delivery.pcapp.store/download.php?&src=mini_installer&file=1&mini_ver=ersion=fa.1091x&src=pc
Source: Setup.exe, 00000000.00000002.2581590349.0000000000534000.00000004.00000020.00020000.00000000.sdmp, Setup.exe, 00000000.00000003.2579490168.0000000000533000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://delivery.pcapp.store/download.php?&src=mini_installer&file=1&mini_ver=fa.1091x
Source: Setup.exe, 00000000.00000002.2581590349.0000000000534000.00000004.00000020.00020000.00000000.sdmp, Setup.exe, 00000000.00000003.2579490168.0000000000533000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://delivery.pcapp.store/download.php?&src=mini_installer&file=1&mini_ver=fa.1091x#(
Source: node.dll.11.drString found in binary or memory: https://developer.mozilla.org/en-US/docs/SpiderMonkey/Parser_API
Source: node.dll.11.drString found in binary or memory: https://developer.mozilla.org/en-US/docs/Web/API/PerformanceResourceTiming
Source: node.dll.11.drString found in binary or memory: https://developer.mozilla.org/en-US/docs/Web/JavaScript/Equality_comparisons_and_sameness#Loose_equa
Source: node.dll.11.drString found in binary or memory: https://dom.spec.whatwg.org/#interface-abortcontroller
Source: node.dll.11.drString found in binary or memory: https://dom.spec.whatwg.org/#interface-eventtarget
Source: node.dll.11.drString found in binary or memory: https://encoding.spec.whatwg.org
Source: node.dll.11.drString found in binary or memory: https://encoding.spec.whatwg.org/#encode-and-enqueue-a-chunk
Source: node.dll.11.drString found in binary or memory: https://encoding.spec.whatwg.org/#encode-and-flush
Source: node.dll.11.drString found in binary or memory: https://encoding.spec.whatwg.org/#textdecoder
Source: node.dll.11.drString found in binary or memory: https://encoding.spec.whatwg.org/#textencoder
Source: node.dll.11.drString found in binary or memory: https://esdiscuss.org/topic/isconstructor#content-11
Source: nsr7B99.tmp, 0000000B.00000002.3118453750.0000000002C2B000.00000004.00000020.00020000.00000000.sdmp, PcAppStore.exe, 0000000C.00000002.3060819819.00007FF751C94000.00000002.00000001.01000000.00000014.sdmp, PcAppStore.exe, 0000000C.00000000.2963791742.00007FF751C94000.00000002.00000001.01000000.00000014.sdmpString found in binary or memory: https://ev.pcapp.store/p.gifbhistdata=ev.pcapp.store/p.gifbhistproductmain=%d&offer=%d&start_menu=%d
Source: explorer.exe, 0000000E.00000000.3030957464.000000000C5AA000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 0000000E.00000002.3122793853.000000000C5AA000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://excel.office.com
Source: node.dll.11.drString found in binary or memory: https://fetch.spec.whatwg.org/
Source: node.dll.11.drString found in binary or memory: https://fetch.spec.whatwg.org/#concept-header-list-append
Source: node.dll.11.drString found in binary or memory: https://fetch.spec.whatwg.org/#concept-header-list-delete
Source: node.dll.11.drString found in binary or memory: https://fetch.spec.whatwg.org/#concept-header-list-get
Source: node.dll.11.drString found in binary or memory: https://fetch.spec.whatwg.org/#concept-header-list-set
Source: node.dll.11.drString found in binary or memory: https://fetch.spec.whatwg.org/#concept-header-list-sort-and-combine
Source: node.dll.11.drString found in binary or memory: https://fetch.spec.whatwg.org/#concept-request-mode
Source: node.dll.11.drString found in binary or memory: https://fetch.spec.whatwg.org/#dom-headers-append
Source: node.dll.11.drString found in binary or memory: https://fetch.spec.whatwg.org/#dom-headers-delete
Source: node.dll.11.drString found in binary or memory: https://fetch.spec.whatwg.org/#dom-headers-get
Source: node.dll.11.drString found in binary or memory: https://fetch.spec.whatwg.org/#dom-headers-getsetcookie
Source: node.dll.11.drString found in binary or memory: https://fetch.spec.whatwg.org/#dom-headers-has
Source: node.dll.11.drString found in binary or memory: https://fetch.spec.whatwg.org/#dom-headers-set
Source: node.dll.11.drString found in binary or memory: https://fetch.spec.whatwg.org/#dom-request
Source: node.dll.11.drString found in binary or memory: https://fetch.spec.whatwg.org/#dom-response
Source: node.dll.11.drString found in binary or memory: https://fetch.spec.whatwg.org/#dom-response-json
Source: node.dll.11.drString found in binary or memory: https://fetch.spec.whatwg.org/#fetch-controller-abort
Source: node.dll.11.drString found in binary or memory: https://fetch.spec.whatwg.org/#fetch-timing-info
Source: node.dll.11.drString found in binary or memory: https://fetch.spec.whatwg.org/#header-list-contains
Source: node.dll.11.drString found in binary or memory: https://fetch.spec.whatwg.org/#http-whitespace
Source: node.dll.11.drString found in binary or memory: https://fetch.spec.whatwg.org/#requestcache
Source: node.dll.11.drString found in binary or memory: https://fetch.spec.whatwg.org/#requestcredentials
Source: node.dll.11.drString found in binary or memory: https://fetch.spec.whatwg.org/#requestredirect
Source: node.dll.11.drString found in binary or memory: https://gist.github.com/XVilka/8346728#gistcomment-2823421
Source: node.dll.11.drString found in binary or memory: https://github.com/WICG/scheduling-apis
Source: node.dll.11.drString found in binary or memory: https://github.com/WebAssembly/esm-integration/issues/42
Source: node.dll.11.drString found in binary or memory: https://github.com/acornjs/acorn.git
Source: node.dll.11.drString found in binary or memory: https://github.com/acornjs/acorn/blob/master/acorn/src/identifier.js#L23
Source: node.dll.11.drString found in binary or memory: https://github.com/acornjs/acorn/issues
Source: node.dll.11.drString found in binary or memory: https://github.com/acornjs/acorn/issues/575
Source: node.dll.11.drString found in binary or memory: https://github.com/addaleax/eventemitter-asyncresource
Source: node.dll.11.drString found in binary or memory: https://github.com/chalk/ansi-regex/blob/HEAD/index.js
Source: node.dll.11.drString found in binary or memory: https://github.com/chalk/supports-color
Source: node.dll.11.drString found in binary or memory: https://github.com/chromium/chromium/blob/HEAD/third_party/blink/public/platform/web_crypto_algorith
Source: node.dll.11.drString found in binary or memory: https://github.com/da-x/rxvt-unicode/tree/v9.22-with-24bit-color
Source: node.dll.11.drString found in binary or memory: https://github.com/denoland/deno
Source: node.dll.11.drString found in binary or memory: https://github.com/denoland/deno/blob/main/LICENSE.md.
Source: node.dll.11.drString found in binary or memory: https://github.com/denoland/deno/blob/v1.29.1/ext/crypto/00_crypto.js#L195
Source: node.dll.11.drString found in binary or memory: https://github.com/estree/estree/blob/a27003adf4fd7bfad44de9cef372a2eacd527b1c/es5.md#regexpliteral
Source: node.dll.11.drString found in binary or memory: https://github.com/google/caja/blob/HEAD/src/com/google/caja/ses/repairES5.js
Source: node.dll.11.drString found in binary or memory: https://github.com/google/caja/blob/HEAD/src/com/google/caja/ses/startSES.js
Source: node.dll.11.drString found in binary or memory: https://github.com/google/closure-compiler/wiki/Source-Maps
Source: node.dll.11.drString found in binary or memory: https://github.com/heycam/webidl/pull/946.
Source: node.dll.11.drString found in binary or memory: https://github.com/isaacs/color-support.
Source: node.dll.11.drString found in binary or memory: https://github.com/joyent/node/issues/3295.
Source: node.dll.11.drString found in binary or memory: https://github.com/jsdom/webidl-conversions
Source: node.dll.11.drString found in binary or memory: https://github.com/jsdom/webidl-conversions/blob/master/LICENSE.md.
Source: node.dll.11.drString found in binary or memory: https://github.com/libuv/libuv/pull/1501.
Source: node.dll.11.drString found in binary or memory: https://github.com/mafintosh/end-of-stream
Source: node.dll.11.drString found in binary or memory: https://github.com/mafintosh/pump
Source: node.dll.11.drString found in binary or memory: https://github.com/mozilla/sweet.js/wiki/design
Source: node.dll.11.drString found in binary or memory: https://github.com/mysticatea/abort-controller
Source: node.dll.11.drString found in binary or memory: https://github.com/nodejs/node-v0.x-archive/issues/2876.
Source: node.dll.11.drString found in binary or memory: https://github.com/nodejs/node/blob/b27ae24dcc4251bad726d9d84baf678d1f707fed/lib/internal/structured
Source: node.dll.11.drString found in binary or memory: https://github.com/nodejs/node/commit/ec2822adaad76b126b5cccdeaa1addf2376c9aa6
Source: node.dll.11.drString found in binary or memory: https://github.com/nodejs/node/commit/f7620fb96d339f704932f9bb9a0dceb9952df2d4
Source: node.dll.11.drString found in binary or memory: https://github.com/nodejs/node/issues
Source: node.dll.11.drString found in binary or memory: https://github.com/nodejs/node/issues/10673
Source: node.dll.11.drString found in binary or memory: https://github.com/nodejs/node/issues/13435
Source: node.dll.11.drString found in binary or memory: https://github.com/nodejs/node/issues/19009
Source: node.dll.11.drString found in binary or memory: https://github.com/nodejs/node/issues/2006
Source: node.dll.11.drString found in binary or memory: https://github.com/nodejs/node/issues/2119
Source: node.dll.11.drString found in binary or memory: https://github.com/nodejs/node/issues/3392
Source: node.dll.11.drString found in binary or memory: https://github.com/nodejs/node/issues/34532
Source: node.dll.11.drString found in binary or memory: https://github.com/nodejs/node/issues/35452
Source: node.dll.11.drString found in binary or memory: https://github.com/nodejs/node/issues/35475
Source: node.dll.11.drString found in binary or memory: https://github.com/nodejs/node/issues/35862
Source: node.dll.11.drString found in binary or memory: https://github.com/nodejs/node/issues/35981
Source: node.dll.11.drString found in binary or memory: https://github.com/nodejs/node/issues/39707
Source: node.dll.11.drString found in binary or memory: https://github.com/nodejs/node/issues/39758
Source: node.dll.11.drString found in binary or memory: https://github.com/nodejs/node/issues/45699
Source: node.dll.11.drString found in binary or memory: https://github.com/nodejs/node/pull/12342
Source: node.dll.11.drString found in binary or memory: https://github.com/nodejs/node/pull/12607
Source: node.dll.11.drString found in binary or memory: https://github.com/nodejs/node/pull/13870#discussion_r124515293
Source: node.dll.11.drString found in binary or memory: https://github.com/nodejs/node/pull/1771#issuecomment-119351671
Source: node.dll.11.drString found in binary or memory: https://github.com/nodejs/node/pull/21313
Source: node.dll.11.drString found in binary or memory: https://github.com/nodejs/node/pull/26334.
Source: node.dll.11.drString found in binary or memory: https://github.com/nodejs/node/pull/30380#issuecomment-552948364
Source: node.dll.11.drString found in binary or memory: https://github.com/nodejs/node/pull/30958
Source: node.dll.11.drString found in binary or memory: https://github.com/nodejs/node/pull/32887
Source: node.dll.11.drString found in binary or memory: https://github.com/nodejs/node/pull/33515.
Source: node.dll.11.drString found in binary or memory: https://github.com/nodejs/node/pull/33661
Source: node.dll.11.drString found in binary or memory: https://github.com/nodejs/node/pull/3394
Source: node.dll.11.drString found in binary or memory: https://github.com/nodejs/node/pull/34010
Source: node.dll.11.drString found in binary or memory: https://github.com/nodejs/node/pull/34103#issuecomment-652002364
Source: node.dll.11.drString found in binary or memory: https://github.com/nodejs/node/pull/34375
Source: node.dll.11.drString found in binary or memory: https://github.com/nodejs/node/pull/34385
Source: node.dll.11.drString found in binary or memory: https://github.com/nodejs/node/pull/35941
Source: node.dll.11.drString found in binary or memory: https://github.com/nodejs/node/pull/35949#issuecomment-722496598
Source: node.dll.11.drString found in binary or memory: https://github.com/nodejs/node/pull/36061#discussion_r533718029
Source: node.dll.11.drString found in binary or memory: https://github.com/nodejs/node/pull/38248
Source: node.dll.11.drString found in binary or memory: https://github.com/nodejs/node/pull/38433#issuecomment-828426932
Source: node.dll.11.drString found in binary or memory: https://github.com/nodejs/node/pull/38614)
Source: node.dll.11.drString found in binary or memory: https://github.com/nodejs/node/pull/43714
Source: node.dll.11.drString found in binary or memory: https://github.com/nodejs/node/pull/44004#discussion_r930958420
Source: node.dll.11.drString found in binary or memory: https://github.com/nodejs/node/pull/46161
Source: node.dll.11.drString found in binary or memory: https://github.com/nodejs/node/pull/46528
Source: node.dll.11.drString found in binary or memory: https://github.com/nodejs/node/pull/49730#discussion_r1331720053
Source: node.dll.11.drString found in binary or memory: https://github.com/nodejs/undici/issues/2021
Source: node.dll.11.drString found in binary or memory: https://github.com/standard-things/esm/issues/821.
Source: node.dll.11.drString found in binary or memory: https://github.com/tc39/ecma262/blob/HEAD/LICENSE.md
Source: node.dll.11.drString found in binary or memory: https://github.com/tc39/ecma262/issues/1209
Source: node.dll.11.drString found in binary or memory: https://github.com/tc39/proposal-iterator-helpers/issues/169
Source: node.dll.11.drString found in binary or memory: https://github.com/tc39/proposal-ses/blob/e5271cc42a257a05dcae2fd94713ed2f46c08620/shim/src/freeze.j
Source: node.dll.11.drString found in binary or memory: https://github.com/tc39/proposal-weakrefs
Source: node.dll.11.drString found in binary or memory: https://goo.gl/t5IS6M).
Source: nsr7B99.tmp, 0000000B.00000002.3118453750.0000000002C2B000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://google.comlast_v=%ws&dl_lnk=%wsempty_instructionsno_internet_connectionendp
Source: node.dll.11.drString found in binary or memory: https://heycam.github.io/webidl/#define-the-operations
Source: node.dll.11.drString found in binary or memory: https://heycam.github.io/webidl/#dfn-default-iterator-object
Source: node.dll.11.drString found in binary or memory: https://heycam.github.io/webidl/#dfn-iterator-prototype-object
Source: node.dll.11.drString found in binary or memory: https://heycam.github.io/webidl/#es-interfaces
Source: node.dll.11.drString found in binary or memory: https://heycam.github.io/webidl/#es-iterable
Source: node.dll.11.drString found in binary or memory: https://heycam.github.io/webidl/#es-iterable-entries
Source: node.dll.11.drString found in binary or memory: https://heycam.github.io/webidl/#es-iterators
Source: node.dll.11.drString found in binary or memory: https://heycam.github.io/webidl/#es-namespaces
Source: node.dll.11.drString found in binary or memory: https://heycam.github.io/webidl/#es-stringifier
Source: node.dll.11.drString found in binary or memory: https://html.spec.whatwg.org/multipage/system-state.html#the-navigator-object
Source: node.dll.11.drString found in binary or memory: https://html.spec.whatwg.org/multipage/timers-and-user-prompts.html#dom-setinterval
Source: node.dll.11.drString found in binary or memory: https://html.spec.whatwg.org/multipage/web-messaging.html#broadcasting-to-other-browsing-contexts
Source: node.dll.11.drString found in binary or memory: https://html.spec.whatwg.org/multipage/webappapis.html#windoworworkerglobalscope
Source: node.dll.11.drString found in binary or memory: https://html.spec.whatwg.org/multipage/webappapis.html#windoworworkerglobalscope.
Source: explorer.exe, 0000000E.00000000.2992360703.0000000007900000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 0000000E.00000002.3075310275.0000000007900000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://img-s-msn-com.akamaized.net/tenant/amp/entityid/AA15Yat4.img
Source: explorer.exe, 0000000E.00000000.2992360703.0000000007900000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 0000000E.00000002.3075310275.0000000007900000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://img-s-msn-com.akamaized.net/tenant/amp/entityid/AA1hlXIY.img
Source: explorer.exe, 0000000E.00000000.2992360703.0000000007900000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 0000000E.00000002.3075310275.0000000007900000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://img-s-msn-com.akamaized.net/tenant/amp/entityid/AAKSoFp.img
Source: explorer.exe, 0000000E.00000000.2992360703.0000000007900000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 0000000E.00000002.3075310275.0000000007900000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://img-s-msn-com.akamaized.net/tenant/amp/entityid/AAXaopi.img
Source: explorer.exe, 0000000E.00000000.2992360703.0000000007900000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 0000000E.00000002.3075310275.0000000007900000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://img-s-msn-com.akamaized.net/tenant/amp/entityid/AAgi0nZ.img
Source: explorer.exe, 0000000E.00000000.2992360703.0000000007900000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 0000000E.00000002.3075310275.0000000007900000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://img-s-msn-com.akamaized.net/tenant/amp/entityid/BBqlLky.img
Source: explorer.exe, 0000000E.00000000.2992360703.00000000078AD000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 0000000E.00000002.3075310275.00000000078AD000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://img.s-msn.com/tenant/amp/entityid/AAbC0oi.img
Source: node.dll.11.drString found in binary or memory: https://infra.spec.whatwg.org/#ascii-whitespace
Source: node.dll.11.drString found in binary or memory: https://infra.spec.whatwg.org/#forgiving-base64
Source: node.dll.11.drString found in binary or memory: https://infra.spec.whatwg.org/#forgiving-base64-decode
Source: node.dll.11.drString found in binary or memory: https://invisible-island.net/ncurses/terminfo.ti.html#toc-_Specials
Source: node.dll.11.drString found in binary or memory: https://jimmy.warting.se/opensource
Source: node.dll.11.drString found in binary or memory: https://linux.die.net/man/1/dircolors).
Source: Watchdog.exe, 0000000D.00000002.3059218606.000002B7C5CF7000.00000004.00000020.00020000.00000000.sdmp, Watchdog.exe, 0000000D.00000003.3004378739.000002B7C5CF7000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://login.live.com
Source: node.dll.11.drString found in binary or memory: https://mathiasbynens.be/notes/javascript-encoding
Source: node.dll.11.drString found in binary or memory: https://mimesniff.spec.whatwg.org/#mime-type-essence
Source: nsr7B99.tmp, 0000000B.00000002.3118453750.0000000002839000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://myactivity.google.com/
Source: node.dll.11.drString found in binary or memory: https://no-color.org/
Source: node.dll.11.drString found in binary or memory: https://nodejs.org/
Source: node.dll.11.drString found in binary or memory: https://nodejs.org/api/cli.html#cli_unhandled_rejections_mode).
Source: node.dll.11.drString found in binary or memory: https://nodejs.org/api/fs.html
Source: node.dll.11.drString found in binary or memory: https://nodejs.org/api/fs.html#fs_stat_time_values)
Source: node.dll.11.drString found in binary or memory: https://nodejs.org/api/permissions.html#file-system-permissions
Source: node.dll.11.drString found in binary or memory: https://nodejs.org/download/release/v21.1.0/node-v21.1.0-headers.tar.gz
Source: node.dll.11.drString found in binary or memory: https://nodejs.org/download/release/v21.1.0/node-v21.1.0.tar.gz
Source: node.dll.11.drString found in binary or memory: https://nodejs.org/download/release/v21.1.0/node-v21.1.0.tar.gzhttps://nodejs.org/download/release/v
Source: node.dll.11.drString found in binary or memory: https://nodejs.org/download/release/v21.1.0/win-x64/node.lib
Source: explorer.exe, 0000000E.00000000.3030957464.000000000C5AA000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 0000000E.00000002.3122793853.000000000C5AA000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://outlook.com_
Source: nsr7B99.tmp, 0000000B.00000002.3118453750.0000000002839000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://passwords.google.com
Source: nsr7B99.tmp, 0000000B.00000002.3118453750.0000000002839000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://passwords.google.comGoogle
Source: nsr7B99.tmp, 0000000B.00000002.3118453750.0000000002839000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://passwords.google.comT
Source: Setup.exe, 00000000.00000003.2579490168.000000000058A000.00000004.00000020.00020000.00000000.sdmp, Setup.exe, 00000000.00000003.2579490168.0000000000533000.00000004.00000020.00020000.00000000.sdmp, nsr7B99.tmp, 0000000B.00000003.2950212760.0000000000529000.00000004.00000020.00020000.00000000.sdmp, nsr7B99.tmp, 0000000B.00000003.2950712354.0000000000529000.00000004.00000020.00020000.00000000.sdmp, nsr7B99.tmp, 0000000B.00000003.2937044105.0000000000529000.00000004.00000020.00020000.00000000.sdmp, nsr7B99.tmp, 0000000B.00000003.2946930356.0000000000529000.00000004.00000020.00020000.00000000.sdmp, nsr7B99.tmp, 0000000B.00000003.2948528077.0000000000529000.00000004.00000020.00020000.00000000.sdmp, nsr7B99.tmp, 0000000B.00000003.2949213295.0000000000529000.00000004.00000020.00020000.00000000.sdmp, nsr7B99.tmp, 0000000B.00000003.2946548996.0000000000529000.00000004.00000020.00020000.00000000.sdmp, nsr7B99.tmp, 0000000B.00000003.2946208487.0000000000529000.00000004.00000020.00020000.00000000.sdmp, nsr7B99.tmp, 0000000B.00000003.2949851888.0000000000529000.00000004.00000020.00020000.00000000.sdmp, nsr7B99.tmp, 0000000B.00000003.2947774223.0000000000529000.00000004.00000020.00020000.00000000.sdmp, nsr7B99.tmp, 0000000B.00000003.2949530293.0000000000529000.00000004.00000020.00020000.00000000.sdmp, nsr7B99.tmp, 0000000B.00000002.3117371050.0000000000529000.00000004.00000020.00020000.00000000.sdmp, nsr7B99.tmp, 0000000B.00000003.2945826957.0000000000529000.00000004.00000020.00020000.00000000.sdmp, nsr7B99.tmp, 0000000B.00000002.3120283595.000000000388D000.00000004.00000020.00020000.00000000.sdmp, PcAppStore.exe, 0000000C.00000002.3058430450.0000028CE5AFC000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://pcapp.store/
Source: nsr7B99.tmp, 0000000B.00000003.2937044105.0000000000575000.00000004.00000020.00020000.00000000.sdmp, nsr7B99.tmp, 0000000B.00000003.2945826957.0000000000529000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://pcapp.store/&
Source: nsr7B99.tmp, 0000000B.00000002.3118453750.0000000002839000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://pcapp.store/?p=lpd_appstore-faq
Source: nsr7B99.tmp, 0000000B.00000003.2937044105.0000000000529000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://pcapp.store/LMEMHH
Source: nsr7B99.tmp, 0000000B.00000002.3118453750.0000000002C2B000.00000004.00000020.00020000.00000000.sdmp, PcAppStore.exe, PcAppStore.exe, 0000000C.00000002.3060819819.00007FF751C94000.00000002.00000001.01000000.00000014.sdmp, PcAppStore.exe, 0000000C.00000000.2963791742.00007FF751C94000.00000002.00000001.01000000.00000014.sdmpString found in binary or memory: https://pcapp.store/account/login
Source: nsr7B99.tmp, 0000000B.00000002.3118453750.0000000002C2B000.00000004.00000020.00020000.00000000.sdmp, PcAppStore.exe, 0000000C.00000002.3060819819.00007FF751C94000.00000002.00000001.01000000.00000014.sdmp, PcAppStore.exe, 0000000C.00000000.2963791742.00007FF751C94000.00000002.00000001.01000000.00000014.sdmpString found in binary or memory: https://pcapp.store/account/logintray_exit
Source: nsr7B99.tmp, 0000000B.00000002.3118453750.0000000002C2B000.00000004.00000020.00020000.00000000.sdmp, PcAppStore.exe, 0000000C.00000002.3060819819.00007FF751C94000.00000002.00000001.01000000.00000014.sdmp, PcAppStore.exe, 0000000C.00000000.2963791742.00007FF751C94000.00000002.00000001.01000000.00000014.sdmpString found in binary or memory: https://pcapp.store/cpg_fa.php?guid=An
Source: PcAppStore.exeString found in binary or memory: https://pcapp.store/dl_cta_open.php?guid=%ws&oid=%lu&entryApp=%ws
Source: nsr7B99.tmp, 0000000B.00000002.3118453750.0000000002C2B000.00000004.00000020.00020000.00000000.sdmp, PcAppStore.exe, 0000000C.00000002.3060819819.00007FF751C94000.00000002.00000001.01000000.00000014.sdmp, PcAppStore.exe, 0000000C.00000000.2963791742.00007FF751C94000.00000002.00000001.01000000.00000014.sdmpString found in binary or memory: https://pcapp.store/dl_cta_open.php?guid=%ws&oid=%lu&entryApp=%wsdl_startoid=%d&entry_app=%ws&source
Source: nsr7B99.tmp, 0000000B.00000003.2950212760.0000000000529000.00000004.00000020.00020000.00000000.sdmp, nsr7B99.tmp, 0000000B.00000003.2950712354.0000000000529000.00000004.00000020.00020000.00000000.sdmp, nsr7B99.tmp, 0000000B.00000003.2937044105.0000000000529000.00000004.00000020.00020000.00000000.sdmp, nsr7B99.tmp, 0000000B.00000003.2946930356.0000000000529000.00000004.00000020.00020000.00000000.sdmp, nsr7B99.tmp, 0000000B.00000003.2948528077.0000000000529000.00000004.00000020.00020000.00000000.sdmp, nsr7B99.tmp, 0000000B.00000003.2949213295.0000000000529000.00000004.00000020.00020000.00000000.sdmp, nsr7B99.tmp, 0000000B.00000003.2946548996.0000000000529000.00000004.00000020.00020000.00000000.sdmp, nsr7B99.tmp, 0000000B.00000003.2946208487.0000000000529000.00000004.00000020.00020000.00000000.sdmp, nsr7B99.tmp, 0000000B.00000003.2949851888.0000000000529000.00000004.00000020.00020000.00000000.sdmp, nsr7B99.tmp, 0000000B.00000003.2947774223.0000000000529000.00000004.00000020.00020000.00000000.sdmp, nsr7B99.tmp, 0000000B.00000003.2949530293.0000000000529000.00000004.00000020.00020000.00000000.sdmp, nsr7B99.tmp, 0000000B.00000002.3117371050.0000000000529000.00000004.00000020.00020000.00000000.sdmp, nsr7B99.tmp, 0000000B.00000003.2945826957.0000000000529000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://pcapp.store/f
Source: nsr7B99.tmp, 0000000B.00000002.3118453750.0000000002C2B000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://pcapp.store/fa_version.php?guid=%ws&end_v=%ws&nocache=%d
Source: nsr7B99.tmp, 0000000B.00000002.3118453750.0000000002C2B000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://pcapp.store/fa_version.php?guid=%ws&res=link&nocache=%d
Source: nsr7B99.tmp, 0000000B.00000002.3117371050.00000000004CA000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://pcapp.store/inst_cpg.php?guid=&src=pcapp_full.
Source: Setup.exe, 00000000.00000003.2579490168.0000000000533000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://pcapp.store/inst_cpg.php?guid=71434D56-1548-ED3D-AEE6-C75AECD93BF0&_fcid=1728048003008516&ve
Source: nsr7B99.tmp, 0000000B.00000002.3117371050.0000000000488000.00000004.00000020.00020000.00000000.sdmp, nsr7B99.tmp, 0000000B.00000002.3117371050.00000000004EF000.00000004.00000020.00020000.00000000.sdmp, nsr7B99.tmp, 0000000B.00000002.3117371050.0000000000529000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://pcapp.store/inst_cpg.php?guid=71434D56-1548-ED3D-AEE6-C75AECD93BF0&version=fa.1091x&src=pcap
Source: Setup.exe, 00000000.00000003.1860541903.000000000056C000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://pcapp.store/installing.php?guid=
Source: Setup.exe, 00000000.00000002.2581408056.00000000004E6000.00000004.00000020.00020000.00000000.sdmp, nsr7B99.tmp, 0000000B.00000002.3117371050.00000000004CA000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://pcapp.store/installing.php?guid=&winver=
Source: Setup.exe, 00000000.00000003.2578755120.0000000002EF2000.00000004.00000020.00020000.00000000.sdmp, Setup.exe, 00000000.00000002.2582164527.0000000002780000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://pcapp.store/installing.php?guid=71434D56-1548-ED3D-AEE6-C75AECD93BF0&winver=19045&version=fa
Source: Setup.exe, 00000000.00000003.1860514948.0000000002F03000.00000004.00000020.00020000.00000000.sdmp, Setup.exe, 00000000.00000002.2582788059.0000000002F03000.00000004.00000020.00020000.00000000.sdmp, Setup.exe, 00000000.00000003.2579208269.0000000002F01000.00000004.00000020.00020000.00000000.sdmp, Setup.exe, 00000000.00000003.2578755120.0000000002EF2000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://pcapp.store/installing.php?guid=71434D56-1548-ED3D-AEEH
Source: PcAppStore.exeString found in binary or memory: https://pcapp.store/notify_app_v2.php?guid=
Source: nsr7B99.tmp, 0000000B.00000002.3118453750.0000000002C2B000.00000004.00000020.00020000.00000000.sdmp, PcAppStore.exe, 0000000C.00000002.3060819819.00007FF751C94000.00000002.00000001.01000000.00000014.sdmp, PcAppStore.exe, 0000000C.00000000.2963791742.00007FF751C94000.00000002.00000001.01000000.00000014.sdmpString found in binary or memory: https://pcapp.store/notify_app_v2.php?guid=&lastid=&lasttime=&nocache=&end_v=%ws%ws%ws%d%ws%d%ws%ws%
Source: nsr7B99.tmp, 0000000B.00000003.2937044105.0000000000529000.00000004.00000020.00020000.00000000.sdmp, nsr7B99.tmp, 0000000B.00000003.2946548996.0000000000529000.00000004.00000020.00020000.00000000.sdmp, nsr7B99.tmp, 0000000B.00000003.2946208487.0000000000529000.00000004.00000020.00020000.00000000.sdmp, nsr7B99.tmp, 0000000B.00000003.2945826957.0000000000529000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://pcapp.store/oot
Source: nsr7B99.tmp, 0000000B.00000002.3118453750.0000000002C2B000.00000004.00000020.00020000.00000000.sdmp, PcAppStore.exe, PcAppStore.exe, 0000000C.00000002.3060819819.00007FF751C94000.00000002.00000001.01000000.00000014.sdmp, PcAppStore.exe, 0000000C.00000000.2963791742.00007FF751C94000.00000002.00000001.01000000.00000014.sdmpString found in binary or memory: https://pcapp.store/pixel.gif
Source: Setup.exe, 00000000.00000002.2581408056.000000000050D000.00000004.00000020.00020000.00000000.sdmp, PcAppStore.exeString found in binary or memory: https://pcapp.store/pixel.gif?guid=
Source: nsr7B99.tmp, 0000000B.00000002.3118453750.0000000002C2B000.00000004.00000020.00020000.00000000.sdmp, PcAppStore.exe, 0000000C.00000002.3060819819.00007FF751C94000.00000002.00000001.01000000.00000014.sdmp, PcAppStore.exe, 0000000C.00000000.2963791742.00007FF751C94000.00000002.00000001.01000000.00000014.sdmpString found in binary or memory: https://pcapp.store/pixel.gif?guid=&version=&evt_src=fa_&evt_action=https://pcapp.store/pixel.gif&no
Source: nsr7B99.tmp, 0000000B.00000002.3117371050.00000000004CA000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://pcapp.store/pixel.gif?guid=&version=&evt_src=fa_installer&evt_action=localmac
Source: PcAppStore.exe, 0000000C.00000002.3058430450.0000028CE5B4A000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://pcapp.store/pixel.gif?guid=71434D56-1548-ED3D-AEE6-C75AECD93BF0&version=fa.1091x&evt_src=fa_
Source: nsr7B99.tmp, 0000000B.00000002.3117371050.0000000000529000.00000004.00000020.00020000.00000000.sdmp, nsr7B99.tmp, 0000000B.00000002.3120283595.0000000003866000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://pcapp.store/pixel.gif?guid=71434D56-1548-ED3D-AEE6-C75AECD93BF0&version=fa.1091x&inst_parent
Source: nsr7B99.tmp, 0000000B.00000002.3118453750.0000000002C2B000.00000004.00000020.00020000.00000000.sdmp, PcAppStore.exe, 0000000C.00000002.3060819819.00007FF751C94000.00000002.00000001.01000000.00000014.sdmp, PcAppStore.exe, 0000000C.00000000.2963791742.00007FF751C94000.00000002.00000001.01000000.00000014.sdmpString found in binary or memory: https://pcapp.store/pixel.gifproductstartedui_creation_errorwaiting_for_UI_connectionwaiting_for_win
Source: nsr7B99.tmp, 0000000B.00000002.3120283595.000000000388D000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://pcapp.store/ppStore
Source: nsr7B99.tmp, 0000000B.00000002.3117371050.00000000004CA000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://pcapp.store/privacy.html?guid=By
Source: Setup.exe, 00000000.00000002.2581408056.00000000004E6000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://pcapp.store/privacy.html?guid=welhttps://pcapp.store/pixel.gif?guid=&version=&evt_src=fa_min
Source: nsr7B99.tmp, 0000000B.00000003.2937044105.0000000000529000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://pcapp.store/q
Source: nsr7B99.tmp, 0000000B.00000002.3120283595.000000000388D000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://pcapp.store/s
Source: Setup.exe, 00000000.00000002.2581408056.00000000004E6000.00000004.00000020.00020000.00000000.sdmp, nsr7B99.tmp, 0000000B.00000002.3117371050.00000000004CA000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://pcapp.store/tos.html?guid=
Source: PcAppStore.exe, 0000000C.00000002.3058430450.0000028CE5B4A000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://pcapp.store:443/pixel.gif?guid=71434D56-1548-ED3D-AEE6-C75AECD93BF0&version=fa.1091x&evt_src
Source: nsr7B99.tmp, 0000000B.00000002.3118453750.0000000002C2B000.00000004.00000020.00020000.00000000.sdmp, PcAppStore.exe, 0000000C.00000002.3060819819.00007FF751C94000.00000002.00000001.01000000.00000014.sdmp, PcAppStore.exe, 0000000C.00000000.2963791742.00007FF751C94000.00000002.00000001.01000000.00000014.sdmpString found in binary or memory: https://pcapp.storedisplaycountblinkingnotificationIconrunParampathalt_linkmicrosoftIdregpathkeyidwi
Source: nsr7B99.tmp, 0000000B.00000002.3118453750.0000000002C2B000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://pcappstore.s3.amazonaws.com/versionrinstruction_failed%ws?guid=%ws&nocache=%dauto_updater.ex
Source: nsr7B99.tmp, 0000000B.00000002.3118453750.0000000002839000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://photos.google.com/settings?referrer=CHROME_NTP
Source: nsr7B99.tmp, 0000000B.00000002.3118453750.0000000002839000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://policies.google.com/
Source: explorer.exe, 0000000E.00000000.3030957464.000000000C5AA000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 0000000E.00000002.3122793853.000000000C5AA000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://powerpoint.office.comcember
Source: node.dll.11.drString found in binary or memory: https://pubs.opengroup.org/onlinepubs/9699919799/basedefs/V1_chap12.html
Source: node.dll.11.drString found in binary or memory: https://pubs.opengroup.org/onlinepubs/9699919799/basedefs/V1_chap12.html).
Source: nsr7B99.tmp, 0000000B.00000002.3118453750.0000000002C2B000.00000004.00000020.00020000.00000000.sdmp, PcAppStore.exe, PcAppStore.exe, 0000000C.00000002.3060819819.00007FF751C94000.00000002.00000001.01000000.00000014.sdmp, PcAppStore.exe, 0000000C.00000000.2963791742.00007FF751C94000.00000002.00000001.01000000.00000014.sdmpString found in binary or memory: https://search.pcapp.store/r.html?q=%ws&br=%ws&en=%ws&guid=%ws&end_v=%ws
Source: nsr7B99.tmp, 0000000B.00000002.3118453750.0000000002C2B000.00000004.00000020.00020000.00000000.sdmp, PcAppStore.exe, 0000000C.00000002.3060819819.00007FF751C94000.00000002.00000001.01000000.00000014.sdmp, PcAppStore.exe, 0000000C.00000000.2963791742.00007FF751C94000.00000002.00000001.01000000.00000014.sdmpString found in binary or memory: https://search.pcapp.store/r.html?q=%ws&br=%ws&en=%ws&guid=%ws&end_v=%wsedgechromefirefoxenginesearc
Source: explorer.exe, 0000000E.00000000.2992360703.0000000007900000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 0000000E.00000002.3075310275.0000000007900000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://simpleflying.com/how-do-you-become-an-air-traffic-controller/
Source: node.dll.11.drString found in binary or memory: https://sourcemaps.info/spec.html
Source: node.dll.11.drString found in binary or memory: https://stackoverflow.com/a/5501711/3561
Source: node.dll.11.drString found in binary or memory: https://streams.spec.whatwg.org/#example-manual-write-with-backpressure
Source: node.dll.11.drString found in binary or memory: https://streams.spec.whatwg.org/#example-rbs-pull
Source: nsr7B99.tmp, 0000000B.00000002.3118453750.0000000002839000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://support.google.com/chrome/a/answer/9122284
Source: nsr7B99.tmp, 0000000B.00000002.3118453750.0000000002839000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://support.google.com/chrome/answer/6098869
Source: nsr7B99.tmp, 0000000B.00000002.3118453750.0000000002839000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://support.google.com/chromebook?p=app_intent
Source: node.dll.11.drString found in binary or memory: https://tc39.es/ecma262/#eqn-modulo
Source: node.dll.11.drString found in binary or memory: https://tc39.es/ecma262/#prod-ClassContents
Source: node.dll.11.drString found in binary or memory: https://tc39.es/ecma262/#prod-ClassIntersection
Source: node.dll.11.drString found in binary or memory: https://tc39.es/ecma262/#prod-ClassSetCharacter
Source: node.dll.11.drString found in binary or memory: https://tc39.es/ecma262/#prod-ClassSetExpression
Source: node.dll.11.drString found in binary or memory: https://tc39.es/ecma262/#prod-ClassSetOperand
Source: node.dll.11.drString found in binary or memory: https://tc39.es/ecma262/#prod-ClassSetRange
Source: node.dll.11.drString found in binary or memory: https://tc39.es/ecma262/#prod-ClassSetReservedDoublePunctuator
Source: node.dll.11.drString found in binary or memory: https://tc39.es/ecma262/#prod-ClassSetReservedPunctuator
Source: node.dll.11.drString found in binary or memory: https://tc39.es/ecma262/#prod-ClassSetSyntaxCharacter
Source: node.dll.11.drString found in binary or memory: https://tc39.es/ecma262/#prod-ClassString
Source: node.dll.11.drString found in binary or memory: https://tc39.es/ecma262/#prod-ClassStringDisjunction
Source: node.dll.11.drString found in binary or memory: https://tc39.es/ecma262/#prod-ClassStringDisjunctionContents
Source: node.dll.11.drString found in binary or memory: https://tc39.es/ecma262/#prod-ClassSubtraction
Source: node.dll.11.drString found in binary or memory: https://tc39.es/ecma262/#prod-ClassUnion
Source: node.dll.11.drString found in binary or memory: https://tc39.es/ecma262/#prod-NestedClass
Source: node.dll.11.drString found in binary or memory: https://tc39.es/ecma262/#prod-NonEmptyClassString
Source: node.dll.11.drString found in binary or memory: https://tc39.es/ecma262/#sec-%typedarray%-intrinsic-object
Source: node.dll.11.drString found in binary or memory: https://tc39.es/ecma262/#sec-HostLoadImportedModule.
Source: node.dll.11.drString found in binary or memory: https://tc39.es/ecma262/#sec-IsHTMLDDA-internal-slot
Source: node.dll.11.drString found in binary or memory: https://tc39.es/ecma262/#sec-timeclip
Source: node.dll.11.drString found in binary or memory: https://tc39.es/ecma262/#sec-tonumber
Source: node.dll.11.drString found in binary or memory: https://tc39.es/ecma262/#table-typeof-operator-results
Source: node.dll.11.drString found in binary or memory: https://tc39.github.io/ecma262/#sec-%typedarray%.of
Source: node.dll.11.drString found in binary or memory: https://tc39.github.io/ecma262/#sec-object.prototype.tostring
Source: node.dll.11.drString found in binary or memory: https://tools.ietf.org/html/rfc2397#section-2
Source: node.dll.11.drString found in binary or memory: https://tools.ietf.org/html/rfc3492#section-3.4
Source: node.dll.11.drString found in binary or memory: https://tools.ietf.org/html/rfc3986#section-3.2.2
Source: node.dll.11.drString found in binary or memory: https://tools.ietf.org/html/rfc6455#section-1.3
Source: node.dll.11.drString found in binary or memory: https://tools.ietf.org/html/rfc7230#section-3.2.2
Source: node.dll.11.drString found in binary or memory: https://tools.ietf.org/html/rfc7230#section-3.2.6
Source: node.dll.11.drString found in binary or memory: https://tools.ietf.org/html/rfc7540#section-8.1.2.5
Source: node.dll.11.drString found in binary or memory: https://url.spec.whatwg.org/#concept-url
Source: node.dll.11.drString found in binary or memory: https://url.spec.whatwg.org/#concept-urlencoded-byte-serializer
Source: node.dll.11.drString found in binary or memory: https://url.spec.whatwg.org/#concept-urlencoded-parser
Source: node.dll.11.drString found in binary or memory: https://url.spec.whatwg.org/#concept-urlencoded-serializer
Source: node.dll.11.drString found in binary or memory: https://url.spec.whatwg.org/#dom-urlsearchparams-urlsearchparams
Source: node.dll.11.drString found in binary or memory: https://url.spec.whatwg.org/#forbidden-host-code-point
Source: node.dll.11.drString found in binary or memory: https://url.spec.whatwg.org/#special-scheme
Source: node.dll.11.drString found in binary or memory: https://url.spec.whatwg.org/#url
Source: node.dll.11.drString found in binary or memory: https://url.spec.whatwg.org/#urlsearchparams
Source: node.dll.11.drString found in binary or memory: https://url.spec.whatwg.org/#urlsearchparams-stringification-behavior
Source: node.dll.11.drString found in binary or memory: https://v8.dev/blog/v8-release-89
Source: node.dll.11.drString found in binary or memory: https://w3c.github.io/FileAPI/#creating-revoking
Source: node.dll.11.drString found in binary or memory: https://w3c.github.io/resource-timing/#dfn-mark-resource-timing
Source: node.dll.11.drString found in binary or memory: https://w3c.github.io/resource-timing/#dfn-setup-the-resource-timing-entry
Source: node.dll.11.drString found in binary or memory: https://w3c.github.io/resource-timing/#dom-performance-setresourcetimingbuffersize
Source: node.dll.11.drString found in binary or memory: https://w3c.github.io/webappsec-referrer-policy/#referrer-policy
Source: node.dll.11.drString found in binary or memory: https://w3c.github.io/webappsec-subresource-integrity/#the-integrity-attribute
Source: node.dll.11.drString found in binary or memory: https://w3c.github.io/webcrypto/#SubtleCrypto-method-wrapKey
Source: node.dll.11.drString found in binary or memory: https://w3c.github.io/webcrypto/#algorithm-normalization-normalize-an-algorithm
Source: node.dll.11.drString found in binary or memory: https://webassembly.github.io/spec/web-api
Source: node.dll.11.drString found in binary or memory: https://webidl.spec.whatwg.org/#Exposed
Source: node.dll.11.drString found in binary or memory: https://webidl.spec.whatwg.org/#Exposed.
Source: node.dll.11.drString found in binary or memory: https://webidl.spec.whatwg.org/#abstract-opdef-converttoint
Source: node.dll.11.drString found in binary or memory: https://webidl.spec.whatwg.org/#abstract-opdef-integerpart
Source: node.dll.11.drString found in binary or memory: https://webidl.spec.whatwg.org/#es-DOMString
Source: node.dll.11.drString found in binary or memory: https://webidl.spec.whatwg.org/#es-dictionary
Source: node.dll.11.drString found in binary or memory: https://websockets.spec.whatwg.org/
Source: node.dll.11.drString found in binary or memory: https://websockets.spec.whatwg.org/#dom-websocket-close
Source: node.dll.11.drString found in binary or memory: https://websockets.spec.whatwg.org/#dom-websocket-send
Source: node.dll.11.drString found in binary or memory: https://websockets.spec.whatwg.org/#feedback-from-the-protocol
Source: node.dll.11.drString found in binary or memory: https://wiki.squid-cache.org/SquidFaq/InnerWorkings#What_is_a_half-closed_filedescriptor.3F
Source: explorer.exe, 0000000E.00000000.2992360703.0000000007900000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 0000000E.00000002.3075310275.0000000007900000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://windows.msn.com:443/shell?osLocale=en-GB&chosenMarketReason=ImplicitNew
Source: explorer.exe, 0000000E.00000000.2992360703.0000000007900000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 0000000E.00000002.3075310275.0000000007900000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://windows.msn.com:443/shellv2?osLocale=en-GB&chosenMarketReason=ImplicitNew
Source: explorer.exe, 0000000E.00000002.3125227600.000000000CA7C000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 0000000E.00000000.3033183831.000000000CA7C000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://wns.windows.com/ClassIdv
Source: explorer.exe, 0000000E.00000000.3030957464.000000000C557000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 0000000E.00000002.3122793853.000000000C557000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://wns.windows.com/L
Source: explorer.exe, 0000000E.00000000.3030957464.000000000C5AA000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 0000000E.00000002.3122793853.000000000C5AA000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://word.office.com
Source: node.dll.11.drString found in binary or memory: https://www.ecma-international.org/ecma-262/#sec-line-terminators
Source: node.dll.11.drString found in binary or memory: https://www.ecma-international.org/ecma-262/#sec-promise.all
Source: node.dll.11.drString found in binary or memory: https://www.ecma-international.org/ecma-262/5.1/#sec-15.1.3.4
Source: node.dll.11.drString found in binary or memory: https://www.ecma-international.org/ecma-262/8.0/#prod-Alternative
Source: node.dll.11.drString found in binary or memory: https://www.ecma-international.org/ecma-262/8.0/#prod-Atom
Source: node.dll.11.drString found in binary or memory: https://www.ecma-international.org/ecma-262/8.0/#prod-CharacterClass
Source: node.dll.11.drString found in binary or memory: https://www.ecma-international.org/ecma-262/8.0/#prod-CharacterClassEscape
Source: node.dll.11.drString found in binary or memory: https://www.ecma-international.org/ecma-262/8.0/#prod-ClassAtom
Source: node.dll.11.drString found in binary or memory: https://www.ecma-international.org/ecma-262/8.0/#prod-ClassAtomNoDash
Source: node.dll.11.drString found in binary or memory: https://www.ecma-international.org/ecma-262/8.0/#prod-ClassRanges
Source: node.dll.11.drString found in binary or memory: https://www.ecma-international.org/ecma-262/8.0/#prod-ControlEscape
Source: node.dll.11.drString found in binary or memory: https://www.ecma-international.org/ecma-262/8.0/#prod-ControlLetter
Source: node.dll.11.drString found in binary or memory: https://www.ecma-international.org/ecma-262/8.0/#prod-DecimalDigits
Source: node.dll.11.drString found in binary or memory: https://www.ecma-international.org/ecma-262/8.0/#prod-DecimalEscape
Source: node.dll.11.drString found in binary or memory: https://www.ecma-international.org/ecma-262/8.0/#prod-Disjunction
Source: node.dll.11.drString found in binary or memory: https://www.ecma-international.org/ecma-262/8.0/#prod-Hex4Digits
Source: node.dll.11.drString found in binary or memory: https://www.ecma-international.org/ecma-262/8.0/#prod-HexDigit
Source: node.dll.11.drString found in binary or memory: https://www.ecma-international.org/ecma-262/8.0/#prod-HexDigits
Source: node.dll.11.drString found in binary or memory: https://www.ecma-international.org/ecma-262/8.0/#prod-HexEscapeSequence
Source: node.dll.11.drString found in binary or memory: https://www.ecma-international.org/ecma-262/8.0/#prod-NonemptyClassRanges
Source: node.dll.11.drString found in binary or memory: https://www.ecma-international.org/ecma-262/8.0/#prod-NonemptyClassRangesNoDash
Source: node.dll.11.drString found in binary or memory: https://www.ecma-international.org/ecma-262/8.0/#prod-OctalDigit
Source: node.dll.11.drString found in binary or memory: https://www.ecma-international.org/ecma-262/8.0/#prod-Pattern
Source: node.dll.11.drString found in binary or memory: https://www.ecma-international.org/ecma-262/8.0/#prod-PatternCharacter
Source: node.dll.11.drString found in binary or memory: https://www.ecma-international.org/ecma-262/8.0/#prod-Quantifier
Source: node.dll.11.drString found in binary or memory: https://www.ecma-international.org/ecma-262/8.0/#prod-QuantifierPrefix
Source: node.dll.11.drString found in binary or memory: https://www.ecma-international.org/ecma-262/8.0/#prod-RegExpUnicodeEscapeSequence
Source: node.dll.11.drString found in binary or memory: https://www.ecma-international.org/ecma-262/8.0/#prod-SyntaxCharacter
Source: node.dll.11.drString found in binary or memory: https://www.ecma-international.org/ecma-262/8.0/#prod-annexB-Assertion
Source: node.dll.11.drString found in binary or memory: https://www.ecma-international.org/ecma-262/8.0/#prod-annexB-AtomEscape
Source: node.dll.11.drString found in binary or memory: https://www.ecma-international.org/ecma-262/8.0/#prod-annexB-CharacterEscape
Source: node.dll.11.drString found in binary or memory: https://www.ecma-international.org/ecma-262/8.0/#prod-annexB-ClassControlLetter
Source: node.dll.11.drString found in binary or memory: https://www.ecma-international.org/ecma-262/8.0/#prod-annexB-ClassEscape
Source: node.dll.11.drString found in binary or memory: https://www.ecma-international.org/ecma-262/8.0/#prod-annexB-ExtendedAtom
Source: node.dll.11.drString found in binary or memory: https://www.ecma-international.org/ecma-262/8.0/#prod-annexB-ExtendedPatternCharacter
Source: node.dll.11.drString found in binary or memory: https://www.ecma-international.org/ecma-262/8.0/#prod-annexB-IdentityEscape
Source: node.dll.11.drString found in binary or memory: https://www.ecma-international.org/ecma-262/8.0/#prod-annexB-InvalidBracedQuantifier
Source: node.dll.11.drString found in binary or memory: https://www.ecma-international.org/ecma-262/8.0/#prod-annexB-LegacyOctalEscapeSequence
Source: node.dll.11.drString found in binary or memory: https://www.ecma-international.org/ecma-262/8.0/#prod-annexB-Term
Source: node.dll.11.drString found in binary or memory: https://www.ecma-international.org/ecma-262/8.0/#sec-atomescape
Source: node.dll.11.drString found in binary or memory: https://www.ecma-international.org/ecma-262/8.0/#sec-term
Source: nsr7B99.tmp, 0000000B.00000002.3118453750.0000000002839000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.google.com/chrome/privacy/eula_text.html
Source: nsr7B99.tmp, 0000000B.00000002.3118453750.0000000002839000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.google.com/chrome/privacy/eula_text.html&
Source: nsr7B99.tmp, 0000000B.00000002.3118453750.0000000002839000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.google.com/chrome/privacy/eula_text.htmlT&r
Source: nsr7B99.tmp, 0000000B.00000002.3118453750.0000000002839000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.google.com/chrome/privacy/eula_text.htmlYar&d
Source: node.dll.11.drString found in binary or memory: https://www.iana.org/assignments/tls-extensiontype-values
Source: explorer.exe, 0000000E.00000000.2992360703.0000000007900000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 0000000E.00000002.3075310275.0000000007900000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://www.msn.com/en-us/lifestyle/lifestyle-buzz/biden-makes-decision-that-will-impact-more-than-1
Source: explorer.exe, 0000000E.00000000.2992360703.0000000007900000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 0000000E.00000002.3075310275.0000000007900000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://www.msn.com/en-us/lifestyle/travel/i-ve-worked-at-a-campsite-for-5-years-these-are-the-15-mi
Source: explorer.exe, 0000000E.00000000.2992360703.0000000007900000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 0000000E.00000000.2992360703.00000000078AD000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 0000000E.00000002.3075310275.00000000078AD000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 0000000E.00000002.3075310275.0000000007900000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://www.msn.com/en-us/money/personalfinance/13-states-that-don-t-tax-your-retirement-income/ar-A
Source: explorer.exe, 0000000E.00000000.2992360703.0000000007900000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 0000000E.00000002.3075310275.0000000007900000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://www.msn.com/en-us/money/personalfinance/no-wonder-the-american-public-is-confused-if-you-re-
Source: explorer.exe, 0000000E.00000000.2992360703.0000000007900000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 0000000E.00000002.3075310275.0000000007900000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://www.msn.com/en-us/news/politics/clarence-thomas-in-spotlight-as-supreme-court-delivers-blow-
Source: explorer.exe, 0000000E.00000000.2992360703.0000000007900000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 0000000E.00000002.3075310275.0000000007900000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://www.msn.com/en-us/news/politics/exclusive-john-kelly-goes-on-the-record-to-confirm-several-d
Source: explorer.exe, 0000000E.00000000.2992360703.0000000007900000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 0000000E.00000002.3075310275.0000000007900000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://www.msn.com/en-us/news/topic/breast%20cancer%20awareness%20month?ocid=winp1headerevent
Source: explorer.exe, 0000000E.00000000.2992360703.0000000007900000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 0000000E.00000002.3075310275.0000000007900000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://www.msn.com/en-us/news/us/a-nationwide-emergency-alert-will-be-sent-to-all-u-s-cellphones-we
Source: explorer.exe, 0000000E.00000000.2992360703.0000000007900000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 0000000E.00000002.3075310275.0000000007900000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://www.msn.com/en-us/news/us/metro-officials-still-investigating-friday-s-railcar-derailment/ar
Source: explorer.exe, 0000000E.00000002.3075310275.00000000078AD000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://www.msn.com/en-us/news/us/when-does-daylight-saving-time-end-2023-here-s-when-to-set-your-cl
Source: explorer.exe, 0000000E.00000000.2992360703.0000000007900000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 0000000E.00000002.3075310275.0000000007900000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://www.msn.com/en-us/news/world/agostini-krausz-and-l-huillier-win-physics-nobel-for-looking-at
Source: explorer.exe, 0000000E.00000000.2992360703.0000000007900000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 0000000E.00000002.3075310275.0000000007900000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://www.msn.com/en-us/weather/topstories/rest-of-hurricane-season-in-uncharted-waters-because-of
Source: explorer.exe, 0000000E.00000000.2992360703.0000000007900000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 0000000E.00000002.3075310275.0000000007900000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://www.msn.com/en-us/weather/topstories/us-weather-super-el-nino-to-bring-more-flooding-and-win
Source: explorer.exe, 0000000E.00000000.2992360703.0000000007900000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 0000000E.00000002.3075310275.0000000007900000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://www.msn.com:443/en-us/feed
Source: explorer.exe, 0000000E.00000000.2992360703.0000000007900000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 0000000E.00000002.3075310275.0000000007900000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://www.rd.com/list/polite-habits-campers-dislike/
Source: explorer.exe, 0000000E.00000000.2992360703.0000000007900000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 0000000E.00000002.3075310275.0000000007900000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://www.rd.com/newsletter/?int_source=direct&int_medium=rd.com&int_campaign=nlrda_20221001_toppe
Source: node.dll.11.drString found in binary or memory: https://www.rfc-editor.org/rfc/rfc6266#section-4.3
Source: node.dll.11.drString found in binary or memory: https://www.rfc-editor.org/rfc/rfc8288.html#section-3
Source: node.dll.11.drString found in binary or memory: https://www.rfc-editor.org/rfc/rfc9110#section-5.2
Source: node.dll.11.drString found in binary or memory: https://www.unicode.org/Public/UNIDATA/EastAsianWidth.txt
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49741
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49740
Source: unknownNetwork traffic detected: HTTP traffic on port 63325 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 63165 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 63085 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 63360 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49738
Source: unknownNetwork traffic detected: HTTP traffic on port 63280 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49735
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49734
Source: unknownNetwork traffic detected: HTTP traffic on port 49772 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49733
Source: unknownNetwork traffic detected: HTTP traffic on port 63097 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 63372 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49732
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49731
Source: unknownNetwork traffic detected: HTTP traffic on port 63177 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49784 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 63337 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 63245 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 63153 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 63073 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49760 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 63279 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 63189 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 63223 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49805 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 63303 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 63118 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 63257 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 63141 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 63384 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49796 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49788
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49787
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49786
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49785
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49784
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49783
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49782
Source: unknownNetwork traffic detected: HTTP traffic on port 63075 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 63350 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49807 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 63315 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 63221 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 63190 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49779
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49778
Source: unknownNetwork traffic detected: HTTP traffic on port 63267 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49777
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49776
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49775
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49774
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49773
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49772
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49771
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49770
Source: unknownNetwork traffic detected: HTTP traffic on port 63255 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 63290 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 63382 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 63167 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49769
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49768
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49767
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49766
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49765
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49764
Source: unknownNetwork traffic detected: HTTP traffic on port 63289 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49763
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49762
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49761
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49760
Source: unknownNetwork traffic detected: HTTP traffic on port 63327 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 63233 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 63128 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49770 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49758
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49757
Source: unknownNetwork traffic detected: HTTP traffic on port 63106 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 63179 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49753
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49752
Source: unknownNetwork traffic detected: HTTP traffic on port 63349 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49751
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49750
Source: unknownNetwork traffic detected: HTTP traffic on port 63211 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49786 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 63063 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49746
Source: unknownNetwork traffic detected: HTTP traffic on port 63151 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 63180 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49672 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 63277 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49769 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 63311 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49803 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 63357 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 63116 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 63104 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 63231 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 63065 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49735 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 63323 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 63218 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 63192 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 63087 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 63265 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49757 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49797
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49796
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49795
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49794
Source: unknownNetwork traffic detected: HTTP traffic on port 63345 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 63370 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49792
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49791
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49790
Source: unknownNetwork traffic detected: HTTP traffic on port 63169 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 63299 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 63138 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 63243 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49733 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 63287 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 63241 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49779 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 63126 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 63347 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 63301 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 63089 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49788 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49767 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 63379 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 63170 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 63182 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 63369 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 63077 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 63253 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 63313 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 63208 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 63114 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 63099 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 63148 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 63275 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 63335 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 63380 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 63159 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 63216 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 63319 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 63371
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 63370
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 63131
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 63373
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 63130
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 63372
Source: unknownNetwork traffic detected: HTTP traffic on port 49766 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 63297 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 63129
Source: unknownNetwork traffic detected: HTTP traffic on port 63251 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 63122
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 63364
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 63121
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 63363
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 63124
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 63366
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 63123
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 63365
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 63126
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 63368
Source: unknownNetwork traffic detected: HTTP traffic on port 63171 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 63125
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 63367
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 63128
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 63127
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 63369
Source: unknownNetwork traffic detected: HTTP traffic on port 63263 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 63380
Source: unknownNetwork traffic detected: HTTP traffic on port 49732 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 63140
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 63382
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 63381
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 63142
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 63384
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 63141
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 63383
Source: unknownNetwork traffic detected: HTTP traffic on port 63125 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 63228 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 63133
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 63375
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 63132
Source: unknownNetwork traffic detected: HTTP traffic on port 63079 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 63354 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 63374
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 63135
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 63377
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 63134
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 63376
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 63137
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 63379
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 63136
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 63378
Source: unknownNetwork traffic detected: HTTP traffic on port 49790 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 63139
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 63138
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 63151
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 63150
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 63153
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 63152
Source: unknownNetwork traffic detected: HTTP traffic on port 63092 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 63067 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 63342 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 63147 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 63204 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 63144
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 63143
Source: unknownNetwork traffic detected: HTTP traffic on port 63378 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 63146
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 63145
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 63148
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 63147
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 63149
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 63160
Source: unknownNetwork traffic detected: HTTP traffic on port 63183 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 63162
Source: unknownNetwork traffic detected: HTTP traffic on port 63320 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 63161
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 63164
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 63163
Source: unknownNetwork traffic detected: HTTP traffic on port 63090 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 63155
Source: unknownNetwork traffic detected: HTTP traffic on port 63113 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 63154
Source: unknownNetwork traffic detected: HTTP traffic on port 49811 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 63157
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 63156
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 63159
Source: unknownNetwork traffic detected: HTTP traffic on port 63285 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 63158
Source: unknownNetwork traffic detected: HTTP traffic on port 63069 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 63344 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 63161 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 63328
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 63327
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 63329
Source: unknownNetwork traffic detected: HTTP traffic on port 63206 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 63309 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 63320
Source: unknownNetwork traffic detected: HTTP traffic on port 49776 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 63322
Source: unknownNetwork traffic detected: HTTP traffic on port 63376 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 63321
Source: unknownNetwork traffic detected: HTTP traffic on port 63261 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 63324
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 63323
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 63326
Source: unknownNetwork traffic detected: HTTP traffic on port 63135 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 63325
Source: unknownNetwork traffic detected: HTTP traffic on port 63238 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 63340
Source: unknownNetwork traffic detected: HTTP traffic on port 63273 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 63339
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 63338
Source: unknownNetwork traffic detected: HTTP traffic on port 63195 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 63331
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 63330
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 63333
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 63332
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 63335
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 63334
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 63337
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 63336
Source: unknownNetwork traffic detected: HTTP traffic on port 63157 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 63351
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 63350
Source: unknownNetwork traffic detected: HTTP traffic on port 63101 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 63295 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49764 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 63108
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 63107
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 63349
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 63109
Source: unknownNetwork traffic detected: HTTP traffic on port 63057 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 63332 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 63100
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 63342
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 63341
Source: unknownNetwork traffic detected: HTTP traffic on port 63173 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 63102
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 63344
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 63101
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 63343
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 63104
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 63346
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 63103
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 63345
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 63106
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 63348
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 63105
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 63347
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 63360
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 63120
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 63362
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 63361
Source: unknownNetwork traffic detected: HTTP traffic on port 63366 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 63123 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 63119
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 63118
Source: unknownNetwork traffic detected: HTTP traffic on port 63310 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 63353
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 63111
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 63110
Source: unknownNetwork traffic detected: HTTP traffic on port 63080 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 63352
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 63113
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 63355
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 63112
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 63354
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 63115
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 63357
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 63114
Source: unknownNetwork traffic detected: HTTP traffic on port 49792 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 63356
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 63117
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 63116
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 63358
Source: unknownNetwork traffic detected: HTTP traffic on port 63094 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 63145 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 63059 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 63202 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 63305 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 63248 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 63185 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 63082 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 63340 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49752 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 63111 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 63283 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 63317 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 63163 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 63121 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 63362 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49774 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 63133 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49782 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 63070 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 63271 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49740 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 63226 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 63197 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49808 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 63339 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 63155 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 63171
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 63170
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 63173
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 63172
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 63175
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 63174
Source: unknownNetwork traffic detected: HTTP traffic on port 63329 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49762 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 63293 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 63258 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 63166
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 63165
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 63168
Source: unknownNetwork traffic detected: HTTP traffic on port 63175 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 63167
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 63169
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 63180
Source: unknownNetwork traffic detected: HTTP traffic on port 63072 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 63182
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 63181
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 63184
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 63183
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 63186
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 63185
Source: unknownNetwork traffic detected: HTTP traffic on port 63330 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 63364 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 63108 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 63143 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49794 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 63224 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 63177
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 63176
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 63179
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 63178
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 63191
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 63190
Source: unknownNetwork traffic detected: HTTP traffic on port 63214 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 63193
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 63192
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 63195
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 63194
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 63197
Source: unknownNetwork traffic detected: HTTP traffic on port 63352 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 63196
Source: unknownNetwork traffic detected: HTTP traffic on port 63199 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 63060 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 63307 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 63188
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 63187
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 63189
Source: unknownNetwork traffic detected: HTTP traffic on port 63131 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 63374 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 63187 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 63236 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 63199
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 63198
Source: unknownNetwork traffic detected: HTTP traffic on port 49750 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 63281 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 63107 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 63348 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 63142 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 63062 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49795 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 63383 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 63234 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 63119 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 63188 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 63302 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 63130 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 63210 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 63291 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 63166 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 63336 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 63246 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 63314 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 63084 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 63209 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 63268 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49771 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 63178 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 63212 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49785 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 63338 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 63244 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 63152 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 63326 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 63129 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 63086 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 63361 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49758 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 63096 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 63371 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 63140 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 63256 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49797 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 63200 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 63074 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 63278 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 63304 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 63222 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 63117 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 63254 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49746 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 63168 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 63334 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 63139 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 63322 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 63242 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 63076 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 63368 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 63191 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 63207 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 63266 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 63105 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 63300 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 63220 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49787 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 63306
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 63305
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 63308
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 63307
Source: unknownNetwork traffic detected: HTTP traffic on port 63381 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 63064 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 63309
Source: unknownNetwork traffic detected: HTTP traffic on port 63150 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 63300
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 63302
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 63301
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 63304
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 63303
Source: unknownNetwork traffic detected: HTTP traffic on port 63288 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49734 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49672
Source: unknownNetwork traffic detected: HTTP traffic on port 63232 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 63127 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 63317
Source: unknownNetwork traffic detected: HTTP traffic on port 49768 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 63316
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 63319
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 63318
Source: unknownNetwork traffic detected: HTTP traffic on port 63356 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 63311
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 63310
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 63313
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 63312
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 63315
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 63314
Source: unknownNetwork traffic detected: HTTP traffic on port 63264 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 63098 -> 443
Source: unknownHTTPS traffic detected: 207.246.91.177:443 -> 192.168.2.4:49731 version: TLS 1.2
Source: unknownHTTPS traffic detected: 207.211.211.27:443 -> 192.168.2.4:49740 version: TLS 1.2
Source: unknownHTTPS traffic detected: 4.245.163.56:443 -> 192.168.2.4:49760 version: TLS 1.2
Source: unknownHTTPS traffic detected: 184.28.90.27:443 -> 192.168.2.4:49788 version: TLS 1.2
Source: unknownHTTPS traffic detected: 184.28.90.27:443 -> 192.168.2.4:49796 version: TLS 1.2
Source: unknownHTTPS traffic detected: 13.85.23.206:443 -> 192.168.2.4:63056 version: TLS 1.2
Source: unknownHTTPS traffic detected: 4.175.87.197:443 -> 192.168.2.4:63058 version: TLS 1.2
Source: unknownHTTPS traffic detected: 4.245.163.56:443 -> 192.168.2.4:63061 version: TLS 1.2
Source: unknownHTTPS traffic detected: 4.245.163.56:443 -> 192.168.2.4:63062 version: TLS 1.2
Source: unknownHTTPS traffic detected: 13.107.246.60:443 -> 192.168.2.4:63067 version: TLS 1.2
Source: unknownHTTPS traffic detected: 45.32.1.23:443 -> 192.168.2.4:63276 version: TLS 1.2
Source: unknownHTTPS traffic detected: 45.32.1.23:443 -> 192.168.2.4:63370 version: TLS 1.2
Source: unknownHTTPS traffic detected: 45.32.1.23:443 -> 192.168.2.4:63373 version: TLS 1.2
Source: unknownHTTPS traffic detected: 18.173.205.111:443 -> 192.168.2.4:63372 version: TLS 1.2
Source: C:\Users\user\Desktop\Setup.exeCode function: 0_2_004056DE GetDlgItem,GetDlgItem,GetDlgItem,GetDlgItem,GetClientRect,GetSystemMetrics,SendMessageW,SendMessageW,SendMessageW,SendMessageW,SendMessageW,SendMessageW,ShowWindow,ShowWindow,GetDlgItem,SendMessageW,SendMessageW,SendMessageW,GetDlgItem,CreateThread,CloseHandle,ShowWindow,ShowWindow,ShowWindow,ShowWindow,SendMessageW,CreatePopupMenu,AppendMenuW,GetWindowRect,TrackPopupMenu,SendMessageW,OpenClipboard,EmptyClipboard,GlobalAlloc,GlobalLock,SendMessageW,GlobalUnlock,SetClipboardData,CloseClipboard,0_2_004056DE
Source: C:\Users\user\PCAppStore\PcAppStore.exeCode function: 12_2_00007FF751AAA0F0 GetSystemMetrics,GetAsyncKeyState,GetPhysicalCursorPos,WindowFromPoint,GetWindowThreadProcessId,WaitForMultipleObjects,12_2_00007FF751AAA0F0
Source: C:\Users\user\Desktop\Setup.exeCode function: 0_2_0040352D EntryPoint,SetErrorMode,GetVersionExW,GetVersionExW,GetVersionExW,lstrlenA,#17,OleInitialize,SHGetFileInfoW,GetCommandLineW,CharNextW,GetTempPathW,GetTempPathW,GetWindowsDirectoryW,lstrcatW,GetTempPathW,lstrcatW,SetEnvironmentVariableW,SetEnvironmentVariableW,SetEnvironmentVariableW,DeleteFileW,lstrcatW,lstrcatW,lstrcatW,lstrcmpiW,SetCurrentDirectoryW,DeleteFileW,CopyFileW,CloseHandle,ExitProcess,CoUninitialize,ExitProcess,GetCurrentProcess,OpenProcessToken,LookupPrivilegeValueW,AdjustTokenPrivileges,ExitWindowsEx,ExitProcess,0_2_0040352D
Source: C:\Users\user\AppData\Local\Temp\nsr7B99.tmpCode function: 11_2_00403640 EntryPoint,SetErrorMode,GetVersionExW,GetVersionExW,GetVersionExW,lstrlenA,#17,OleInitialize,SHGetFileInfoW,GetCommandLineW,CharNextW,GetTempPathW,GetTempPathW,GetWindowsDirectoryW,lstrcatW,GetTempPathW,lstrcatW,SetEnvironmentVariableW,SetEnvironmentVariableW,SetEnvironmentVariableW,DeleteFileW,lstrcatW,lstrcatW,lstrcatW,lstrcmpiW,SetCurrentDirectoryW,DeleteFileW,CopyFileW,CloseHandle,OleUninitialize,ExitProcess,GetCurrentProcess,OpenProcessToken,LookupPrivilegeValueW,AdjustTokenPrivileges,ExitWindowsEx,ExitProcess,11_2_00403640
Source: C:\Users\user\Desktop\Setup.exeCode function: 0_2_0040755C0_2_0040755C
Source: C:\Users\user\Desktop\Setup.exeCode function: 0_2_00406D850_2_00406D85
Source: C:\Users\user\AppData\Local\Temp\nsr7B99.tmpCode function: 11_2_00406D5F11_2_00406D5F
Source: C:\Users\user\AppData\Local\Temp\nsr7B99.tmpCode function: 11_2_6EFE1BFF11_2_6EFE1BFF
Source: C:\Users\user\AppData\Local\Temp\nsr7B99.tmpCode function: 11_2_6EFF1BBA11_2_6EFF1BBA
Source: C:\Users\user\AppData\Local\Temp\nsr7B99.tmpCode function: 11_2_6EFFB75711_2_6EFFB757
Source: C:\Users\user\AppData\Local\Temp\nsr7B99.tmpCode function: 11_2_6FB5332C11_2_6FB5332C
Source: C:\Users\user\PCAppStore\PcAppStore.exeCode function: 12_2_00007FF751C03F8012_2_00007FF751C03F80
Source: C:\Users\user\PCAppStore\PcAppStore.exeCode function: 12_2_00007FF751C2D22412_2_00007FF751C2D224
Source: C:\Users\user\PCAppStore\PcAppStore.exeCode function: 12_2_00007FF751C5868412_2_00007FF751C58684
Source: C:\Users\user\PCAppStore\PcAppStore.exeCode function: 12_2_00007FF751C6A60C12_2_00007FF751C6A60C
Source: C:\Users\user\PCAppStore\PcAppStore.exeCode function: 12_2_00007FF751A98F4012_2_00007FF751A98F40
Source: C:\Users\user\PCAppStore\Watchdog.exeCode function: 13_2_00007FF74EE0280C13_2_00007FF74EE0280C
Source: C:\Users\user\PCAppStore\Watchdog.exeCode function: 13_2_00007FF74EDFC77413_2_00007FF74EDFC774
Source: C:\Users\user\PCAppStore\Watchdog.exeCode function: 13_2_00007FF74EDFD8F813_2_00007FF74EDFD8F8
Source: C:\Users\user\PCAppStore\Watchdog.exeCode function: 13_2_00007FF74EDF909813_2_00007FF74EDF9098
Source: C:\Users\user\PCAppStore\Watchdog.exeCode function: 13_2_00007FF74EDFDD8C13_2_00007FF74EDFDD8C
Source: C:\Users\user\PCAppStore\Watchdog.exeCode function: 13_2_00007FF74EDF170413_2_00007FF74EDF1704
Source: C:\Users\user\PCAppStore\Watchdog.exeCode function: 13_2_00007FF74EDF9ED013_2_00007FF74EDF9ED0
Source: C:\Users\user\PCAppStore\Watchdog.exeCode function: 13_2_00007FF74EDF8E8C13_2_00007FF74EDF8E8C
Source: C:\Users\user\PCAppStore\Watchdog.exeCode function: 13_2_00007FF74EDFE40C13_2_00007FF74EDFE40C
Source: C:\Users\user\PCAppStore\Watchdog.exeCode function: 13_2_00007FF74EE0237013_2_00007FF74EE02370
Source: C:\Users\user\PCAppStore\Watchdog.exeCode function: 13_2_00007FF74EDEED0013_2_00007FF74EDEED00
Source: C:\Users\user\PCAppStore\Watchdog.exeCode function: 13_2_00007FF74EDF8C8013_2_00007FF74EDF8C80
Source: C:\Users\user\PCAppStore\Watchdog.exeCode function: 13_2_00007FF74EE002E013_2_00007FF74EE002E0
Source: C:\Users\user\PCAppStore\Watchdog.exeCode function: 13_2_00007FF74EE06A6813_2_00007FF74EE06A68
Source: C:\Users\user\PCAppStore\PcAppStore.exeCode function: String function: 00007FF751A61730 appears 98 times
Source: C:\Users\user\PCAppStore\PcAppStore.exeCode function: String function: 00007FF751A620A0 appears 611 times
Source: C:\Users\user\PCAppStore\PcAppStore.exeCode function: String function: 00007FF751A7FD00 appears 58 times
Source: libGLESv2.dll.11.drStatic PE information: Number of sections : 12 > 10
Source: notification_helper.exe.11.drStatic PE information: Number of sections : 13 > 10
Source: ffmpeg.dll.11.drStatic PE information: Number of sections : 11 > 10
Source: nw.dll.11.drStatic PE information: Number of sections : 15 > 10
Source: NW_store.exe.11.drStatic PE information: Number of sections : 13 > 10
Source: nw_elf.dll.11.drStatic PE information: Number of sections : 14 > 10
Source: libEGL.dll.11.drStatic PE information: Number of sections : 12 > 10
Source: vk_swiftshader.dll.11.drStatic PE information: Number of sections : 11 > 10
Source: node.dll.11.drStatic PE information: Number of sections : 11 > 10
Source: vulkan-1.dll.11.drStatic PE information: Number of sections : 11 > 10
Source: Setup.exe, 00000000.00000002.2581156480.000000000040A000.00000004.00000001.01000000.00000003.sdmpBinary or memory string: OriginalFilenameinetc.dllF vs Setup.exe
Source: Setup.exeStatic PE information: RELOCS_STRIPPED, EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, LOCAL_SYMS_STRIPPED, 32BIT_MACHINE
Source: classification engineClassification label: mal42.evad.winEXE@26/249@33/19
Source: C:\Users\user\PCAppStore\PcAppStore.exeCode function: 12_2_00007FF751A75290 GetLastError,FormatMessageW,12_2_00007FF751A75290
Source: C:\Users\user\Desktop\Setup.exeCode function: 0_2_0040352D EntryPoint,SetErrorMode,GetVersionExW,GetVersionExW,GetVersionExW,lstrlenA,#17,OleInitialize,SHGetFileInfoW,GetCommandLineW,CharNextW,GetTempPathW,GetTempPathW,GetWindowsDirectoryW,lstrcatW,GetTempPathW,lstrcatW,SetEnvironmentVariableW,SetEnvironmentVariableW,SetEnvironmentVariableW,DeleteFileW,lstrcatW,lstrcatW,lstrcatW,lstrcmpiW,SetCurrentDirectoryW,DeleteFileW,CopyFileW,CloseHandle,ExitProcess,CoUninitialize,ExitProcess,GetCurrentProcess,OpenProcessToken,LookupPrivilegeValueW,AdjustTokenPrivileges,ExitWindowsEx,ExitProcess,0_2_0040352D
Source: C:\Users\user\AppData\Local\Temp\nsr7B99.tmpCode function: 11_2_00403640 EntryPoint,SetErrorMode,GetVersionExW,GetVersionExW,GetVersionExW,lstrlenA,#17,OleInitialize,SHGetFileInfoW,GetCommandLineW,CharNextW,GetTempPathW,GetTempPathW,GetWindowsDirectoryW,lstrcatW,GetTempPathW,lstrcatW,SetEnvironmentVariableW,SetEnvironmentVariableW,SetEnvironmentVariableW,DeleteFileW,lstrcatW,lstrcatW,lstrcatW,lstrcmpiW,SetCurrentDirectoryW,DeleteFileW,CopyFileW,CloseHandle,OleUninitialize,ExitProcess,GetCurrentProcess,OpenProcessToken,LookupPrivilegeValueW,AdjustTokenPrivileges,ExitWindowsEx,ExitProcess,11_2_00403640
Source: C:\Users\user\Desktop\Setup.exeCode function: 0_2_0040498A GetDlgItem,SetWindowTextW,SHBrowseForFolderW,CoTaskMemFree,lstrcmpiW,lstrcatW,SetDlgItemTextW,GetDiskFreeSpaceW,MulDiv,SetDlgItemTextW,0_2_0040498A
Source: C:\Users\user\PCAppStore\Watchdog.exeCode function: 13_2_00007FF74EDEDB40 CreateToolhelp32Snapshot,Process32FirstW,CloseHandle,Concurrency::details::WorkQueue::IsStructuredEmpty,CloseHandle,Process32NextW,CloseHandle,13_2_00007FF74EDEDB40
Source: C:\Users\user\Desktop\Setup.exeCode function: 0_2_004021AA CoCreateInstance,0_2_004021AA
Source: C:\Users\user\PCAppStore\PcAppStore.exeCode function: 12_2_00007FF751B0D960 FindResourceW,LoadResource,LockResource,SizeofResource,GlobalAlloc,GlobalLock,GlobalUnlock,CreateStreamOnHGlobal,GetLastError,12_2_00007FF751B0D960
Source: C:\Users\user\AppData\Local\Temp\nsr7B99.tmpFile created: C:\Users\user\PCAppStoreJump to behavior
Source: C:\Users\user\Desktop\Setup.exeFile created: C:\Users\user\AppData\Local\Temp\nse5AA2.tmpJump to behavior
Source: Setup.exeStatic PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
Source: C:\Users\user\Desktop\Setup.exeWMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : Select Name from Win32_Processor
Source: C:\Users\user\Desktop\Setup.exeWMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : Select MaxClockSpeed from Win32_Processor
Source: C:\Users\user\Desktop\Setup.exeWMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : Select NumberOfCores from Win32_Processor
Source: C:\Users\user\Desktop\Setup.exeWMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : Select NumberOfLogicalProcessors from Win32_Processor
Source: C:\Users\user\AppData\Local\Temp\nsr7B99.tmpWMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : Select Name from Win32_Processor
Source: C:\Users\user\AppData\Local\Temp\nsr7B99.tmpWMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : Select MaxClockSpeed from Win32_Processor
Source: C:\Users\user\AppData\Local\Temp\nsr7B99.tmpWMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : Select NumberOfCores from Win32_Processor
Source: C:\Users\user\AppData\Local\Temp\nsr7B99.tmpWMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : Select NumberOfLogicalProcessors from Win32_Processor
Source: C:\Users\user\Desktop\Setup.exeFile read: C:\Users\desktop.iniJump to behavior
Source: C:\Users\user\Desktop\Setup.exeKey opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiersJump to behavior
Source: nsr7B99.tmp, 0000000B.00000002.3118453750.0000000002C2B000.00000004.00000020.00020000.00000000.sdmp, PcAppStore.exe, 0000000C.00000002.3061264071.00007FF751CDB000.00000008.00000001.01000000.00000014.sdmp, PcAppStore.exe, 0000000C.00000000.2963833027.00007FF751CDA000.00000008.00000001.01000000.00000014.sdmpBinary or memory string: SELECT sql FROM%d UNION ALL SELECT shell_add_schema(sql,mainNULL,name) AS sql, type, tbl_name, name, rowid, AS snum, AS sname FROM .sqlite_schema UNION ALL SELECT shell_module_schema(name), 'table', name, name, name, 9e+99, 'main' FROM pragma_module_list) WHERE %Qlower(printf('%s.%s',sname,tbl_name))lower(tbl_name) GLOB LIKE ESCAPE '\' AND name NOT LIKE 'sqlite_%%' AND sql IS NOT NULL ORDER BY snum, rowidSQL: %s;
Source: nsr7B99.tmp, 0000000B.00000002.3118453750.0000000002C2B000.00000004.00000020.00020000.00000000.sdmp, PcAppStore.exe, 0000000C.00000002.3061264071.00007FF751CDB000.00000008.00000001.01000000.00000014.sdmp, PcAppStore.exe, 0000000C.00000000.2963833027.00007FF751CDA000.00000008.00000001.01000000.00000014.sdmpBinary or memory string: INSERT INTO sqlite_schema(type,name,tbl_name,rootpage,sql)VALUES('table','%q','%q',0,'%q');%s
Source: nsr7B99.tmp, 0000000B.00000002.3118453750.0000000002C2B000.00000004.00000020.00020000.00000000.sdmp, PcAppStore.exe, 0000000C.00000002.3061264071.00007FF751CDB000.00000008.00000001.01000000.00000014.sdmp, PcAppStore.exe, 0000000C.00000000.2963833027.00007FF751CDA000.00000008.00000001.01000000.00000014.sdmpBinary or memory string: UPDATE %Q.sqlite_master SET tbl_name = %Q, name = CASE WHEN type='table' THEN %Q WHEN name LIKE 'sqliteX_autoindex%%' ESCAPE 'X' AND type='index' THEN 'sqlite_autoindex_' || %Q || substr(name,%d+18) ELSE name END WHERE tbl_name=%Q COLLATE nocase AND (type='table' OR type='index' OR type='trigger');
Source: nsr7B99.tmp, 0000000B.00000002.3118453750.0000000002C2B000.00000004.00000020.00020000.00000000.sdmp, PcAppStore.exe, 0000000C.00000002.3061264071.00007FF751CDB000.00000008.00000001.01000000.00000014.sdmp, PcAppStore.exe, 0000000C.00000000.2963833027.00007FF751CDA000.00000008.00000001.01000000.00000014.sdmpBinary or memory string: SELECT max(length(key)) FROM temp.sqlite_parameters;
Source: nsr7B99.tmp, 0000000B.00000002.3118453750.0000000002C2B000.00000004.00000020.00020000.00000000.sdmp, PcAppStore.exe, 0000000C.00000002.3061264071.00007FF751CDB000.00000008.00000001.01000000.00000014.sdmp, PcAppStore.exe, 0000000C.00000000.2963833027.00007FF751CDA000.00000008.00000001.01000000.00000014.sdmpBinary or memory string: CREATE TABLE ColNames( cpos INTEGER PRIMARY KEY, name TEXT, nlen INT, chop INT, reps INT, suff TEXT);CREATE VIEW RepeatedNames AS SELECT DISTINCT t.name FROM ColNames t WHERE t.name COLLATE NOCASE IN ( SELECT o.name FROM ColNames o WHERE o.cpos<>t.cpos);
Source: nsr7B99.tmp, 0000000B.00000002.3118453750.0000000002C2B000.00000004.00000020.00020000.00000000.sdmp, PcAppStore.exe, 0000000C.00000002.3061264071.00007FF751CDB000.00000008.00000001.01000000.00000014.sdmp, PcAppStore.exe, 0000000C.00000000.2963833027.00007FF751CDA000.00000008.00000001.01000000.00000014.sdmpBinary or memory string: SELECT type,name,tbl_name,sql FROM sqlite_schema ORDER BY name;
Source: nsr7B99.tmp, 0000000B.00000002.3118453750.0000000002C2B000.00000004.00000020.00020000.00000000.sdmp, PcAppStore.exe, 0000000C.00000002.3061264071.00007FF751CDB000.00000008.00000001.01000000.00000014.sdmp, PcAppStore.exe, 0000000C.00000000.2963833027.00007FF751CDA000.00000008.00000001.01000000.00000014.sdmpBinary or memory string: SELECT key, quote(value) FROM temp.sqlite_parameters;
Source: nsr7B99.tmp, 0000000B.00000002.3118453750.0000000002C2B000.00000004.00000020.00020000.00000000.sdmp, PcAppStore.exe, 0000000C.00000002.3061264071.00007FF751CDB000.00000008.00000001.01000000.00000014.sdmp, PcAppStore.exe, 0000000C.00000000.2963833027.00007FF751CDA000.00000008.00000001.01000000.00000014.sdmpBinary or memory string: SELECT 'CREATE TEMP' || substr(sql, 7) FROM sqlite_schema WHERE tbl_name = %Q AND type IN ('table', 'trigger') ORDER BY type;
Source: nsr7B99.tmp, 0000000B.00000002.3118453750.0000000002C2B000.00000004.00000020.00020000.00000000.sdmp, PcAppStore.exe, 0000000C.00000002.3061264071.00007FF751CDB000.00000008.00000001.01000000.00000014.sdmp, PcAppStore.exe, 0000000C.00000000.2963833027.00007FF751CDA000.00000008.00000001.01000000.00000014.sdmpBinary or memory string: INSERT INTO selftest(tno,op,cmd,ans) SELECT rowid*10,op,cmd,ans FROM [_shell$self];
Source: nsr7B99.tmp, 0000000B.00000002.3118453750.0000000002C2B000.00000004.00000020.00020000.00000000.sdmp, PcAppStore.exe, 0000000C.00000002.3061264071.00007FF751CDB000.00000008.00000001.01000000.00000014.sdmp, PcAppStore.exe, 0000000C.00000000.2963833027.00007FF751CDA000.00000008.00000001.01000000.00000014.sdmpBinary or memory string: SELECT * FROM "%w" ORDER BY rowid DESC;Warning: cannot step "%s" backwardsSELECT name, sql FROM sqlite_schema WHERE %sError: (%d) %s on [%s]
Source: nsr7B99.tmp, 0000000B.00000002.3118453750.0000000002C2B000.00000004.00000020.00020000.00000000.sdmp, PcAppStore.exe, 0000000C.00000002.3061264071.00007FF751CDB000.00000008.00000001.01000000.00000014.sdmp, PcAppStore.exe, 0000000C.00000000.2963833027.00007FF751CDA000.00000008.00000001.01000000.00000014.sdmpBinary or memory string: INSERT INTO sqlite_schema(type,name,tbl_name,rootpage,sql)VALUES('table','%q','%q',0,'%q');
Source: nsr7B99.tmp, 0000000B.00000002.3118453750.0000000002C2B000.00000004.00000020.00020000.00000000.sdmp, PcAppStore.exe, 0000000C.00000002.3061264071.00007FF751CDB000.00000008.00000001.01000000.00000014.sdmp, PcAppStore.exe, 0000000C.00000000.2963833027.00007FF751CDA000.00000008.00000001.01000000.00000014.sdmpBinary or memory string: INSERT INTO %Q.sqlite_master VALUES('index',%Q,%Q,#%d,%Q);
Source: nsr7B99.tmp, 0000000B.00000002.3118453750.0000000002C2B000.00000004.00000020.00020000.00000000.sdmp, PcAppStore.exe, 0000000C.00000002.3061264071.00007FF751CDB000.00000008.00000001.01000000.00000014.sdmp, PcAppStore.exe, 0000000C.00000000.2963833027.00007FF751CDA000.00000008.00000001.01000000.00000014.sdmpBinary or memory string: SELECT * FROM "%w" ORDER BY rowid DESC;
Source: nsr7B99.tmp, 0000000B.00000002.3118453750.0000000002C2B000.00000004.00000020.00020000.00000000.sdmp, PcAppStore.exe, 0000000C.00000002.3061264071.00007FF751CDB000.00000008.00000001.01000000.00000014.sdmp, PcAppStore.exe, 0000000C.00000000.2963833027.00007FF751CDA000.00000008.00000001.01000000.00000014.sdmpBinary or memory string: SELECT tbl,idx,stat FROM sqlite_stat1 ORDER BY tbl,idx;
Source: nsr7B99.tmp, 0000000B.00000002.3118453750.0000000002C2B000.00000004.00000020.00020000.00000000.sdmp, PcAppStore.exe, 0000000C.00000002.3061264071.00007FF751CDB000.00000008.00000001.01000000.00000014.sdmp, PcAppStore.exe, 0000000C.00000000.2963833027.00007FF751CDA000.00000008.00000001.01000000.00000014.sdmpBinary or memory string: SELECT 'EXPLAIN QUERY PLAN SELECT 1 FROM ' || quote(s.name) || ' WHERE ' || group_concat(quote(s.name) || '.' || quote(f.[from]) || '=?' || fkey_collate_clause( f.[table], COALESCE(f.[to], p.[name]), s.name, f.[from]),' AND '), 'SEARCH ' || s.name || ' USING COVERING INDEX*(' || group_concat('*=?', ' AND ') || ')', s.name || '(' || group_concat(f.[from], ', ') || ')', f.[table] || '(' || group_concat(COALESCE(f.[to], p.[name])) || ')', 'CREATE INDEX ' || quote(s.name ||'_'|| group_concat(f.[from], '_')) || ' ON ' || quote(s.name) || '(' || group_concat(quote(f.[from]) || fkey_collate_clause( f.[table], COALESCE(f.[to], p.[name]), s.name, f.[from]), ', ') || ');', f.[table] FROM sqlite_schema AS s, pragma_foreign_key_list(s.name) AS f LEFT JOIN pragma_table_info AS p ON (pk-1=seq AND p.arg=f.[table]) GROUP BY s.name, f.id ORDER BY (CASE WHEN ? THEN f.[table] ELSE s.name END)
Source: nsr7B99.tmp, 0000000B.00000002.3118453750.0000000002C2B000.00000004.00000020.00020000.00000000.sdmp, PcAppStore.exe, 0000000C.00000002.3061264071.00007FF751CDB000.00000008.00000001.01000000.00000014.sdmp, PcAppStore.exe, 0000000C.00000000.2963833027.00007FF751CDA000.00000008.00000001.01000000.00000014.sdmpBinary or memory string: SELECT 'CREATE TEMP' || substr(sql, 7) FROM sqlite_schema WHERE tbl_name = %Q AND type IN ('table', 'trigger') ORDER BY type;ALTER TABLE temp.%Q RENAME TO %QINSERT INTO %Q VALUES(, %s?)UPDATE %Q SET , %s%Q=?DELETE FROM %QSELECT type, name, sql, 1 FROM sqlite_schema WHERE type IN ('table','view') AND name NOT LIKE 'sqlite_%%' UNION ALL SELECT type, name, sql, 2 FROM sqlite_schema WHERE type = 'trigger' AND tbl_name IN(SELECT name FROM sqlite_schema WHERE type = 'view') ORDER BY 4, 1CREATE TABLE x(, %s%Q COLLATE %s)CREATE VIRTUAL TABLE %Q USING expert(%Q)SELECT max(i.seqno) FROM sqlite_schema AS s, pragma_index_list(s.name) AS l, pragma_index_info(l.name) AS i WHERE s.type = 'table', %sx.%Q IS rem(%d, x.%Q) COLLATE %s%s%dSELECT %s FROM %Q x ORDER BY %sSELECT %s FROM temp.t592690916721053953805701627921227776 x ORDER BY %s%d %dDROP TABLE IF EXISTS temp.t592690916721053953805701627921227776CREATE TABLE temp.t592690916721053953805701627921227776 AS SELECT * FROM %QSELECT s.rowid, s.name, l.name FROM sqlite_schema AS s, pragma_index_list(s.name) AS l WHERE s.type = 'table'SELECT name, coll FROM pragma_index_xinfo(?) WHERE keyINSERT INTO sqlite_stat1 VALUES(?, ?, ?)ANALYZE; PRAGMA writable_schema=1remsampleDROP TABLE IF EXISTS temp.t592690916721053953805701627921227776ANALYZE sqlite_schemaDROP TABLE IF EXISTS temp.t592690916721053953805701627921227776:memory::memory:SELECT sql FROM sqlite_schema WHERE name NOT LIKE 'sqlite_%%' AND sql NOT LIKE 'CREATE VIRTUAL %%'Cannot find a unique index name to propose. -- stat1: %s;%s%s
Source: nsr7B99.tmp, 0000000B.00000002.3118453750.0000000002C2B000.00000004.00000020.00020000.00000000.sdmp, PcAppStore.exe, 0000000C.00000002.3061264071.00007FF751CDB000.00000008.00000001.01000000.00000014.sdmp, PcAppStore.exe, 0000000C.00000000.2963833027.00007FF751CDA000.00000008.00000001.01000000.00000014.sdmpBinary or memory string: INSERT OR IGNORE INTO "%s" VALUES(?,?);Error %d: %s on [%s]
Source: nsr7B99.tmp, 0000000B.00000002.3118453750.0000000002C2B000.00000004.00000020.00020000.00000000.sdmp, PcAppStore.exe, 0000000C.00000002.3061264071.00007FF751CDB000.00000008.00000001.01000000.00000014.sdmp, PcAppStore.exe, 0000000C.00000000.2963833027.00007FF751CDA000.00000008.00000001.01000000.00000014.sdmpBinary or memory string: SELECT name,seq FROM sqlite_sequence ORDER BY name;
Source: C:\Users\user\Desktop\Setup.exeFile read: C:\Users\user\Desktop\Setup.exeJump to behavior
Source: unknownProcess created: C:\Users\user\Desktop\Setup.exe "C:\Users\user\Desktop\Setup.exe"
Source: C:\Users\user\Desktop\Setup.exeProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized --single-argument https://pcapp.store/installing.php?guid=71434D56-1548-ED3D-AEE6-C75AECD93BF0&winver=19045&version=fa.1091x&nocache=20241004100016.659&_fcid=1728048003008516
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2072 --field-trial-handle=1976,i,400288646878977216,18295332373340912217,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=5280 --field-trial-handle=1976,i,400288646878977216,18295332373340912217,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5460 --field-trial-handle=1976,i,400288646878977216,18295332373340912217,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
Source: C:\Users\user\Desktop\Setup.exeProcess created: C:\Users\user\AppData\Local\Temp\nsr7B99.tmp "C:\Users\user\AppData\Local\Temp\nsr7B99.tmp" /internal 1728048003008516 /force
Source: C:\Users\user\AppData\Local\Temp\nsr7B99.tmpProcess created: C:\Users\user\PCAppStore\PcAppStore.exe "C:\Users\user\PCAppStore\PcAppStore.exe" /init default
Source: C:\Users\user\AppData\Local\Temp\nsr7B99.tmpProcess created: C:\Users\user\PCAppStore\Watchdog.exe "C:\Users\user\PCAppStore\Watchdog.exe" /guid=71434D56-1548-ED3D-AEE6-C75AECD93BF0 /rid=20241004100207.8525974062 /ver=fa.1091x
Source: C:\Users\user\Desktop\Setup.exeProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized --single-argument https://pcapp.store/installing.php?guid=71434D56-1548-ED3D-AEE6-C75AECD93BF0&winver=19045&version=fa.1091x&nocache=20241004100016.659&_fcid=1728048003008516Jump to behavior
Source: C:\Users\user\Desktop\Setup.exeProcess created: C:\Users\user\AppData\Local\Temp\nsr7B99.tmp "C:\Users\user\AppData\Local\Temp\nsr7B99.tmp" /internal 1728048003008516 /forceJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2072 --field-trial-handle=1976,i,400288646878977216,18295332373340912217,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=5280 --field-trial-handle=1976,i,400288646878977216,18295332373340912217,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=5280 --field-trial-handle=1976,i,400288646878977216,18295332373340912217,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5460 --field-trial-handle=1976,i,400288646878977216,18295332373340912217,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\nsr7B99.tmpProcess created: C:\Users\user\PCAppStore\PcAppStore.exe "C:\Users\user\PCAppStore\PcAppStore.exe" /init default Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\nsr7B99.tmpProcess created: C:\Users\user\PCAppStore\Watchdog.exe "C:\Users\user\PCAppStore\Watchdog.exe" /guid=71434D56-1548-ED3D-AEE6-C75AECD93BF0 /rid=20241004100207.8525974062 /ver=fa.1091xJump to behavior
Source: C:\Users\user\Desktop\Setup.exeSection loaded: apphelp.dllJump to behavior
Source: C:\Users\user\Desktop\Setup.exeSection loaded: acgenral.dllJump to behavior
Source: C:\Users\user\Desktop\Setup.exeSection loaded: uxtheme.dllJump to behavior
Source: C:\Users\user\Desktop\Setup.exeSection loaded: winmm.dllJump to behavior
Source: C:\Users\user\Desktop\Setup.exeSection loaded: samcli.dllJump to behavior
Source: C:\Users\user\Desktop\Setup.exeSection loaded: msacm32.dllJump to behavior
Source: C:\Users\user\Desktop\Setup.exeSection loaded: version.dllJump to behavior
Source: C:\Users\user\Desktop\Setup.exeSection loaded: userenv.dllJump to behavior
Source: C:\Users\user\Desktop\Setup.exeSection loaded: dwmapi.dllJump to behavior
Source: C:\Users\user\Desktop\Setup.exeSection loaded: urlmon.dllJump to behavior
Source: C:\Users\user\Desktop\Setup.exeSection loaded: mpr.dllJump to behavior
Source: C:\Users\user\Desktop\Setup.exeSection loaded: sspicli.dllJump to behavior
Source: C:\Users\user\Desktop\Setup.exeSection loaded: winmmbase.dllJump to behavior
Source: C:\Users\user\Desktop\Setup.exeSection loaded: winmmbase.dllJump to behavior
Source: C:\Users\user\Desktop\Setup.exeSection loaded: iertutil.dllJump to behavior
Source: C:\Users\user\Desktop\Setup.exeSection loaded: srvcli.dllJump to behavior
Source: C:\Users\user\Desktop\Setup.exeSection loaded: netutils.dllJump to behavior
Source: C:\Users\user\Desktop\Setup.exeSection loaded: propsys.dllJump to behavior
Source: C:\Users\user\Desktop\Setup.exeSection loaded: cryptbase.dllJump to behavior
Source: C:\Users\user\Desktop\Setup.exeSection loaded: oleacc.dllJump to behavior
Source: C:\Users\user\Desktop\Setup.exeSection loaded: ntmarta.dllJump to behavior
Source: C:\Users\user\Desktop\Setup.exeSection loaded: shfolder.dllJump to behavior
Source: C:\Users\user\Desktop\Setup.exeSection loaded: kernel.appcore.dllJump to behavior
Source: C:\Users\user\Desktop\Setup.exeSection loaded: windows.storage.dllJump to behavior
Source: C:\Users\user\Desktop\Setup.exeSection loaded: wldp.dllJump to behavior
Source: C:\Users\user\Desktop\Setup.exeSection loaded: profapi.dllJump to behavior
Source: C:\Users\user\Desktop\Setup.exeSection loaded: wbemcomn.dllJump to behavior
Source: C:\Users\user\Desktop\Setup.exeSection loaded: amsi.dllJump to behavior
Source: C:\Users\user\Desktop\Setup.exeSection loaded: wininet.dllJump to behavior
Source: C:\Users\user\Desktop\Setup.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
Source: C:\Users\user\Desktop\Setup.exeSection loaded: winhttp.dllJump to behavior
Source: C:\Users\user\Desktop\Setup.exeSection loaded: mswsock.dllJump to behavior
Source: C:\Users\user\Desktop\Setup.exeSection loaded: iphlpapi.dllJump to behavior
Source: C:\Users\user\Desktop\Setup.exeSection loaded: winnsi.dllJump to behavior
Source: C:\Users\user\Desktop\Setup.exeSection loaded: dnsapi.dllJump to behavior
Source: C:\Users\user\Desktop\Setup.exeSection loaded: rasadhlp.dllJump to behavior
Source: C:\Users\user\Desktop\Setup.exeSection loaded: fwpuclnt.dllJump to behavior
Source: C:\Users\user\Desktop\Setup.exeSection loaded: schannel.dllJump to behavior
Source: C:\Users\user\Desktop\Setup.exeSection loaded: mskeyprotect.dllJump to behavior
Source: C:\Users\user\Desktop\Setup.exeSection loaded: ntasn1.dllJump to behavior
Source: C:\Users\user\Desktop\Setup.exeSection loaded: msasn1.dllJump to behavior
Source: C:\Users\user\Desktop\Setup.exeSection loaded: dpapi.dllJump to behavior
Source: C:\Users\user\Desktop\Setup.exeSection loaded: cryptsp.dllJump to behavior
Source: C:\Users\user\Desktop\Setup.exeSection loaded: rsaenh.dllJump to behavior
Source: C:\Users\user\Desktop\Setup.exeSection loaded: gpapi.dllJump to behavior
Source: C:\Users\user\Desktop\Setup.exeSection loaded: ncrypt.dllJump to behavior
Source: C:\Users\user\Desktop\Setup.exeSection loaded: ncryptsslp.dllJump to behavior
Source: C:\Users\user\Desktop\Setup.exeSection loaded: riched20.dllJump to behavior
Source: C:\Users\user\Desktop\Setup.exeSection loaded: usp10.dllJump to behavior
Source: C:\Users\user\Desktop\Setup.exeSection loaded: msls31.dllJump to behavior
Source: C:\Users\user\Desktop\Setup.exeSection loaded: textinputframework.dllJump to behavior
Source: C:\Users\user\Desktop\Setup.exeSection loaded: coreuicomponents.dllJump to behavior
Source: C:\Users\user\Desktop\Setup.exeSection loaded: coremessaging.dllJump to behavior
Source: C:\Users\user\Desktop\Setup.exeSection loaded: wintypes.dllJump to behavior
Source: C:\Users\user\Desktop\Setup.exeSection loaded: wintypes.dllJump to behavior
Source: C:\Users\user\Desktop\Setup.exeSection loaded: wintypes.dllJump to behavior
Source: C:\Users\user\Desktop\Setup.exeSection loaded: textshaping.dllJump to behavior
Source: C:\Users\user\Desktop\Setup.exeSection loaded: windows.shell.servicehostbuilder.dllJump to behavior
Source: C:\Users\user\Desktop\Setup.exeSection loaded: onecoreuapcommonproxystub.dllJump to behavior
Source: C:\Users\user\Desktop\Setup.exeSection loaded: ieframe.dllJump to behavior
Source: C:\Users\user\Desktop\Setup.exeSection loaded: netapi32.dllJump to behavior
Source: C:\Users\user\Desktop\Setup.exeSection loaded: wkscli.dllJump to behavior
Source: C:\Users\user\Desktop\Setup.exeSection loaded: windows.staterepositoryps.dllJump to behavior
Source: C:\Users\user\Desktop\Setup.exeSection loaded: edputil.dllJump to behavior
Source: C:\Users\user\Desktop\Setup.exeSection loaded: secur32.dllJump to behavior
Source: C:\Users\user\Desktop\Setup.exeSection loaded: mlang.dllJump to behavior
Source: C:\Users\user\Desktop\Setup.exeSection loaded: policymanager.dllJump to behavior
Source: C:\Users\user\Desktop\Setup.exeSection loaded: msvcp110_win.dllJump to behavior
Source: C:\Users\user\Desktop\Setup.exeSection loaded: onecorecommonproxystub.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\nsr7B99.tmpSection loaded: uxtheme.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\nsr7B99.tmpSection loaded: userenv.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\nsr7B99.tmpSection loaded: apphelp.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\nsr7B99.tmpSection loaded: propsys.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\nsr7B99.tmpSection loaded: dwmapi.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\nsr7B99.tmpSection loaded: cryptbase.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\nsr7B99.tmpSection loaded: oleacc.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\nsr7B99.tmpSection loaded: ntmarta.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\nsr7B99.tmpSection loaded: version.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\nsr7B99.tmpSection loaded: shfolder.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\nsr7B99.tmpSection loaded: kernel.appcore.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\nsr7B99.tmpSection loaded: windows.storage.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\nsr7B99.tmpSection loaded: wldp.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\nsr7B99.tmpSection loaded: profapi.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\nsr7B99.tmpSection loaded: wbemcomn.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\nsr7B99.tmpSection loaded: amsi.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\nsr7B99.tmpSection loaded: wininet.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\nsr7B99.tmpSection loaded: iertutil.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\nsr7B99.tmpSection loaded: sspicli.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\nsr7B99.tmpSection loaded: ondemandconnroutehelper.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\nsr7B99.tmpSection loaded: winhttp.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\nsr7B99.tmpSection loaded: mswsock.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\nsr7B99.tmpSection loaded: iphlpapi.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\nsr7B99.tmpSection loaded: winnsi.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\nsr7B99.tmpSection loaded: dpapi.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\nsr7B99.tmpSection loaded: msasn1.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\nsr7B99.tmpSection loaded: cryptsp.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\nsr7B99.tmpSection loaded: rsaenh.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\nsr7B99.tmpSection loaded: gpapi.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\nsr7B99.tmpSection loaded: urlmon.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\nsr7B99.tmpSection loaded: srvcli.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\nsr7B99.tmpSection loaded: netutils.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\nsr7B99.tmpSection loaded: dnsapi.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\nsr7B99.tmpSection loaded: rasadhlp.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\nsr7B99.tmpSection loaded: fwpuclnt.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\nsr7B99.tmpSection loaded: schannel.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\nsr7B99.tmpSection loaded: mskeyprotect.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\nsr7B99.tmpSection loaded: ntasn1.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\nsr7B99.tmpSection loaded: ncrypt.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\nsr7B99.tmpSection loaded: ncryptsslp.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\nsr7B99.tmpSection loaded: dhcpcsvc.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\nsr7B99.tmpSection loaded: linkinfo.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\nsr7B99.tmpSection loaded: ntshrui.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\nsr7B99.tmpSection loaded: cscapi.dllJump to behavior
Source: C:\Users\user\PCAppStore\PcAppStore.exeSection loaded: apphelp.dllJump to behavior
Source: C:\Users\user\PCAppStore\PcAppStore.exeSection loaded: urlmon.dllJump to behavior
Source: C:\Users\user\PCAppStore\PcAppStore.exeSection loaded: version.dllJump to behavior
Source: C:\Users\user\PCAppStore\PcAppStore.exeSection loaded: iertutil.dllJump to behavior
Source: C:\Users\user\PCAppStore\PcAppStore.exeSection loaded: wlanapi.dllJump to behavior
Source: C:\Users\user\PCAppStore\PcAppStore.exeSection loaded: iphlpapi.dllJump to behavior
Source: C:\Users\user\PCAppStore\PcAppStore.exeSection loaded: srvcli.dllJump to behavior
Source: C:\Users\user\PCAppStore\PcAppStore.exeSection loaded: netutils.dllJump to behavior
Source: C:\Users\user\PCAppStore\PcAppStore.exeSection loaded: winhttp.dllJump to behavior
Source: C:\Users\user\PCAppStore\PcAppStore.exeSection loaded: dwmapi.dllJump to behavior
Source: C:\Users\user\PCAppStore\PcAppStore.exeSection loaded: wtsapi32.dllJump to behavior
Source: C:\Users\user\PCAppStore\PcAppStore.exeSection loaded: profapi.dllJump to behavior
Source: C:\Users\user\PCAppStore\PcAppStore.exeSection loaded: kernel.appcore.dllJump to behavior
Source: C:\Users\user\PCAppStore\PcAppStore.exeSection loaded: wbemcomn.dllJump to behavior
Source: C:\Users\user\PCAppStore\PcAppStore.exeSection loaded: amsi.dllJump to behavior
Source: C:\Users\user\PCAppStore\PcAppStore.exeSection loaded: userenv.dllJump to behavior
Source: C:\Users\user\PCAppStore\PcAppStore.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
Source: C:\Users\user\PCAppStore\PcAppStore.exeSection loaded: webio.dllJump to behavior
Source: C:\Users\user\PCAppStore\PcAppStore.exeSection loaded: mswsock.dllJump to behavior
Source: C:\Users\user\PCAppStore\PcAppStore.exeSection loaded: winnsi.dllJump to behavior
Source: C:\Users\user\PCAppStore\PcAppStore.exeSection loaded: uxtheme.dllJump to behavior
Source: C:\Users\user\PCAppStore\PcAppStore.exeSection loaded: sspicli.dllJump to behavior
Source: C:\Users\user\PCAppStore\PcAppStore.exeSection loaded: wbemcomn.dllJump to behavior
Source: C:\Users\user\PCAppStore\PcAppStore.exeSection loaded: uiautomationcore.dllJump to behavior
Source: C:\Users\user\PCAppStore\PcAppStore.exeSection loaded: propsys.dllJump to behavior
Source: C:\Users\user\PCAppStore\PcAppStore.exeSection loaded: dnsapi.dllJump to behavior
Source: C:\Users\user\PCAppStore\PcAppStore.exeSection loaded: rasadhlp.dllJump to behavior
Source: C:\Users\user\PCAppStore\PcAppStore.exeSection loaded: fwpuclnt.dllJump to behavior
Source: C:\Users\user\PCAppStore\PcAppStore.exeSection loaded: schannel.dllJump to behavior
Source: C:\Users\user\PCAppStore\PcAppStore.exeSection loaded: oleacc.dllJump to behavior
Source: C:\Users\user\PCAppStore\PcAppStore.exeSection loaded: coremessaging.dllJump to behavior
Source: C:\Users\user\PCAppStore\PcAppStore.exeSection loaded: coreuicomponents.dllJump to behavior
Source: C:\Users\user\PCAppStore\PcAppStore.exeSection loaded: ntmarta.dllJump to behavior
Source: C:\Users\user\PCAppStore\PcAppStore.exeSection loaded: wintypes.dllJump to behavior
Source: C:\Users\user\PCAppStore\PcAppStore.exeSection loaded: wintypes.dllJump to behavior
Source: C:\Users\user\PCAppStore\PcAppStore.exeSection loaded: wintypes.dllJump to behavior
Source: C:\Users\user\PCAppStore\PcAppStore.exeSection loaded: uiamanager.dllJump to behavior
Source: C:\Users\user\PCAppStore\PcAppStore.exeSection loaded: mskeyprotect.dllJump to behavior
Source: C:\Users\user\PCAppStore\PcAppStore.exeSection loaded: ntasn1.dllJump to behavior
Source: C:\Users\user\PCAppStore\PcAppStore.exeSection loaded: ncrypt.dllJump to behavior
Source: C:\Users\user\PCAppStore\PcAppStore.exeSection loaded: ncryptsslp.dllJump to behavior
Source: C:\Users\user\PCAppStore\PcAppStore.exeSection loaded: msasn1.dllJump to behavior
Source: C:\Users\user\PCAppStore\PcAppStore.exeSection loaded: cryptsp.dllJump to behavior
Source: C:\Users\user\PCAppStore\PcAppStore.exeSection loaded: rsaenh.dllJump to behavior
Source: C:\Users\user\PCAppStore\PcAppStore.exeSection loaded: cryptbase.dllJump to behavior
Source: C:\Users\user\PCAppStore\PcAppStore.exeSection loaded: gpapi.dllJump to behavior
Source: C:\Users\user\PCAppStore\PcAppStore.exeSection loaded: dpapi.dllJump to behavior
Source: C:\Users\user\PCAppStore\Watchdog.exeSection loaded: apphelp.dllJump to behavior
Source: C:\Users\user\PCAppStore\Watchdog.exeSection loaded: urlmon.dllJump to behavior
Source: C:\Users\user\PCAppStore\Watchdog.exeSection loaded: winhttp.dllJump to behavior
Source: C:\Users\user\PCAppStore\Watchdog.exeSection loaded: iertutil.dllJump to behavior
Source: C:\Users\user\PCAppStore\Watchdog.exeSection loaded: srvcli.dllJump to behavior
Source: C:\Users\user\PCAppStore\Watchdog.exeSection loaded: netutils.dllJump to behavior
Source: C:\Users\user\PCAppStore\Watchdog.exeSection loaded: kernel.appcore.dllJump to behavior
Source: C:\Users\user\PCAppStore\Watchdog.exeSection loaded: windows.storage.dllJump to behavior
Source: C:\Users\user\PCAppStore\Watchdog.exeSection loaded: wldp.dllJump to behavior
Source: C:\Users\user\PCAppStore\Watchdog.exeSection loaded: uxtheme.dllJump to behavior
Source: C:\Users\user\PCAppStore\Watchdog.exeSection loaded: wininet.dllJump to behavior
Source: C:\Users\user\PCAppStore\Watchdog.exeSection loaded: sspicli.dllJump to behavior
Source: C:\Users\user\PCAppStore\Watchdog.exeSection loaded: profapi.dllJump to behavior
Source: C:\Users\user\PCAppStore\Watchdog.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
Source: C:\Users\user\PCAppStore\Watchdog.exeSection loaded: mswsock.dllJump to behavior
Source: C:\Users\user\PCAppStore\Watchdog.exeSection loaded: iphlpapi.dllJump to behavior
Source: C:\Users\user\PCAppStore\Watchdog.exeSection loaded: winnsi.dllJump to behavior
Source: C:\Users\user\PCAppStore\Watchdog.exeSection loaded: dnsapi.dllJump to behavior
Source: C:\Users\user\PCAppStore\Watchdog.exeSection loaded: rasadhlp.dllJump to behavior
Source: C:\Users\user\PCAppStore\Watchdog.exeSection loaded: fwpuclnt.dllJump to behavior
Source: C:\Users\user\PCAppStore\Watchdog.exeSection loaded: schannel.dllJump to behavior
Source: C:\Users\user\PCAppStore\Watchdog.exeSection loaded: mskeyprotect.dllJump to behavior
Source: C:\Users\user\PCAppStore\Watchdog.exeSection loaded: ntasn1.dllJump to behavior
Source: C:\Users\user\PCAppStore\Watchdog.exeSection loaded: msasn1.dllJump to behavior
Source: C:\Users\user\PCAppStore\Watchdog.exeSection loaded: dpapi.dllJump to behavior
Source: C:\Users\user\PCAppStore\Watchdog.exeSection loaded: cryptsp.dllJump to behavior
Source: C:\Users\user\PCAppStore\Watchdog.exeSection loaded: rsaenh.dllJump to behavior
Source: C:\Users\user\PCAppStore\Watchdog.exeSection loaded: cryptbase.dllJump to behavior
Source: C:\Users\user\PCAppStore\Watchdog.exeSection loaded: gpapi.dllJump to behavior
Source: C:\Users\user\PCAppStore\Watchdog.exeSection loaded: ncrypt.dllJump to behavior
Source: C:\Users\user\PCAppStore\Watchdog.exeSection loaded: ncryptsslp.dllJump to behavior
Source: C:\Windows\explorer.exeSection loaded: cdprt.dllJump to behavior
Source: C:\Users\user\Desktop\Setup.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{1f486a52-3cb1-48fd-8f50-b8dc300d9f9d}\InProcServer32Jump to behavior
Source: PC App Store.lnk.11.drLNK file: ..\..\..\..\..\..\PCAppStore\PcAppStore.exe
Source: Window RecorderWindow detected: More than 3 window changes detected
Source: C:\Users\user\AppData\Local\Temp\nsr7B99.tmpRegistry value created: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\PCAppStoreJump to behavior
Source: Setup.exeStatic PE information: certificate valid
Source: Setup.exeStatic PE information: DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE
Source: Binary string: C:\Users\zak\Downloads\Inetc\Unicode\Plugins\inetc.pdb source: Setup.exe, 00000000.00000002.2581156480.000000000040A000.00000004.00000001.01000000.00000003.sdmp
Source: Binary string: C:\Build\Build_1091x_D20240904T085718\fa_rss\AppStoreUpdater\Release\auto_updater.pdb source: nsr7B99.tmp, 0000000B.00000002.3118453750.0000000002C2B000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: C:\Build\Build_1091x_D20240904T085718\fa_rss\Watchdog\x64\Release\Watchdog.pdb source: nsr7B99.tmp, 0000000B.00000002.3118453750.0000000002839000.00000004.00000020.00020000.00000000.sdmp, Watchdog.exe, 0000000D.00000000.2964054733.00007FF74EE0A000.00000002.00000001.01000000.00000015.sdmp, Watchdog.exe, 0000000D.00000002.3062518813.00007FF74EE0A000.00000002.00000001.01000000.00000015.sdmp
Source: Binary string: C:\Build\Build_1091x_D20240904T085718\fa_rss\AppStoreUpdater\Release\auto_updater.pdb1 source: nsr7B99.tmp, 0000000B.00000002.3118453750.0000000002C2B000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: C:\Build\Build_1091x_D20240904T085718\fa_rss\engine\Release\PCAppStore.pdb source: nsr7B99.tmp, 0000000B.00000002.3118453750.0000000002C2B000.00000004.00000020.00020000.00000000.sdmp, PcAppStore.exe, 0000000C.00000002.3060819819.00007FF751C94000.00000002.00000001.01000000.00000014.sdmp, PcAppStore.exe, 0000000C.00000000.2963791742.00007FF751C94000.00000002.00000001.01000000.00000014.sdmp
Source: C:\Users\user\AppData\Local\Temp\nsr7B99.tmpCode function: 11_2_6EFE1BFF GlobalAlloc,lstrcpyW,lstrcpyW,GlobalFree,GlobalFree,GlobalFree,GlobalFree,GlobalFree,GlobalFree,lstrcpyW,GetModuleHandleW,LoadLibraryW,GetProcAddress,lstrlenW,11_2_6EFE1BFF
Source: Setup.exeStatic PE information: real checksum: 0x21921 should be: 0x2bbb6
Source: libGLESv2.dll.11.drStatic PE information: real checksum: 0x0 should be: 0x7b9652
Source: notification_helper.exe.11.drStatic PE information: real checksum: 0x0 should be: 0x11edb8
Source: System.dll.0.drStatic PE information: real checksum: 0x0 should be: 0x3d68
Source: Math.dll.11.drStatic PE information: real checksum: 0x0 should be: 0x155a8
Source: ffmpeg.dll.11.drStatic PE information: real checksum: 0x0 should be: 0x1f8136
Source: nsJSON.dll.0.drStatic PE information: real checksum: 0x0 should be: 0x6718
Source: NW_store.exe.11.drStatic PE information: real checksum: 0x0 should be: 0x23ab08
Source: nw_elf.dll.11.drStatic PE information: real checksum: 0x0 should be: 0x124d11
Source: libEGL.dll.11.drStatic PE information: real checksum: 0x0 should be: 0x7ddc6
Source: inetc.dll.11.drStatic PE information: real checksum: 0x0 should be: 0x13c41
Source: vk_swiftshader.dll.11.drStatic PE information: real checksum: 0x0 should be: 0x44caa7
Source: inetc.dll.0.drStatic PE information: real checksum: 0x0 should be: 0x13c41
Source: nsJSON.dll.11.drStatic PE information: real checksum: 0x0 should be: 0x6718
Source: nsDialogs.dll.0.drStatic PE information: real checksum: 0x0 should be: 0x2f9b
Source: System.dll.11.drStatic PE information: real checksum: 0x0 should be: 0x3d68
Source: vulkan-1.dll.11.drStatic PE information: real checksum: 0x0 should be: 0xe0b14
Source: NW_store.exe.11.drStatic PE information: section name: .gxfg
Source: NW_store.exe.11.drStatic PE information: section name: .retplne
Source: NW_store.exe.11.drStatic PE information: section name: .voltbl
Source: NW_store.exe.11.drStatic PE information: section name: CPADinfo
Source: NW_store.exe.11.drStatic PE information: section name: _RDATA
Source: NW_store.exe.11.drStatic PE information: section name: malloc_h
Source: ffmpeg.dll.11.drStatic PE information: section name: .gxfg
Source: ffmpeg.dll.11.drStatic PE information: section name: .retplne
Source: ffmpeg.dll.11.drStatic PE information: section name: .voltbl
Source: ffmpeg.dll.11.drStatic PE information: section name: _RDATA
Source: libEGL.dll.11.drStatic PE information: section name: .gxfg
Source: libEGL.dll.11.drStatic PE information: section name: .retplne
Source: libEGL.dll.11.drStatic PE information: section name: .voltbl
Source: libEGL.dll.11.drStatic PE information: section name: _RDATA
Source: libEGL.dll.11.drStatic PE information: section name: malloc_h
Source: libGLESv2.dll.11.drStatic PE information: section name: .gxfg
Source: libGLESv2.dll.11.drStatic PE information: section name: .retplne
Source: libGLESv2.dll.11.drStatic PE information: section name: .voltbl
Source: libGLESv2.dll.11.drStatic PE information: section name: _RDATA
Source: libGLESv2.dll.11.drStatic PE information: section name: malloc_h
Source: node.dll.11.drStatic PE information: section name: .gxfg
Source: node.dll.11.drStatic PE information: section name: .retplne
Source: node.dll.11.drStatic PE information: section name: .voltbl
Source: node.dll.11.drStatic PE information: section name: _RDATA
Source: notification_helper.exe.11.drStatic PE information: section name: .gxfg
Source: notification_helper.exe.11.drStatic PE information: section name: .retplne
Source: notification_helper.exe.11.drStatic PE information: section name: .voltbl
Source: notification_helper.exe.11.drStatic PE information: section name: CPADinfo
Source: notification_helper.exe.11.drStatic PE information: section name: _RDATA
Source: notification_helper.exe.11.drStatic PE information: section name: malloc_h
Source: nw.dll.11.drStatic PE information: section name: .gxfg
Source: nw.dll.11.drStatic PE information: section name: .retplne
Source: nw.dll.11.drStatic PE information: section name: .rodata
Source: nw.dll.11.drStatic PE information: section name: .voltbl
Source: nw.dll.11.drStatic PE information: section name: CPADinfo
Source: nw.dll.11.drStatic PE information: section name: LZMADEC
Source: nw.dll.11.drStatic PE information: section name: _RDATA
Source: nw.dll.11.drStatic PE information: section name: malloc_h
Source: nw_elf.dll.11.drStatic PE information: section name: .crthunk
Source: nw_elf.dll.11.drStatic PE information: section name: .gxfg
Source: nw_elf.dll.11.drStatic PE information: section name: .retplne
Source: nw_elf.dll.11.drStatic PE information: section name: .voltbl
Source: nw_elf.dll.11.drStatic PE information: section name: CPADinfo
Source: nw_elf.dll.11.drStatic PE information: section name: _RDATA
Source: nw_elf.dll.11.drStatic PE information: section name: malloc_h
Source: vk_swiftshader.dll.11.drStatic PE information: section name: .gxfg
Source: vk_swiftshader.dll.11.drStatic PE information: section name: .retplne
Source: vk_swiftshader.dll.11.drStatic PE information: section name: .voltbl
Source: vk_swiftshader.dll.11.drStatic PE information: section name: _RDATA
Source: vulkan-1.dll.11.drStatic PE information: section name: .gxfg
Source: vulkan-1.dll.11.drStatic PE information: section name: .retplne
Source: vulkan-1.dll.11.drStatic PE information: section name: .voltbl
Source: vulkan-1.dll.11.drStatic PE information: section name: _RDATA
Source: C:\Users\user\AppData\Local\Temp\nsr7B99.tmpCode function: 11_2_6EFE30C0 push eax; ret 11_2_6EFE30EE
Source: C:\Users\user\AppData\Local\Temp\nsr7B99.tmpCode function: 11_2_6EFF99C0 push eax; ret 11_2_6EFF99EE
Source: C:\Users\user\AppData\Local\Temp\nsr7B99.tmpFile created: C:\Users\user\PCAppStore\Uninstaller.exeJump to dropped file
Source: C:\Users\user\Desktop\Setup.exeFile created: C:\Users\user\AppData\Local\Temp\nst5AB2.tmp\inetc.dllJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\nsr7B99.tmpFile created: C:\Users\user\PCAppStore\nwjs\nw.dllJump to dropped file
Source: C:\Users\user\Desktop\Setup.exeFile created: C:\Users\user\AppData\Local\Temp\nst5AB2.tmp\System.dllJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\nsr7B99.tmpFile created: C:\Users\user\PCAppStore\nwjs\NW_store.exeJump to dropped file
Source: C:\Users\user\Desktop\Setup.exeFile created: C:\Users\user\AppData\Local\Temp\nst5AB2.tmp\nsJSON.dllJump to dropped file
Source: C:\Users\user\Desktop\Setup.exeFile created: C:\Users\user\AppData\Local\Temp\nsr7B99.tmpJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\nsr7B99.tmpFile created: C:\Users\user\PCAppStore\nwjs\ffmpeg.dllJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\nsr7B99.tmpFile created: C:\Users\user\PCAppStore\nwjs\vk_swiftshader.dllJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\nsr7B99.tmpFile created: C:\Users\user\PCAppStore\nwjs\notification_helper.exeJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\nsr7B99.tmpFile created: C:\Users\user\PCAppStore\nwjs\libEGL.dllJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\nsr7B99.tmpFile created: C:\Users\user\AppData\Local\Temp\nsr9111.tmp\Math.dllJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\nsr7B99.tmpFile created: C:\Users\user\PCAppStore\Watchdog.exeJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\nsr7B99.tmpFile created: C:\Users\user\AppData\Local\Temp\nsr9111.tmp\nsJSON.dllJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\nsr7B99.tmpFile created: C:\Users\user\PCAppStore\nwjs\vulkan-1.dllJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\nsr7B99.tmpFile created: C:\Users\user\AppData\Local\Temp\nsr9111.tmp\inetc.dllJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\nsr7B99.tmpFile created: C:\Users\user\PCAppStore\nwjs\node.dllJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\nsr7B99.tmpFile created: C:\Users\user\PCAppStore\nwjs\d3dcompiler_47.dllJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\nsr7B99.tmpFile created: C:\Users\user\PCAppStore\PcAppStore.exeJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\nsr7B99.tmpFile created: C:\Users\user\PCAppStore\AutoUpdater.exeJump to dropped file
Source: C:\Users\user\Desktop\Setup.exeFile created: C:\Users\user\AppData\Local\Temp\nst5AB2.tmp\nsDialogs.dllJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\nsr7B99.tmpFile created: C:\Users\user\PCAppStore\nwjs\nw_elf.dllJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\nsr7B99.tmpFile created: C:\Users\user\AppData\Local\Temp\nsr9111.tmp\System.dllJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\nsr7B99.tmpFile created: C:\Users\user\PCAppStore\nwjs\libGLESv2.dllJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\nsr7B99.tmpFile created: C:\Users\user\PCAppStore\ui\static\js\2.801b9d83.chunk.js.LICENSE.txtJump to behavior
Source: C:\Users\user\AppData\Local\Temp\nsr7B99.tmpFile created: C:\Users\user\PCAppStore\ReadMe.txtJump to behavior

Boot Survival

barindex
Creates multiple autostart registry keys
Source: C:\Users\user\AppData\Local\Temp\nsr7B99.tmpRegistry value created or modified: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run PcAppStoreUpdaterJump to behavior
Source: C:\Users\user\AppData\Local\Temp\nsr7B99.tmpRegistry value created or modified: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run WatchdogJump to behavior
Source: C:\Users\user\AppData\Local\Temp\nsr7B99.tmpRegistry value created or modified: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run PCAppStoreJump to behavior
Source: C:\Users\user\AppData\Local\Temp\nsr7B99.tmpFile created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\PC App Store.lnkJump to behavior
Source: C:\Users\user\AppData\Local\Temp\nsr7B99.tmpRegistry value created or modified: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run PCAppStoreJump to behavior
Source: C:\Users\user\AppData\Local\Temp\nsr7B99.tmpRegistry value created or modified: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run PCAppStoreJump to behavior
Source: C:\Users\user\AppData\Local\Temp\nsr7B99.tmpRegistry value created or modified: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run PcAppStoreUpdaterJump to behavior
Source: C:\Users\user\AppData\Local\Temp\nsr7B99.tmpRegistry value created or modified: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run PcAppStoreUpdaterJump to behavior
Source: C:\Users\user\AppData\Local\Temp\nsr7B99.tmpRegistry value created or modified: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run WatchdogJump to behavior
Source: C:\Users\user\AppData\Local\Temp\nsr7B99.tmpRegistry value created or modified: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run WatchdogJump to behavior
Source: C:\Users\user\Desktop\Setup.exeRegistry key monitored for changes: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\AutoUpdateJump to behavior
Source: C:\Users\user\Desktop\Setup.exeRegistry key monitored for changes: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRootJump to behavior
Source: C:\Users\user\Desktop\Setup.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\Setup.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\Setup.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\Setup.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\Setup.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\Setup.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\Setup.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\Setup.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\Setup.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\Setup.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Local\Temp\nsr7B99.tmpProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Local\Temp\nsr7B99.tmpProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Local\Temp\nsr7B99.tmpProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Local\Temp\nsr7B99.tmpProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Local\Temp\nsr7B99.tmpProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Local\Temp\nsr7B99.tmpProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Local\Temp\nsr7B99.tmpProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Local\Temp\nsr7B99.tmpProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\PCAppStore\PcAppStore.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\explorer.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\explorer.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\explorer.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\explorer.exeProcess information set: NOOPENFILEERRORBOXJump to behavior

Malware Analysis System Evasion

barindex
Queries sensitive disk information (via WMI, Win32_DiskDrive, often done to detect virtual machines)
Source: C:\Users\user\Desktop\Setup.exeWMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : Select Caption from Win32_DiskDrive
Source: C:\Users\user\Desktop\Setup.exeWMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : Select Size from Win32_DiskDrive
Source: C:\Users\user\AppData\Local\Temp\nsr7B99.tmpWMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : Select Caption from Win32_DiskDrive
Source: C:\Users\user\AppData\Local\Temp\nsr7B99.tmpWMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : Select Size from Win32_DiskDrive
Source: C:\Users\user\PCAppStore\Watchdog.exeThread delayed: delay time: 300000Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\nsr7B99.tmpDropped PE file which has not been started: C:\Users\user\PCAppStore\Uninstaller.exeJump to dropped file
Source: C:\Users\user\Desktop\Setup.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\nst5AB2.tmp\inetc.dllJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\nsr7B99.tmpDropped PE file which has not been started: C:\Users\user\PCAppStore\nwjs\nw.dllJump to dropped file
Source: C:\Users\user\Desktop\Setup.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\nst5AB2.tmp\System.dllJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\nsr7B99.tmpDropped PE file which has not been started: C:\Users\user\PCAppStore\nwjs\NW_store.exeJump to dropped file
Source: C:\Users\user\Desktop\Setup.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\nst5AB2.tmp\nsJSON.dllJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\nsr7B99.tmpDropped PE file which has not been started: C:\Users\user\PCAppStore\nwjs\vulkan-1.dllJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\nsr7B99.tmpDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\nsr9111.tmp\inetc.dllJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\nsr7B99.tmpDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\nsr9111.tmp\nsJSON.dllJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\nsr7B99.tmpDropped PE file which has not been started: C:\Users\user\PCAppStore\nwjs\node.dllJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\nsr7B99.tmpDropped PE file which has not been started: C:\Users\user\PCAppStore\nwjs\d3dcompiler_47.dllJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\nsr7B99.tmpDropped PE file which has not been started: C:\Users\user\PCAppStore\AutoUpdater.exeJump to dropped file
Source: C:\Users\user\Desktop\Setup.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\nst5AB2.tmp\nsDialogs.dllJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\nsr7B99.tmpDropped PE file which has not been started: C:\Users\user\PCAppStore\nwjs\ffmpeg.dllJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\nsr7B99.tmpDropped PE file which has not been started: C:\Users\user\PCAppStore\nwjs\vk_swiftshader.dllJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\nsr7B99.tmpDropped PE file which has not been started: C:\Users\user\PCAppStore\nwjs\notification_helper.exeJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\nsr7B99.tmpDropped PE file which has not been started: C:\Users\user\PCAppStore\nwjs\nw_elf.dllJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\nsr7B99.tmpDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\nsr9111.tmp\System.dllJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\nsr7B99.tmpDropped PE file which has not been started: C:\Users\user\PCAppStore\nwjs\libEGL.dllJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\nsr7B99.tmpDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\nsr9111.tmp\Math.dllJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\nsr7B99.tmpDropped PE file which has not been started: C:\Users\user\PCAppStore\nwjs\libGLESv2.dllJump to dropped file
Source: C:\Users\user\PCAppStore\Watchdog.exeEvasive API call chain: GetSystemTimeAsFileTime,DecisionNodes
Source: C:\Users\user\PCAppStore\PcAppStore.exeAPI coverage: 5.1 %
Source: C:\Users\user\PCAppStore\Watchdog.exe TID: 8052Thread sleep count: 36 > 30Jump to behavior
Source: C:\Users\user\PCAppStore\Watchdog.exe TID: 8052Thread sleep time: -2160000s >= -30000sJump to behavior
Source: C:\Users\user\PCAppStore\Watchdog.exe TID: 8412Thread sleep time: -300000s >= -30000sJump to behavior
Source: C:\Users\user\PCAppStore\Watchdog.exe TID: 8052Thread sleep time: -60000s >= -30000sJump to behavior
Source: C:\Users\user\Desktop\Setup.exeWMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : Select ReleaseDate from Win32_BIOS
Source: C:\Users\user\AppData\Local\Temp\nsr7B99.tmpWMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : Select ReleaseDate from Win32_BIOS
Source: C:\Users\user\Desktop\Setup.exeWMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : Select UUID from Win32_ComputerSystemProduct
Source: C:\Users\user\Desktop\Setup.exeWMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : Select Vendor from Win32_ComputerSystemProduct
Source: C:\Users\user\Desktop\Setup.exeWMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : Select Version from Win32_ComputerSystemProduct
Source: C:\Users\user\AppData\Local\Temp\nsr7B99.tmpWMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : Select UUID from Win32_ComputerSystemProduct
Source: C:\Users\user\AppData\Local\Temp\nsr7B99.tmpWMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : Select Vendor from Win32_ComputerSystemProduct
Source: C:\Users\user\AppData\Local\Temp\nsr7B99.tmpWMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : Select Version from Win32_ComputerSystemProduct
Source: C:\Users\user\PCAppStore\PcAppStore.exeWMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT * FROM Win32_ComputerSystemProduct
Source: C:\Users\user\Desktop\Setup.exeWMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : Select Name from Win32_Processor
Source: C:\Users\user\Desktop\Setup.exeWMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : Select MaxClockSpeed from Win32_Processor
Source: C:\Users\user\Desktop\Setup.exeWMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : Select NumberOfCores from Win32_Processor
Source: C:\Users\user\Desktop\Setup.exeWMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : Select NumberOfLogicalProcessors from Win32_Processor
Source: C:\Users\user\AppData\Local\Temp\nsr7B99.tmpWMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : Select Name from Win32_Processor
Source: C:\Users\user\AppData\Local\Temp\nsr7B99.tmpWMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : Select MaxClockSpeed from Win32_Processor
Source: C:\Users\user\AppData\Local\Temp\nsr7B99.tmpWMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : Select NumberOfCores from Win32_Processor
Source: C:\Users\user\AppData\Local\Temp\nsr7B99.tmpWMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : Select NumberOfLogicalProcessors from Win32_Processor
Source: C:\Users\user\PCAppStore\Watchdog.exeLast function: Thread delayed
Source: C:\Users\user\PCAppStore\Watchdog.exeLast function: Thread delayed
Source: C:\Users\user\Desktop\Setup.exeCode function: 0_2_00405C49 GetTempPathW,DeleteFileW,lstrcatW,lstrcatW,lstrlenW,FindFirstFileW,FindNextFileW,FindClose,0_2_00405C49
Source: C:\Users\user\Desktop\Setup.exeCode function: 0_2_00406873 FindFirstFileW,FindClose,0_2_00406873
Source: C:\Users\user\Desktop\Setup.exeCode function: 0_2_0040290B FindFirstFileW,0_2_0040290B
Source: C:\Users\user\AppData\Local\Temp\nsr7B99.tmpCode function: 11_2_00405D74 CloseHandle,GetTempPathW,DeleteFileW,lstrcatW,lstrcatW,lstrlenW,FindFirstFileW,FindNextFileW,FindClose,11_2_00405D74
Source: C:\Users\user\AppData\Local\Temp\nsr7B99.tmpCode function: 11_2_0040699E FindFirstFileW,FindClose,11_2_0040699E
Source: C:\Users\user\AppData\Local\Temp\nsr7B99.tmpCode function: 11_2_0040290B FindFirstFileW,11_2_0040290B
Source: C:\Users\user\PCAppStore\PcAppStore.exeCode function: 12_2_00007FF751C2D224 GetFileAttributesExW,GetLastError,FindFirstFileW,GetLastError,FindClose,__std_fs_open_handle,CloseHandle,GetFileInformationByHandleEx,GetLastError,CloseHandle,GetFileInformationByHandleEx,GetLastError,CloseHandle,GetFileInformationByHandleEx,GetLastError,CloseHandle,CloseHandle,CloseHandle,12_2_00007FF751C2D224
Source: C:\Users\user\PCAppStore\PcAppStore.exeCode function: 12_2_00007FF751C2D174 FindClose,FindFirstFileExW,GetLastError,GetCurrentDirectoryW,GetLastError,12_2_00007FF751C2D174
Source: C:\Users\user\PCAppStore\Watchdog.exeCode function: 13_2_00007FF74EDF1690 FindClose,FindFirstFileExW,GetLastError,13_2_00007FF74EDF1690
Source: C:\Users\user\PCAppStore\Watchdog.exeCode function: 13_2_00007FF74EDF1704 GetFileAttributesExW,GetLastError,FindFirstFileW,GetLastError,FindClose,__std_fs_open_handle,CloseHandle,GetFileInformationByHandleEx,GetLastError,CloseHandle,GetFileInformationByHandleEx,GetLastError,CloseHandle,GetFileInformationByHandleEx,GetLastError,CloseHandle,CloseHandle,CloseHandle,13_2_00007FF74EDF1704
Source: C:\Users\user\PCAppStore\Watchdog.exeCode function: 13_2_00007FF74EE002E0 _invalid_parameter_noinfo,FindFirstFileExW,FindNextFileW,FindClose,FindClose,13_2_00007FF74EE002E0
Source: C:\Users\user\PCAppStore\Watchdog.exeThread delayed: delay time: 60000Jump to behavior
Source: C:\Users\user\PCAppStore\Watchdog.exeThread delayed: delay time: 300000Jump to behavior
Source: C:\Users\user\PCAppStore\Watchdog.exeThread delayed: delay time: 60000Jump to behavior
Source: explorer.exe, 0000000E.00000000.3004401546.00000000098A8000.00000004.00000001.00020000.00000000.sdmpBinary or memory string: k&Ven_VMware&Prod_Virtual_disk\4&1656f219&0&000000
Source: nsr7B99.tmp, 0000000B.00000003.2949851888.0000000000529000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: LstringVMware, Inc.t32g
Source: explorer.exe, 0000000E.00000002.3057199415.0000000001240000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: SCSI\DISK&VEN_VMWARE&PROD_VIRTUAL_DISK\4&1656F219&0&0000000}
Source: explorer.exe, 0000000E.00000002.3075310275.00000000079FB000.00000004.00000001.00020000.00000000.sdmpBinary or memory string: \\?\STORAGE#Volume#{a33c735c-61ca-11ee-8c18-806e6f6e6963}#0000000000100000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\STORAGE#Volume#{a33c735c-61ca-11ee-8c18-806e6f6e6963}#0000000006500000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\STORAGE#Volume#{a33c735c-61ca-11ee-8c18-806e6f6e6963}#0000000C5E500000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\STORAGE#Volume#{a33c735c-61ca-11ee-8c18-806e6f6e6963}#0000000007500000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\SCSI#CdRom&Ven_NECVMWar&Prod_VMware_SATA_CD00#4&224f42ef&0&000000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\SCSI#CdRom&Ven_Msft&Prod_Virtual_DVD-ROM#2&1f4adffe&0&000001#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}
Source: PcAppStore.exe, 0000000C.00000003.2969739314.0000028CE5B56000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: VMware, Inc.
Source: nsr7B99.tmp, 0000000B.00000003.2950212760.0000000000529000.00000004.00000020.00020000.00000000.sdmp, nsr7B99.tmp, 0000000B.00000003.2950712354.0000000000529000.00000004.00000020.00020000.00000000.sdmp, nsr7B99.tmp, 0000000B.00000003.2937044105.0000000000529000.00000004.00000020.00020000.00000000.sdmp, nsr7B99.tmp, 0000000B.00000003.2946930356.0000000000529000.00000004.00000020.00020000.00000000.sdmp, nsr7B99.tmp, 0000000B.00000003.2948528077.0000000000529000.00000004.00000020.00020000.00000000.sdmp, nsr7B99.tmp, 0000000B.00000003.2949213295.0000000000529000.00000004.00000020.00020000.00000000.sdmp, nsr7B99.tmp, 0000000B.00000003.2946548996.0000000000529000.00000004.00000020.00020000.00000000.sdmp, nsr7B99.tmp, 0000000B.00000003.2946208487.0000000000529000.00000004.00000020.00020000.00000000.sdmp, nsr7B99.tmp, 0000000B.00000003.2949851888.0000000000529000.00000004.00000020.00020000.00000000.sdmp, nsr7B99.tmp, 0000000B.00000003.2947774223.0000000000529000.00000004.00000020.00020000.00000000.sdmp, nsr7B99.tmp, 0000000B.00000003.2949530293.0000000000529000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW<
Source: Setup.exe, 00000000.00000003.1789189421.0000000000587000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: {"system_stats":{"os_name":"Microsoft+Windows+10+Pro","os_installdate":"20231003095718%2E000000%2B060","os_processes":"113","os_architecture":"64-bit","os_virtmem":"8387636","os_mem":"4193332","cpu_name":"Intel%28R%29+Core%28TM%292+CPU+6600+%40+2%2E40+GHz","cpu_maxclock":"2000","cpu_cores":"4","cpu_logicalproc":"1","pc_vendor":"VMware%2C+Inc%2E","pc_version":"None","gpu_name":"CCKMX_FC","gpu_ram":"0","gpu_bitsperpixel":"32","gpu_x":"1280","gpu_y":"1024","disk_name":"TDP2BRRD+SCSI+Disk+Device","disk_size":"412300001200","sec_as":"","sec_av":"Windows+Defender","sec_fw":"","bios_releasedate":"20221121000000%2E000000%2B000"},"pcapps":{
Source: Setup.exe, 00000000.00000003.1860541903.000000000058A000.00000004.00000020.00020000.00000000.sdmp, Setup.exe, 00000000.00000002.2581590349.000000000058A000.00000004.00000020.00020000.00000000.sdmp, Setup.exe, 00000000.00000003.1866800732.000000000058A000.00000004.00000020.00020000.00000000.sdmp, Setup.exe, 00000000.00000003.2579490168.000000000058A000.00000004.00000020.00020000.00000000.sdmp, nsr7B99.tmp, 0000000B.00000003.2950212760.0000000000529000.00000004.00000020.00020000.00000000.sdmp, nsr7B99.tmp, 0000000B.00000003.2945826957.0000000000514000.00000004.00000020.00020000.00000000.sdmp, nsr7B99.tmp, 0000000B.00000003.2946548996.0000000000514000.00000004.00000020.00020000.00000000.sdmp, nsr7B99.tmp, 0000000B.00000003.2950712354.0000000000529000.00000004.00000020.00020000.00000000.sdmp, nsr7B99.tmp, 0000000B.00000003.2949851888.0000000000514000.00000004.00000020.00020000.00000000.sdmp, nsr7B99.tmp, 0000000B.00000003.2937044105.0000000000529000.00000004.00000020.00020000.00000000.sdmp, nsr7B99.tmp, 0000000B.00000003.2946930356.0000000000529000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW
Source: Setup.exe, 00000000.00000003.1789248437.0000000000576000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Sstem_stats":{"os_name":"Microsoft+Windows+10+Pro","os_installdate":"20231003095718%2E000000%2B060","os_processes":"113","os_architecture":"64-bit","os_virtmem":"8387636","os_mem":"4193332","cpu_name":"Intel%28R%29+Core%28TM%292+CPU+6600+%40+2%2E40+GHz","cpu_maxclock":"2000","cpu_cores":"4","cpu_logicalproc":"1","pc_vendor":"VMware%2C+Inc%2E","pc_version":"None","gpu_name":"CCKMX_FC","gpu_ram":"0","gpu_bitsperpixel":"32","gpu_x":"1280","gpu_y":"1024","disk_name":"TDP2B
Source: nsr7B99.tmp, 0000000B.00000002.3117371050.0000000000529000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: VMware%2C+Inc%2E
Source: explorer.exe, 0000000E.00000002.3116929596.0000000009977000.00000004.00000001.00020000.00000000.sdmpBinary or memory string: SCSI\CdRom&Ven_NECVMWar&Prod_VMware_SATA_CD00\4&224f42ef&0&000000
Source: Setup.exe, 00000000.00000002.2581590349.0000000000534000.00000004.00000020.00020000.00000000.sdmp, Setup.exe, 00000000.00000003.2579490168.0000000000533000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW@rZ%SystemRoot%\system32\mswsock.dll
Source: node.dll.11.drBinary or memory string: lgnW2/4/PEZB31jiVg88O8EckzXZOFKs7sjsLjBOlDW0JB9LeGna8gI4zJVSk/BwJVmcIGfE
Source: explorer.exe, 0000000E.00000000.2997571470.0000000009815000.00000004.00000001.00020000.00000000.sdmpBinary or memory string: NECVMWar VMware SATA CD00\w
Source: explorer.exe, 0000000E.00000002.3075310275.00000000078A0000.00000004.00000001.00020000.00000000.sdmpBinary or memory string: \\?\scsi#cdrom&ven_necvmwar&prod_vmware_sata_cd00#4&224f42ef&0&000000#{53f56308-b6bf-11d0-94f2-00a0c91efb8b}$
Source: explorer.exe, 0000000E.00000000.3004401546.00000000098A8000.00000004.00000001.00020000.00000000.sdmpBinary or memory string: SCSI\Disk&Ven_VMware&Prod_Virtual_disk\4&1656f219&0&000000
Source: explorer.exe, 0000000E.00000002.3075310275.00000000079FB000.00000004.00000001.00020000.00000000.sdmpBinary or memory string: \\?\STORAGE#Volume#{a33c735c-61ca-11ee-8c18-806e6f6e6963}#0000000000100000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\STORAGE#Volume#{a33c735c-61ca-11ee-8c18-806e6f6e6963}#0000000006500000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\STORAGE#Volume#{a33c735c-61ca-11ee-8c18-806e6f6e6963}#0000000C5E500000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\STORAGE#Volume#{a33c735c-61ca-11ee-8c18-806e6f6e6963}#0000000007500000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\SCSI#CdRom&Ven_NECVMWar&Prod_VMware_SATA_CD00#4&224f42ef&0&000000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\SCSI#CdRom&Ven_Msft&Prod_Virtual_DVD-ROM#2&1f4adffe&0&000001#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}'
Source: Watchdog.exe, 0000000D.00000002.3059218606.000002B7C5C8C000.00000004.00000020.00020000.00000000.sdmp, Watchdog.exe, 0000000D.00000003.3004378739.000002B7C5CB3000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAWZ
Source: nsr7B99.tmp, 0000000B.00000003.2949851888.0000000000529000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: LstringVMware, Inc.4
Source: explorer.exe, 0000000E.00000002.3116929596.0000000009977000.00000004.00000001.00020000.00000000.sdmpBinary or memory string: VMware SATA CD00
Source: explorer.exe, 0000000E.00000002.3075310275.00000000078AD000.00000004.00000001.00020000.00000000.sdmpBinary or memory string: NXTTAVMWare
Source: explorer.exe, 0000000E.00000000.2997571470.0000000009815000.00000004.00000001.00020000.00000000.sdmpBinary or memory string: SCSI\CdRom&Ven_NECVMWar&Prod_VMware_SATA_CD00\4&224f&0&000000
Source: PcAppStore.exe, 0000000C.00000003.2969739314.0000028CE5B56000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: stringComputer System ProductComputer System ProductUNYDAY71434D56-1548-ED3D-AEE6-C75AECD93BF0VMware, Inc.None++h
Source: PcAppStore.exe, 0000000C.00000002.3058430450.0000028CE5B4A000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW@H
Source: explorer.exe, 0000000E.00000002.3075310275.0000000007A34000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 0000000E.00000000.2992360703.0000000007A34000.00000004.00000001.00020000.00000000.sdmpBinary or memory string: Hyper-V RAWen-GBnx
Source: PcAppStore.exe, 0000000C.00000003.2969739314.0000028CE5B56000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: stringComputer System ProductComputer System ProductUNYDAY71434D56-1548-ED3D-AEE6-C75AECD93BF0VMware, Inc.Noney*
Source: Watchdog.exe, 0000000D.00000002.3059218606.000002B7C5C8C000.00000004.00000020.00020000.00000000.sdmp, Watchdog.exe, 0000000D.00000003.3004378739.000002B7C5CB3000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW@
Source: explorer.exe, 0000000E.00000000.2997571470.0000000009660000.00000004.00000001.00020000.00000000.sdmpBinary or memory string: SCSI\CDROM&VEN_NECVMWAR&PROD_VMWARE_SATA_CD00\4&224F42EF&0&000000er
Source: explorer.exe, 0000000E.00000002.3057199415.0000000001240000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: SCSI\DISK&VEN_VMWARE&PROD_VIRTUAL_DISK\4&1656F219&0&000000
Source: explorer.exe, 0000000E.00000002.3057199415.0000000001240000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: \\?\SCSI#CdRom&Ven_NECVMWar&Prod_VMware_SATA_CD00#4&224f42ef&0&000000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}
Source: C:\Users\user\Desktop\Setup.exeAPI call chain: ExitProcess graph end nodegraph_0-3503
Source: C:\Users\user\AppData\Local\Temp\nsr7B99.tmpAPI call chain: ExitProcess graph end nodegraph_11-12413
Source: C:\Users\user\AppData\Local\Temp\nsr7B99.tmpAPI call chain: ExitProcess graph end nodegraph_11-12194
Source: C:\Users\user\AppData\Local\Temp\nsr7B99.tmpAPI call chain: ExitProcess graph end nodegraph_11-13175
Source: C:\Users\user\Desktop\Setup.exeProcess information queried: ProcessInformationJump to behavior
Source: C:\Users\user\PCAppStore\PcAppStore.exeCode function: 12_2_00007FF751C531B8 RtlCaptureContext,RtlLookupFunctionEntry,RtlVirtualUnwind,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,12_2_00007FF751C531B8
Source: C:\Users\user\PCAppStore\PcAppStore.exeCode function: 12_2_00007FF751C2A700 __vcrt_InitializeCriticalSectionEx,GetLastError,IsDebuggerPresent,OutputDebugStringW,12_2_00007FF751C2A700
Source: C:\Users\user\AppData\Local\Temp\nsr7B99.tmpCode function: 11_2_6EFE1BFF GlobalAlloc,lstrcpyW,lstrcpyW,GlobalFree,GlobalFree,GlobalFree,GlobalFree,GlobalFree,GlobalFree,lstrcpyW,GetModuleHandleW,LoadLibraryW,GetProcAddress,lstrlenW,11_2_6EFE1BFF
Source: C:\Users\user\PCAppStore\PcAppStore.exeCode function: 12_2_00007FF751A77130 GetProcessHeap,12_2_00007FF751A77130
Source: C:\Users\user\PCAppStore\PcAppStore.exeCode function: 12_2_00007FF751C531B8 RtlCaptureContext,RtlLookupFunctionEntry,RtlVirtualUnwind,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,12_2_00007FF751C531B8
Source: C:\Users\user\PCAppStore\PcAppStore.exeCode function: 12_2_00007FF751C4DF10 SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,12_2_00007FF751C4DF10
Source: C:\Users\user\PCAppStore\Watchdog.exeCode function: 13_2_00007FF74EDF2F8C IsProcessorFeaturePresent,RtlCaptureContext,RtlLookupFunctionEntry,RtlVirtualUnwind,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,13_2_00007FF74EDF2F8C
Source: C:\Users\user\PCAppStore\Watchdog.exeCode function: 13_2_00007FF74EDF7E58 RtlCaptureContext,RtlLookupFunctionEntry,RtlVirtualUnwind,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,13_2_00007FF74EDF7E58
Source: C:\Users\user\PCAppStore\Watchdog.exeCode function: 13_2_00007FF74EDF250C SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,13_2_00007FF74EDF250C
Source: C:\Users\user\PCAppStore\Watchdog.exeCode function: 13_2_00007FF74EDF3170 SetUnhandledExceptionFilter,13_2_00007FF74EDF3170
Source: C:\Users\user\PCAppStore\PcAppStore.exeCode function: 12_2_00007FF751AF7D70 keybd_event,keybd_event,12_2_00007FF751AF7D70
Source: C:\Users\user\Desktop\Setup.exeProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized --single-argument https://pcapp.store/installing.php?guid=71434D56-1548-ED3D-AEE6-C75AECD93BF0&winver=19045&version=fa.1091x&nocache=20241004100016.659&_fcid=1728048003008516Jump to behavior
Source: nsr7B99.tmp, 0000000B.00000002.3118453750.0000000002C2B000.00000004.00000020.00020000.00000000.sdmp, PcAppStore.exe, 0000000C.00000002.3060819819.00007FF751C94000.00000002.00000001.01000000.00000014.sdmp, PcAppStore.exe, 0000000C.00000000.2963791742.00007FF751C94000.00000002.00000001.01000000.00000014.sdmpBinary or memory string: \/Software\Microsoft\Windows\CurrentVersion\RunSoftware\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\RunSoftware\Microsoft\Windows\CurrentVersion\RunSoftware\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\RunSoftware\PCAppStoreAppParamdefaultauto_start_oncontextual_offersperiodical_offerspersonilized_notifications%us%5B%5D=%s\u%0.4xtype must be string, but is type must be number, but is type must be number, but is paramsnameparamsnameurloidentryAppfilePath0e+000e+00^(https?://(?:www.)?([^/]+))(/.*)?$URL format is not valid : %wsWinHTTP 1.0handle initialization failuretimeout init failurehandle connection failureGEThandle request creation failurehandle request or response failurefile creation failurequery data not availableurloidlastTimeoTypesessionIdtagretmessageiconnamepathoidanimationsoundRoGetActivationFactorycombase.dllCoIncrementMTAUsagecombase.dll.dllDllGetActivationFactoryRoGetActivationFactorycombase.dllCoIncrementMTAUsagecombase.dll.dllDllGetActivationFactorytype must be string, but is menu_storenamepathmenu_searchmicrosoftIdregpathkeyhttps://pcapp.storedisplaycountblinkingnotificationIconrunParampathalt_linkmicrosoftIdregpathkeyidwinGetParamsaltActionaltActionParamsidproductr_binErreCode=%dproductcreate_shortcutshortcut_erroroid=%luSHGetFolderPath_error_code=%X&oid=%luQueryInterface_error_code=%X&oid=%luCoCreateInstance_error_code=%X&oid=%lu.lnknfinityanindsnanC++/WinRT version:2.0.220110.5nfinityShell_TrayWndanindsnan0p+00p+0infnan(ind)nannan(snan)infnan(ind)nannan(snan)infnan(ind)nannan(snan)unknowninfnan(ind)nannan(snan)infnan(ind)nannan(snan)infnan(ind)nannan(snan)unknownLTRRTLLTR\\\HKEY_CLASSES_ROOTHKEY_CURRENT_USERHKEY_LOCAL_MACHINEHKEY_USERSHKEY_CURRENT_CONFIG[A-Za-z0-9\\]{2,16}(\.[A-Za-z0-9.]*)*winget list --disable-interactivity --accept-source-agreements ClosingEvent%02X
Source: PcAppStore.exe, explorer.exe, 0000000E.00000002.3108337133.0000000009815000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 0000000E.00000000.2977602482.00000000018A1000.00000002.00000001.00040000.00000000.sdmp, explorer.exe, 0000000E.00000002.3058613045.00000000018A0000.00000002.00000001.00040000.00000000.sdmpBinary or memory string: Shell_TrayWnd
Source: explorer.exe, 0000000E.00000000.2977602482.00000000018A1000.00000002.00000001.00040000.00000000.sdmp, explorer.exe, 0000000E.00000002.3058613045.00000000018A0000.00000002.00000001.00040000.00000000.sdmpBinary or memory string: Progman
Source: nsr7B99.tmp, 0000000B.00000002.3118453750.0000000002C2B000.00000004.00000020.00020000.00000000.sdmp, PcAppStore.exe, 0000000C.00000002.3060819819.00007FF751C94000.00000002.00000001.01000000.00000014.sdmp, PcAppStore.exe, 0000000C.00000000.2963791742.00007FF751C94000.00000002.00000001.01000000.00000014.sdmpBinary or memory string: recipient is not initialized: unknown recipient: productconnection_errorCreating a pipe instance failedUnnecessary connection was detected. The list of expected windows is emptyproductconnection_errorcritical_connection_errorproductconnection_errormainsettingsmenu_storeoffermenu_searchtopbarnotificationswidgetall\\.\pipe\pcappstoreClosingEventproductmessage_sending_error{"app":{"create_window":"%ws"}}NWidgetShell_TrayWndTrayNotifyWnd+TrayButtonPNGArial++
Source: nsr7B99.tmp, 0000000B.00000002.3118453750.0000000002C2B000.00000004.00000020.00020000.00000000.sdmp, PcAppStore.exe, 0000000C.00000002.3060819819.00007FF751C94000.00000002.00000001.01000000.00000014.sdmp, PcAppStore.exe, 0000000C.00000000.2963791742.00007FF751C94000.00000002.00000001.01000000.00000014.sdmpBinary or memory string: ui_creation_failed1creation_error=%ws01ui_termination_error010TaskbarAlSoftware\Microsoft\Windows\CurrentVersion\Explorer\Advanceddirectory_switching_error10.\nwjs\NW_store.exe}}.\ui\.":"{"app" : {producttheme_handler_erroreCode=%dShell_TrayWndStartTrayDummySearchControlTrayButton
Source: nsr7B99.tmp, 0000000B.00000002.3118453750.0000000002C2B000.00000004.00000020.00020000.00000000.sdmp, PcAppStore.exe, 0000000C.00000002.3060819819.00007FF751C94000.00000002.00000001.01000000.00000014.sdmp, PcAppStore.exe, 0000000C.00000000.2963791742.00007FF751C94000.00000002.00000001.01000000.00000014.sdmpBinary or memory string: TTaskbarShell_TrayWndreload_appshow_mainclose_appget_connected_spotreset_offernext_offerdebug : close_appget_already_existed : exec_program : msstore_download_app : settingsrs_shortcut_run : cb_set_item :create_shortcut : setNotificationsCount : show_start_menuset_widget_behavior : show_notifications_iconhide_notifications_iconcheck_app_status : click_lock : save_widget_custom_position : shell:RecycleBinFoldercalcscreenshotr_bin_cleanr_bin_opencb_cleanupopenTopbarNotificationsstart_button_notification : ClosingEventerror_broken_pipereceived_bound_messagemsg=%wsmissing_null_chartype must be string, but is type must be number, but is SOFTWARE\PCAppStorereload_from_ui_thread{"app" : {"show_window":"settings"}}{"app" : {"show_window":"main"}}close_from_ui_threadreload_from_ui_thread{"app" : {"show_window":"settings"}}{"app" : {"show_window":"main"}}LastIDLastTime{"app": {"notifications": {"offerIsOpen": true}}}{"app":{"offer":{"offerInfo":{"url":"%ws","oid":%ws,"otype":"%ws","sessionId":"%ws"}},"show_window":"offer"}}{"app" : {"show_window":"main"}}{"app" : {"alive_window" : "%ws"}}{"app" : {"hide_window":"%ws"}}{"app": {"notifications": {"offerIsOpen": false}}}windowpageab{"app" : {"show_window":"menu_search"}}productwindow_showing_erroreM=%wsopenproductr_bin_open_error&eCode=%luopenproductcalc_error&eCode=%luxywidgetInfoproductwidget_info_errorothererrorsuccesswifi{"app":{"%ws":{"connected_spot":{"name":"%ws","type":"%ws","state":"%ws"}}}}unknown_ui_messagemsg=%wsmainsettingsmenu_storeoffermenu_searchtopbarnotificationswidgetallInstanceThread: client disconnected.
Source: explorer.exe, 0000000E.00000000.2976851999.0000000001240000.00000004.00000020.00020000.00000000.sdmp, explorer.exe, 0000000E.00000002.3057199415.0000000001240000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: 1Progman$
Source: explorer.exe, 0000000E.00000000.2977602482.00000000018A1000.00000002.00000001.00040000.00000000.sdmp, explorer.exe, 0000000E.00000002.3058613045.00000000018A0000.00000002.00000001.00040000.00000000.sdmpBinary or memory string: Progmanlock
Source: explorer.exe, 0000000E.00000000.2977602482.00000000018A1000.00000002.00000001.00040000.00000000.sdmp, explorer.exe, 0000000E.00000002.3058613045.00000000018A0000.00000002.00000001.00040000.00000000.sdmpBinary or memory string: }Program Manager
Source: nsr7B99.tmp, 0000000B.00000002.3118453750.0000000002C2B000.00000004.00000020.00020000.00000000.sdmp, PcAppStore.exe, 0000000C.00000002.3060819819.00007FF751C94000.00000002.00000001.01000000.00000014.sdmp, PcAppStore.exe, 0000000C.00000000.2963791742.00007FF751C94000.00000002.00000001.01000000.00000014.sdmpBinary or memory string: Shell_TrayWndStartTrayDummySearchControlTrayButton
Source: PcAppStore.exe, 0000000C.00000002.3056158924.000000CF669D9000.00000004.00000010.00020000.00000000.sdmpBinary or memory string: shell_traywnd
Source: C:\Users\user\PCAppStore\Watchdog.exeCode function: 13_2_00007FF74EE06780 cpuid 13_2_00007FF74EE06780
Source: C:\Users\user\PCAppStore\PcAppStore.exeCode function: GetLocaleInfoEx,Concurrency::details::WorkQueue::IsStructuredEmpty,GetLocaleInfoEx,12_2_00007FF751AEB270
Source: C:\Users\user\PCAppStore\PcAppStore.exeCode function: GetLocaleInfoEx,FormatMessageA,12_2_00007FF751C2B92C
Source: C:\Users\user\PCAppStore\Watchdog.exeCode function: GetLocaleInfoEx,FormatMessageA,13_2_00007FF74EDF13F8
Source: C:\Users\user\AppData\Local\Temp\nsr7B99.tmpQueries volume information: C:\ VolumeInformationJump to behavior
Source: C:\Users\user\PCAppStore\PcAppStore.exeCode function: 12_2_00007FF751C4DB14 GetSystemTimeAsFileTime,GetCurrentThreadId,GetCurrentProcessId,QueryPerformanceCounter,12_2_00007FF751C4DB14
Source: C:\Users\user\Desktop\Setup.exeCode function: 0_2_0040352D EntryPoint,SetErrorMode,GetVersionExW,GetVersionExW,GetVersionExW,lstrlenA,#17,OleInitialize,SHGetFileInfoW,GetCommandLineW,CharNextW,GetTempPathW,GetTempPathW,GetWindowsDirectoryW,lstrcatW,GetTempPathW,lstrcatW,SetEnvironmentVariableW,SetEnvironmentVariableW,SetEnvironmentVariableW,DeleteFileW,lstrcatW,lstrcatW,lstrcatW,lstrcmpiW,SetCurrentDirectoryW,DeleteFileW,CopyFileW,CloseHandle,ExitProcess,CoUninitialize,ExitProcess,GetCurrentProcess,OpenProcessToken,LookupPrivilegeValueW,AdjustTokenPrivileges,ExitWindowsEx,ExitProcess,0_2_0040352D
Source: C:\Windows\explorer.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography MachineGuidJump to behavior
Source: C:\Users\user\Desktop\Setup.exeWMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : Select displayName from AntiSpywareProduct
Source: C:\Users\user\Desktop\Setup.exeWMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : Select displayName from AntiVirusProduct
Source: C:\Users\user\Desktop\Setup.exeWMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : Select displayName from FirewallProduct
Source: C:\Users\user\AppData\Local\Temp\nsr7B99.tmpWMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : Select displayName from AntiSpywareProduct
Source: C:\Users\user\AppData\Local\Temp\nsr7B99.tmpWMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : Select displayName from AntiVirusProduct
Source: C:\Users\user\AppData\Local\Temp\nsr7B99.tmpWMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : Select displayName from FirewallProduct

Mitre Att&ck Matrix

ReconnaissanceResource DevelopmentInitial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionCommand and ControlExfiltrationImpact
Gather Victim Identity InformationAcquire InfrastructureValid Accounts141
Windows Management Instrumentation		1
DLL Side-Loading		1
DLL Side-Loading		1
Deobfuscate/Decode Files or Information		11
Input Capture		1
System Time Discovery		Remote Services1
Archive Collected Data		4
Ingress Tool Transfer		Exfiltration Over Other Network Medium1
System Shutdown/Reboot
CredentialsDomainsDefault Accounts2
Native API		1
DLL Search Order Hijacking		1
DLL Search Order Hijacking		2
Obfuscated Files or Information		LSASS Memory2
File and Directory Discovery		Remote Desktop Protocol11
Input Capture		11
Encrypted Channel		Exfiltration Over BluetoothNetwork Denial of Service
Email AddressesDNS ServerDomain AccountsAt1
Windows Service		1
Access Token Manipulation		1
DLL Side-Loading		Security Account Manager156
System Information Discovery		SMB/Windows Admin Shares1
Clipboard Data		4
Non-Application Layer Protocol		Automated ExfiltrationData Encrypted for Impact
Employee NamesVirtual Private ServerLocal AccountsCron111
Registry Run Keys / Startup Folder		1
Windows Service		1
DLL Search Order Hijacking		NTDS1
Query Registry		Distributed Component Object ModelInput Capture5
Application Layer Protocol		Traffic DuplicationData Destruction
Gather Victim Network InformationServerCloud AccountsLaunchdNetwork Logon Script12
Process Injection		1
Masquerading		LSA Secrets261
Security Software Discovery		SSHKeyloggingFallback ChannelsScheduled TransferData Encrypted for Impact
Domain PropertiesBotnetReplication Through Removable MediaScheduled TaskRC Scripts111
Registry Run Keys / Startup Folder		141
Virtualization/Sandbox Evasion		Cached Domain Credentials141
Virtualization/Sandbox Evasion		VNCGUI Input CaptureMultiband CommunicationData Transfer Size LimitsService Stop
DNSWeb ServicesExternal Remote ServicesSystemd TimersStartup ItemsStartup Items1
Access Token Manipulation		DCSync3
Process Discovery		Windows Remote ManagementWeb Portal CaptureCommonly Used PortExfiltration Over C2 ChannelInhibit System Recovery
Network Trust DependenciesServerlessDrive-by CompromiseContainer Orchestration JobScheduled Task/JobScheduled Task/Job12
Process Injection		Proc FilesystemSystem Owner/User DiscoveryCloud ServicesCredential API HookingApplication Layer ProtocolExfiltration Over Alternative ProtocolDefacement

Behavior Graph

Hide Legend

Legend:

  • Process
  • Signature
  • Created File
  • DNS/IP Info
  • Is Dropped
  • Is Windows Process
  • Number of created Registry Values
  • Number of created Files
  • Visual Basic
  • Delphi
  • Java
  • .Net C# or VB.NET
  • C, C++ or other language
  • Is malicious
  • Internet
behaviorgraph top1 dnsIp2 2 Behavior Graph ID: 1525890 Sample: Setup.exe Startdate: 04/10/2024 Architecture: WINDOWS Score: 42 50 www.google.com 2->50 52 pcapp.store 2->52 54 5 other IPs or domains 2->54 74 Multi AV Scanner detection for dropped file 2->74 9 Setup.exe 2 41 2->9         started        signatures3 process4 dnsIp5 70 1285660440.rsc.cdn77.org 207.211.211.27 NAVISITE-EAST-2US United States 9->70 72 pcapp.store 207.246.91.177 AS-CHOOPAUS United States 9->72 34 C:\Users\user\AppData\Local\...\nsr7B99.tmp, PE32 9->34 dropped 36 C:\Users\user\AppData\Local\...\nsJSON.dll, PE32 9->36 dropped 38 C:\Users\user\AppData\Local\...\nsDialogs.dll, PE32 9->38 dropped 40 2 other files (none is malicious) 9->40 dropped 76 Queries sensitive disk information (via WMI, Win32_DiskDrive, often done to detect virtual machines) 9->76 14 nsr7B99.tmp 10 251 9->14         started        18 chrome.exe 1 9->18         started        file6 signatures7 process8 dnsIp9 42 C:\Users\user\PCAppStore\nwjs\vulkan-1.dll, PE32+ 14->42 dropped 44 C:\Users\user\...\vk_swiftshader.dll, PE32+ 14->44 dropped 46 C:\Users\user\PCAppStore\nwjs\nw_elf.dll, PE32+ 14->46 dropped 48 16 other files (10 malicious) 14->48 dropped 78 Queries sensitive disk information (via WMI, Win32_DiskDrive, often done to detect virtual machines) 14->78 80 Creates multiple autostart registry keys 14->80 21 Watchdog.exe 16 14->21         started        24 PcAppStore.exe 1 14->24         started        56 192.168.2.23 unknown unknown 18->56 58 192.168.2.4 unknown unknown 18->58 60 2 other IPs or domains 18->60 26 chrome.exe 18->26         started        28 chrome.exe 18->28         started        30 chrome.exe 6 18->30         started        file10 signatures11 process12 dnsIp13 62 d74queuslupub.cloudfront.net 18.173.205.111 MIT-GATEWAYSUS United States 21->62 32 explorer.exe 5 4 24->32 injected 64 googleads.g.doubleclick.net 142.250.181.226 GOOGLEUS United States 26->64 66 142.250.185.100 GOOGLEUS United States 26->66 68 13 other IPs or domains 26->68 process14

Screenshots

Thumbnails

This section contains all screenshots as thumbnails, including those not shown in the slideshow.


windows-stand

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

No Antivirus matches

Dropped Files

SourceDetectionScannerLabelLink
C:\Users\user\AppData\Local\Temp\nsr9111.tmp\Math.dll0%ReversingLabs
C:\Users\user\AppData\Local\Temp\nsr9111.tmp\System.dll0%ReversingLabs
C:\Users\user\AppData\Local\Temp\nsr9111.tmp\inetc.dll0%ReversingLabs
C:\Users\user\AppData\Local\Temp\nsr9111.tmp\nsJSON.dll0%ReversingLabs
C:\Users\user\AppData\Local\Temp\nst5AB2.tmp\System.dll0%ReversingLabs
C:\Users\user\AppData\Local\Temp\nst5AB2.tmp\inetc.dll0%ReversingLabs
C:\Users\user\AppData\Local\Temp\nst5AB2.tmp\nsDialogs.dll0%ReversingLabs
C:\Users\user\AppData\Local\Temp\nst5AB2.tmp\nsJSON.dll0%ReversingLabs
C:\Users\user\PCAppStore\AutoUpdater.exe0%ReversingLabs
C:\Users\user\PCAppStore\PcAppStore.exe0%ReversingLabs
C:\Users\user\PCAppStore\Uninstaller.exe25%ReversingLabs
C:\Users\user\PCAppStore\nwjs\NW_store.exe0%ReversingLabs
C:\Users\user\PCAppStore\nwjs\d3dcompiler_47.dll0%ReversingLabs
C:\Users\user\PCAppStore\nwjs\ffmpeg.dll0%ReversingLabs
C:\Users\user\PCAppStore\nwjs\libEGL.dll0%ReversingLabs
C:\Users\user\PCAppStore\nwjs\libGLESv2.dll0%ReversingLabs
C:\Users\user\PCAppStore\nwjs\node.dll0%ReversingLabs
C:\Users\user\PCAppStore\nwjs\notification_helper.exe0%ReversingLabs
C:\Users\user\PCAppStore\nwjs\nw.dll0%ReversingLabs
C:\Users\user\PCAppStore\nwjs\nw_elf.dll0%ReversingLabs
C:\Users\user\PCAppStore\nwjs\vk_swiftshader.dll0%ReversingLabs
C:\Users\user\PCAppStore\nwjs\vulkan-1.dll0%ReversingLabs

Unpacked PE Files

No Antivirus matches

Domains

No Antivirus matches

URLs

SourceDetectionScannerLabelLink
https://api.msn.com:443/v1/news/Feed/Windows?0%URL Reputationsafe
http://schemas.micro0%URL Reputationsafe

Domains and IPs

Contacted Domains

NameIPActiveMaliciousAntivirus DetectionReputation
1715720427.rsc.cdn77.org
195.181.170.18
truefalse
    		unknown
    google.com
    		142.250.185.142
    		truefalse
      		unknown
      analytics-alv.google.com
      		216.239.32.181
      		truefalse
        		unknown
        googleads.g.doubleclick.net
        		142.250.181.226
        		truefalse
          		unknown
          1285660440.rsc.cdn77.org
          		207.211.211.27
          		truefalse
            		unknown
            www.google.com
            		142.250.185.132
            		truefalse
              		unknown
              td.doubleclick.net
              		142.250.185.98
              		truefalse
                		unknown
                pcapp.store
                		207.246.91.177
                		truefalse
                  		unknown
                  d74queuslupub.cloudfront.net
                  		18.173.205.111
                  		truefalse
                    		unknown
                    stats.g.doubleclick.net
                    		64.233.167.154
                    		truefalse
                      		unknown
                      repository.pcapp.store
                      		unknown
                      		unknownfalse
                        		unknown
                        analytics.google.com
                        		unknown
                        		unknownfalse
                          		unknown
                          delivery.pcapp.store
                          		unknown
                          		unknownfalse
                            		unknown
                            206.23.85.13.in-addr.arpa
                            		unknown
                            		unknownfalse
                              		unknown
                              197.87.175.4.in-addr.arpa
                              		unknown
                              		unknownfalse
                                		unknown

                                Contacted URLs

                                NameMaliciousAntivirus DetectionReputation
                                https://pcapp.store/pixel.gif?guid=71434D56-1548-ED3D-AEE6-C75AECD93BF0&version=fa.1091x&evt_src=fa_mini_installer&evt_action=start&permision=&_fcid=1728048003008516false
                                  		unknown
                                  https://pcapp.store/pixelgif.phpfalse
                                    		unknown
                                    https://pcapp.store/inst_cpg.php?guid=71434D56-1548-ED3D-AEE6-C75AECD93BF0&version=fa.1091x&src=pcapp_fullfalse
                                      		unknown
                                      https://pcapp.store/lp/appstore/img/favicon.icofalse
                                        		unknown

                                        URLs from Memory and Binaries

                                        NameSourceMaliciousAntivirus DetectionReputation
                                        https://aka.ms/odirmrexplorer.exe, 0000000E.00000000.2992360703.00000000079FB000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 0000000E.00000002.3075310275.00000000079FB000.00000004.00000001.00020000.00000000.sdmpfalse
                                          		unknown
                                          https://activity.windows.com/UserActivity.ReadWrite.CreatedByAppieexplorer.exe, 0000000E.00000000.3030957464.000000000C5AA000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 0000000E.00000002.3122793853.000000000C5AA000.00000004.00000001.00020000.00000000.sdmpfalse
                                            		unknown
                                            https://tools.ietf.org/html/rfc6455#section-1.3node.dll.11.drfalse
                                              		unknown
                                              https://www.ecma-international.org/ecma-262/8.0/#sec-atomescapenode.dll.11.drfalse
                                                		unknown
                                                https://d74queuslupub.cloudfront.net/p.gif?guid=71434D56-1548-ED3D-AEE6-C75AECD93BF0&version=fa.1091Watchdog.exe, 0000000D.00000002.3061849410.000002B7C7A70000.00000004.00000020.00020000.00000000.sdmp, Watchdog.exe, 0000000D.00000003.3004011272.000002B7C7A78000.00000004.00000020.00020000.00000000.sdmpfalse
                                                  		unknown
                                                  https://support.google.com/chrome/answer/6098869nsr7B99.tmp, 0000000B.00000002.3118453750.0000000002839000.00000004.00000020.00020000.00000000.sdmpfalse
                                                    		unknown
                                                    https://api.msn.com:443/v1/news/Feed/Windows?explorer.exe, 0000000E.00000000.2992360703.0000000007900000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 0000000E.00000002.3108337133.00000000097D4000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 0000000E.00000002.3075310275.0000000007900000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 0000000E.00000000.2997571470.00000000097D4000.00000004.00000001.00020000.00000000.sdmpfalse
                                                    • URL Reputation: safe
                                                    		unknown
                                                    https://www.ecma-international.org/ecma-262/8.0/#prod-Atomnode.dll.11.drfalse
                                                      		unknown
                                                      https://github.com/nodejs/node/pull/35941node.dll.11.drfalse
                                                        		unknown
                                                        https://console.spec.whatwg.org/#tablenode.dll.11.drfalse
                                                          		unknown
                                                          https://pcapp.store/inst_cpg.php?guid=71434D56-1548-ED3D-AEE6-C75AECD93BF0&_fcid=1728048003008516&veSetup.exe, 00000000.00000003.2579490168.0000000000533000.00000004.00000020.00020000.00000000.sdmpfalse
                                                            		unknown
                                                            https://chrome.google.com/webstore?hl=urCtrl$2nsr7B99.tmp, 0000000B.00000002.3118453750.0000000002839000.00000004.00000020.00020000.00000000.sdmpfalse
                                                              		unknown
                                                              https://cdn.query.prod.cms.msn.com/cms/api/amp/binary/AA13gTUYexplorer.exe, 0000000E.00000000.2992360703.0000000007900000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 0000000E.00000002.3075310275.0000000007900000.00000004.00000001.00020000.00000000.sdmpfalse
                                                                		unknown
                                                                https://encoding.spec.whatwg.org/#textencodernode.dll.11.drfalse
                                                                  		unknown
                                                                  https://fetch.spec.whatwg.org/#dom-responsenode.dll.11.drfalse
                                                                    		unknown
                                                                    https://tc39.es/ecma262/#prod-ClassStringDisjunctionContentsnode.dll.11.drfalse
                                                                      		unknown
                                                                      https://github.com/tc39/proposal-weakrefsnode.dll.11.drfalse
                                                                        		unknown
                                                                        https://goo.gl/t5IS6M).node.dll.11.drfalse
                                                                          		unknown
                                                                          https://tc39.es/ecma262/#prod-ClassSetRangenode.dll.11.drfalse
                                                                            		unknown
                                                                            https://www.ecma-international.org/ecma-262/8.0/#prod-annexB-Assertionnode.dll.11.drfalse
                                                                              		unknown
                                                                              https://github.com/google/caja/blob/HEAD/src/com/google/caja/ses/repairES5.jsnode.dll.11.drfalse
                                                                                		unknown
                                                                                https://url.spec.whatwg.org/#concept-urlencoded-serializernode.dll.11.drfalse
                                                                                  		unknown
                                                                                  https://url.spec.whatwg.org/#dom-urlsearchparams-urlsearchparamsnode.dll.11.drfalse
                                                                                    		unknown
                                                                                    https://wiki.squid-cache.org/SquidFaq/InnerWorkings#What_is_a_half-closed_filedescriptor.3Fnode.dll.11.drfalse
                                                                                      		unknown
                                                                                      https://android.notify.windows.com/iOSdexplorer.exe, 0000000E.00000002.3122793853.000000000C54A000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 0000000E.00000000.3030957464.000000000C54A000.00000004.00000001.00020000.00000000.sdmpfalse
                                                                                        		unknown
                                                                                        https://nodejs.org/api/fs.htmlnode.dll.11.drfalse
                                                                                          		unknown
                                                                                          https://github.com/nodejs/node/pull/21313node.dll.11.drfalse
                                                                                            		unknown
                                                                                            https://nodejs.org/download/release/v21.1.0/node-v21.1.0.tar.gznode.dll.11.drfalse
                                                                                              		unknown
                                                                                              https://pcapp.store/pixel.gif?guid=Setup.exe, 00000000.00000002.2581408056.000000000050D000.00000004.00000020.00020000.00000000.sdmp, PcAppStore.exefalse
                                                                                                		unknown
                                                                                                https://www.ecma-international.org/ecma-262/8.0/#prod-NonemptyClassRangesnode.dll.11.drfalse
                                                                                                  		unknown
                                                                                                  http://www.midnight-commander.org/browser/lib/tty/key.cnode.dll.11.drfalse
                                                                                                    		unknown
                                                                                                    https://cdn.query.prod.cms.msn.com/cms/api/amp/binary/AA13gHZuexplorer.exe, 0000000E.00000000.2992360703.00000000078AD000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 0000000E.00000002.3075310275.00000000078AD000.00000004.00000001.00020000.00000000.sdmpfalse
                                                                                                      		unknown
                                                                                                      https://nodejs.org/node.dll.11.drfalse
                                                                                                        		unknown
                                                                                                        https://tools.ietf.org/html/rfc7540#section-8.1.2.5node.dll.11.drfalse
                                                                                                          		unknown
                                                                                                          https://www.ecma-international.org/ecma-262/8.0/#prod-Hex4Digitsnode.dll.11.drfalse
                                                                                                            		unknown
                                                                                                            http://www.squid-cache.org/Doc/config/half_closed_clients/node.dll.11.drfalse
                                                                                                              		unknown
                                                                                                              https://www.ecma-international.org/ecma-262/8.0/#prod-DecimalEscapenode.dll.11.drfalse
                                                                                                                		unknown
                                                                                                                https://www.ecma-international.org/ecma-262/8.0/#prod-annexB-ClassControlLetternode.dll.11.drfalse
                                                                                                                  		unknown
                                                                                                                  https://www.msn.com/en-us/weather/topstories/us-weather-super-el-nino-to-bring-more-flooding-and-winexplorer.exe, 0000000E.00000000.2992360703.0000000007900000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 0000000E.00000002.3075310275.0000000007900000.00000004.00000001.00020000.00000000.sdmpfalse
                                                                                                                    		unknown
                                                                                                                    https://d74queuslupub.cloudfront.net/Watchdog.exe, 0000000D.00000002.3059218606.000002B7C5C8C000.00000004.00000020.00020000.00000000.sdmp, Watchdog.exe, 0000000D.00000002.3059218606.000002B7C5CF7000.00000004.00000020.00020000.00000000.sdmp, Watchdog.exe, 0000000D.00000003.3004378739.000002B7C5CB3000.00000004.00000020.00020000.00000000.sdmp, Watchdog.exe, 0000000D.00000002.3061849410.000002B7C7A70000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                      		unknown
                                                                                                                      https://tc39.es/ecma262/#sec-timeclipnode.dll.11.drfalse
                                                                                                                        		unknown
                                                                                                                        https://github.com/nodejs/node/pull/33661node.dll.11.drfalse
                                                                                                                          		unknown
                                                                                                                          https://www.google.com/chrome/privacy/eula_text.htmlT&rnsr7B99.tmp, 0000000B.00000002.3118453750.0000000002839000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                            		unknown
                                                                                                                            http://narwhaljs.org)node.dll.11.drfalse
                                                                                                                              		unknown
                                                                                                                              https://github.com/WICG/scheduling-apisnode.dll.11.drfalse
                                                                                                                                		unknown
                                                                                                                                https://nodejs.org/download/release/v21.1.0/node-v21.1.0.tar.gzhttps://nodejs.org/download/release/vnode.dll.11.drfalse
                                                                                                                                  		unknown
                                                                                                                                  https://cdn.query.prod.cms.msn.com/cms/api/amp/binary/AA13gMeuexplorer.exe, 0000000E.00000000.2992360703.0000000007900000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 0000000E.00000002.3075310275.0000000007900000.00000004.00000001.00020000.00000000.sdmpfalse
                                                                                                                                    		unknown
                                                                                                                                    https://pcapp.store/notify_app_v2.php?guid=PcAppStore.exefalse
                                                                                                                                      		unknown
                                                                                                                                      https://code.google.com/p/chromium/issues/detail?id=25916node.dll.11.drfalse
                                                                                                                                        		unknown
                                                                                                                                        https://fetch.spec.whatwg.org/#concept-header-list-deletenode.dll.11.drfalse
                                                                                                                                          		unknown
                                                                                                                                          https://webidl.spec.whatwg.org/#abstract-opdef-converttointnode.dll.11.drfalse
                                                                                                                                            		unknown
                                                                                                                                            https://chrome.google.com/webstore?hl=ukCtrl$1nsr7B99.tmp, 0000000B.00000002.3118453750.0000000002839000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                              		unknown
                                                                                                                                              https://fetch.spec.whatwg.org/#fetch-timing-infonode.dll.11.drfalse
                                                                                                                                                		unknown
                                                                                                                                                https://webassembly.github.io/spec/web-apinode.dll.11.drfalse
                                                                                                                                                  		unknown
                                                                                                                                                  https://pcapp.store/cpg_fa.php?guid=Annsr7B99.tmp, 0000000B.00000002.3118453750.0000000002C2B000.00000004.00000020.00020000.00000000.sdmp, PcAppStore.exe, 0000000C.00000002.3060819819.00007FF751C94000.00000002.00000001.01000000.00000014.sdmp, PcAppStore.exe, 0000000C.00000000.2963791742.00007FF751C94000.00000002.00000001.01000000.00000014.sdmpfalse
                                                                                                                                                    		unknown
                                                                                                                                                    https://github.com/nodejs/node/pull/12607node.dll.11.drfalse
                                                                                                                                                      		unknown
                                                                                                                                                      https://outlook.com_explorer.exe, 0000000E.00000000.3030957464.000000000C5AA000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 0000000E.00000002.3122793853.000000000C5AA000.00000004.00000001.00020000.00000000.sdmpfalse
                                                                                                                                                        		unknown
                                                                                                                                                        https://html.spec.whatwg.org/multipage/webappapis.html#windoworworkerglobalscope.node.dll.11.drfalse
                                                                                                                                                          		unknown
                                                                                                                                                          https://www.ecma-international.org/ecma-262/#sec-line-terminatorsnode.dll.11.drfalse
                                                                                                                                                            		unknown
                                                                                                                                                            https://www.unicode.org/Public/UNIDATA/EastAsianWidth.txtnode.dll.11.drfalse
                                                                                                                                                              		unknown
                                                                                                                                                              https://w3c.github.io/webappsec-referrer-policy/#referrer-policynode.dll.11.drfalse
                                                                                                                                                                		unknown
                                                                                                                                                                https://fetch.spec.whatwg.org/#requestcachenode.dll.11.drfalse
                                                                                                                                                                  		unknown
                                                                                                                                                                  https://fetch.spec.whatwg.org/#header-list-containsnode.dll.11.drfalse
                                                                                                                                                                    		unknown
                                                                                                                                                                    https://tc39.es/ecma262/#prod-ClassSetSyntaxCharacternode.dll.11.drfalse
                                                                                                                                                                      		unknown
                                                                                                                                                                      https://tc39.es/ecma262/#prod-ClassUnionnode.dll.11.drfalse
                                                                                                                                                                        		unknown
                                                                                                                                                                        https://pcapp.store/installing.php?guid=71434D56-1548-ED3D-AEE6-C75AECD93BF0&winver=19045&version=faSetup.exe, 00000000.00000003.2578755120.0000000002EF2000.00000004.00000020.00020000.00000000.sdmp, Setup.exe, 00000000.00000002.2582164527.0000000002780000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                          		unknown
                                                                                                                                                                          https://www.ecma-international.org/ecma-262/8.0/#prod-annexB-ExtendedAtomnode.dll.11.drfalse
                                                                                                                                                                            		unknown
                                                                                                                                                                            http://schemas.microexplorer.exe, 0000000E.00000000.2996471283.0000000008720000.00000002.00000001.00040000.00000000.sdmp, explorer.exe, 0000000E.00000000.2995759088.0000000007F40000.00000002.00000001.00040000.00000000.sdmp, explorer.exe, 0000000E.00000002.3117852812.0000000009B60000.00000002.00000001.00040000.00000000.sdmpfalse
                                                                                                                                                                            • URL Reputation: safe
                                                                                                                                                                            		unknown
                                                                                                                                                                            https://heycam.github.io/webidl/#es-iterable-entriesnode.dll.11.drfalse
                                                                                                                                                                              		unknown
                                                                                                                                                                              https://heycam.github.io/webidl/#es-interfacesnode.dll.11.drfalse
                                                                                                                                                                                		unknown
                                                                                                                                                                                https://chrome.google.com/webstore?hl=zh-TWCtrl$1nsr7B99.tmp, 0000000B.00000002.3118453750.0000000002839000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                  		unknown
                                                                                                                                                                                  https://github.com/nodejs/node/issuesnode.dll.11.drfalse
                                                                                                                                                                                    		unknown
                                                                                                                                                                                    https://www.ecma-international.org/ecma-262/8.0/#prod-HexDigitsnode.dll.11.drfalse
                                                                                                                                                                                      		unknown
                                                                                                                                                                                      https://github.com/denoland/deno/blob/main/LICENSE.md.node.dll.11.drfalse
                                                                                                                                                                                        		unknown
                                                                                                                                                                                        https://encoding.spec.whatwg.org/#encode-and-enqueue-a-chunknode.dll.11.drfalse
                                                                                                                                                                                          		unknown
                                                                                                                                                                                          https://tc39.github.io/ecma262/#sec-object.prototype.tostringnode.dll.11.drfalse
                                                                                                                                                                                            		unknown
                                                                                                                                                                                            https://url.spec.whatwg.org/#urlsearchparamsnode.dll.11.drfalse
                                                                                                                                                                                              		unknown
                                                                                                                                                                                              https://infra.spec.whatwg.org/#ascii-whitespacenode.dll.11.drfalse
                                                                                                                                                                                                		unknown
                                                                                                                                                                                                https://www.msn.com/en-us/lifestyle/travel/i-ve-worked-at-a-campsite-for-5-years-these-are-the-15-miexplorer.exe, 0000000E.00000000.2992360703.0000000007900000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 0000000E.00000002.3075310275.0000000007900000.00000004.00000001.00020000.00000000.sdmpfalse
                                                                                                                                                                                                  		unknown
                                                                                                                                                                                                  https://chromeenterprise.google/policies/#BrowserSwitcherUrlListnsr7B99.tmp, 0000000B.00000002.3118453750.0000000002839000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                                    		unknown
                                                                                                                                                                                                    https://www.rfc-editor.org/rfc/rfc9110#section-5.2node.dll.11.drfalse
                                                                                                                                                                                                      		unknown
                                                                                                                                                                                                      https://streams.spec.whatwg.org/#example-manual-write-with-backpressurenode.dll.11.drfalse
                                                                                                                                                                                                        		unknown
                                                                                                                                                                                                        https://github.com/nodejs/node/pull/30380#issuecomment-552948364node.dll.11.drfalse
                                                                                                                                                                                                          		unknown
                                                                                                                                                                                                          https://html.spec.whatwg.org/multipage/timers-and-user-prompts.html#dom-setintervalnode.dll.11.drfalse
                                                                                                                                                                                                            		unknown
                                                                                                                                                                                                            https://heycam.github.io/webidl/#dfn-iterator-prototype-objectnode.dll.11.drfalse
                                                                                                                                                                                                              		unknown
                                                                                                                                                                                                              https://pcapp.store/fa_version.php?guid=%ws&res=link&nocache=%dnsr7B99.tmp, 0000000B.00000002.3118453750.0000000002C2B000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                                                		unknown
                                                                                                                                                                                                                https://datatracker.ietf.org/doc/html/rfc7238node.dll.11.drfalse
                                                                                                                                                                                                                  		unknown
                                                                                                                                                                                                                  https://chrome.google.com/webstore/category/extensionsnsr7B99.tmp, 0000000B.00000002.3118453750.0000000002839000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                                                    		unknown
                                                                                                                                                                                                                    https://pcapp.store/pixel.gif?guid=&version=&evt_src=fa_&evt_action=https://pcapp.store/pixel.gif&nonsr7B99.tmp, 0000000B.00000002.3118453750.0000000002C2B000.00000004.00000020.00020000.00000000.sdmp, PcAppStore.exe, 0000000C.00000002.3060819819.00007FF751C94000.00000002.00000001.01000000.00000014.sdmp, PcAppStore.exe, 0000000C.00000000.2963791742.00007FF751C94000.00000002.00000001.01000000.00000014.sdmpfalse
                                                                                                                                                                                                                      		unknown
                                                                                                                                                                                                                      https://github.com/nodejs/node/pull/38614)node.dll.11.drfalse
                                                                                                                                                                                                                        		unknown
                                                                                                                                                                                                                        https://tc39.es/ecma262/#prod-ClassSetReservedPunctuatornode.dll.11.drfalse
                                                                                                                                                                                                                          		unknown
                                                                                                                                                                                                                          https://github.com/nodejs/node/issues/10673node.dll.11.drfalse
                                                                                                                                                                                                                            		unknown
                                                                                                                                                                                                                            https://passwords.google.comTnsr7B99.tmp, 0000000B.00000002.3118453750.0000000002839000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                                                              		unknown
                                                                                                                                                                                                                              https://github.com/nodejs/node/pull/32887node.dll.11.drfalse
                                                                                                                                                                                                                                		unknown
                                                                                                                                                                                                                                https://mimesniff.spec.whatwg.org/#mime-type-essencenode.dll.11.drfalse
                                                                                                                                                                                                                                  		unknown
                                                                                                                                                                                                                                  https://tc39.es/ecma262/#sec-%typedarray%-intrinsic-objectnode.dll.11.drfalse
                                                                                                                                                                                                                                    		unknown

                                                                                                                                                                                                                                    World Map of Contacted IPs

                                                                                                                                                                                                                                    • No. of IPs < 25%
                                                                                                                                                                                                                                    • 25% < No. of IPs < 50%
                                                                                                                                                                                                                                    • 50% < No. of IPs < 75%
                                                                                                                                                                                                                                    • 75% < No. of IPs

                                                                                                                                                                                                                                    Public IPs

                                                                                                                                                                                                                                    IPDomainCountryFlagASNASN NameMalicious
                                                                                                                                                                                                                                    64.233.167.154
                                                                                                                                                                                                                                    		stats.g.doubleclick.netUnited States
                                                                                                                                                                                                                                    		15169GOOGLEUSfalse
                                                                                                                                                                                                                                    207.246.91.177
                                                                                                                                                                                                                                    		pcapp.storeUnited States
                                                                                                                                                                                                                                    		20473AS-CHOOPAUSfalse
                                                                                                                                                                                                                                    142.250.185.100
                                                                                                                                                                                                                                    		unknownUnited States
                                                                                                                                                                                                                                    		15169GOOGLEUSfalse
                                                                                                                                                                                                                                    142.250.185.142
                                                                                                                                                                                                                                    		google.comUnited States
                                                                                                                                                                                                                                    		15169GOOGLEUSfalse
                                                                                                                                                                                                                                    104.248.126.225
                                                                                                                                                                                                                                    		unknownUnited States
                                                                                                                                                                                                                                    		14061DIGITALOCEAN-ASNUSfalse
                                                                                                                                                                                                                                    216.239.32.181
                                                                                                                                                                                                                                    		analytics-alv.google.comUnited States
                                                                                                                                                                                                                                    		15169GOOGLEUSfalse
                                                                                                                                                                                                                                    195.181.170.18
                                                                                                                                                                                                                                    		1715720427.rsc.cdn77.orgUnited Kingdom
                                                                                                                                                                                                                                    		60068CDN77GBfalse
                                                                                                                                                                                                                                    142.250.185.132
                                                                                                                                                                                                                                    		www.google.comUnited States
                                                                                                                                                                                                                                    		15169GOOGLEUSfalse
                                                                                                                                                                                                                                    172.217.18.2
                                                                                                                                                                                                                                    		unknownUnited States
                                                                                                                                                                                                                                    		15169GOOGLEUSfalse
                                                                                                                                                                                                                                    142.250.181.226
                                                                                                                                                                                                                                    		googleads.g.doubleclick.netUnited States
                                                                                                                                                                                                                                    		15169GOOGLEUSfalse
                                                                                                                                                                                                                                    239.255.255.250
                                                                                                                                                                                                                                    		unknownReserved
                                                                                                                                                                                                                                    		unknownunknownfalse
                                                                                                                                                                                                                                    207.211.211.27
                                                                                                                                                                                                                                    		1285660440.rsc.cdn77.orgUnited States
                                                                                                                                                                                                                                    		14135NAVISITE-EAST-2USfalse
                                                                                                                                                                                                                                    142.250.186.100
                                                                                                                                                                                                                                    		unknownUnited States
                                                                                                                                                                                                                                    		15169GOOGLEUSfalse
                                                                                                                                                                                                                                    45.32.1.23
                                                                                                                                                                                                                                    		unknownUnited States
                                                                                                                                                                                                                                    		20473AS-CHOOPAUSfalse
                                                                                                                                                                                                                                    18.173.205.111
                                                                                                                                                                                                                                    		d74queuslupub.cloudfront.netUnited States
                                                                                                                                                                                                                                    		3MIT-GATEWAYSUSfalse
                                                                                                                                                                                                                                    142.250.185.98
                                                                                                                                                                                                                                    		td.doubleclick.netUnited States
                                                                                                                                                                                                                                    		15169GOOGLEUSfalse

                                                                                                                                                                                                                                    Private

                                                                                                                                                                                                                                    IP
                                                                                                                                                                                                                                    192.168.2.4
                                                                                                                                                                                                                                    192.168.2.5
                                                                                                                                                                                                                                    192.168.2.23

                                                                                                                                                                                                                                    General Information

                                                                                                                                                                                                                                    Joe Sandbox version:41.0.0 Charoite
                                                                                                                                                                                                                                    Analysis ID:1525890
                                                                                                                                                                                                                                    Start date and time:2024-10-04 15:59:08 +02:00
                                                                                                                                                                                                                                    Joe Sandbox product:CloudBasic
                                                                                                                                                                                                                                    Overall analysis duration:0h 10m 21s
                                                                                                                                                                                                                                    Hypervisor based Inspection enabled:false
                                                                                                                                                                                                                                    Report type:full
                                                                                                                                                                                                                                    Cookbook file name:default.jbs
                                                                                                                                                                                                                                    Analysis system description:Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
                                                                                                                                                                                                                                    Number of analysed new started processes analysed:15
                                                                                                                                                                                                                                    Number of new started drivers analysed:0
                                                                                                                                                                                                                                    Number of existing processes analysed:0
                                                                                                                                                                                                                                    Number of existing drivers analysed:0
                                                                                                                                                                                                                                    Number of injected processes analysed:1
                                                                                                                                                                                                                                    Technologies:
                                                                                                                                                                                                                                    • HCA enabled
                                                                                                                                                                                                                                    • EGA enabled
                                                                                                                                                                                                                                    • AMSI enabled
                                                                                                                                                                                                                                    Analysis Mode:default
                                                                                                                                                                                                                                    Analysis stop reason:Timeout
                                                                                                                                                                                                                                    Sample name:Setup.exe
                                                                                                                                                                                                                                    Detection:MAL
                                                                                                                                                                                                                                    Classification:mal42.evad.winEXE@26/249@33/19
                                                                                                                                                                                                                                    EGA Information:
                                                                                                                                                                                                                                    • Successful, ratio: 100%
                                                                                                                                                                                                                                    HCA Information:
                                                                                                                                                                                                                                    • Successful, ratio: 85%
                                                                                                                                                                                                                                    • Number of executed functions: 125
                                                                                                                                                                                                                                    • Number of non-executed functions: 230
                                                                                                                                                                                                                                    Cookbook Comments:
                                                                                                                                                                                                                                    • Found application associated with file extension: .exe

                                                                                                                                                                                                                                    Warnings

                                                                                                                                                                                                                                    • Exclude process from analysis (whitelisted): MpCmdRun.exe, dllhost.exe, WMIADAP.exe, SIHClient.exe, conhost.exe, svchost.exe
                                                                                                                                                                                                                                    • Excluded IPs from analysis (whitelisted): 142.250.185.174, 66.102.1.84, 172.217.18.3, 34.104.35.123, 142.250.184.234, 216.58.206.67, 142.250.181.232, 142.250.185.168, 199.232.214.172, 192.229.221.95, 142.250.181.227, 216.58.212.174
                                                                                                                                                                                                                                    • Excluded domains from analysis (whitelisted): clients1.google.com, fonts.googleapis.com, fs.microsoft.com, accounts.google.com, slscr.update.microsoft.com, otelrules.azureedge.net, fonts.gstatic.com, ctldl.windowsupdate.com, clientservices.googleapis.com, fe3cr.delivery.mp.microsoft.com, clients2.google.com, ocsp.digicert.com, edgedl.me.gvt1.com, www.googletagmanager.com, update.googleapis.com, clients.l.google.com
                                                                                                                                                                                                                                    • HTTPS sessions have been limited to 150. Please view the PCAPs for the complete data.
                                                                                                                                                                                                                                    • Not all processes where analyzed, report is missing behavior information
                                                                                                                                                                                                                                    • Report size exceeded maximum capacity and may have missing behavior information.
                                                                                                                                                                                                                                    • Report size exceeded maximum capacity and may have missing disassembly code.
                                                                                                                                                                                                                                    • Report size exceeded maximum capacity and may have missing network information.
                                                                                                                                                                                                                                    • Report size getting too big, too many NtEnumerateKey calls found.
                                                                                                                                                                                                                                    • Report size getting too big, too many NtOpenKeyEx calls found.
                                                                                                                                                                                                                                    • Report size getting too big, too many NtProtectVirtualMemory calls found.
                                                                                                                                                                                                                                    • Report size getting too big, too many NtQueryValueKey calls found.
                                                                                                                                                                                                                                    • Some HTTPS proxied raw data packets have been limited to 10 per session. Please view the PCAPs for the complete data.
                                                                                                                                                                                                                                    • VT rate limit hit for: Setup.exe

                                                                                                                                                                                                                                    Simulations

                                                                                                                                                                                                                                    Behavior and APIs

                                                                                                                                                                                                                                    TimeTypeDescription
                                                                                                                                                                                                                                    10:02:07API Interceptor77x Sleep call for process: Watchdog.exe modified
                                                                                                                                                                                                                                    10:02:15API Interceptor2x Sleep call for process: explorer.exe modified
                                                                                                                                                                                                                                    15:02:12AutostartRun: HKCU\Software\Microsoft\Windows\CurrentVersion\Run PCAppStore "C:\Users\user\PCAppStore\PCAppStore.exe" /init default
                                                                                                                                                                                                                                    15:02:27AutostartRun: HKCU\Software\Microsoft\Windows\CurrentVersion\Run PcAppStoreUpdater "C:\Users\user\PCAppStore\AutoUpdater.exe" /i

                                                                                                                                                                                                                                    LLM Input / Output

                                                                                                                                                                                                                                    Joe Sandbox View / Context

                                                                                                                                                                                                                                    IPs

                                                                                                                                                                                                                                    MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                                                                                                                                                                    207.246.91.177Setup.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                      239.255.255.250https://lil-loveeeees.blogspot.com/Get hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                        niko.exeGet hashmaliciousAmadey, Credential Flusher, Stealc, VidarBrowse
                                                                                                                                                                                                                                          ethaertharety.ps1Get hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                            Payment receipt 50%Invoicelp612117_CQDM.htmlGet hashmaliciousHTMLPhisherBrowse
                                                                                                                                                                                                                                              TsxJNxhxMJfQTd.ps1Get hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                https://ravenous-feast.co.uk/Get hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                  https://admin.hotcoinbase.com/Get hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                    https://smallpdf.com/sign-pdf/document#data=eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJpc3MiOiJodHRwczovL2VzaWduLnNtYWxscGRmLXN0YWdpbmcuY29tIiwic3ViIjoiN2NmYmYzYzYtZGJhZS00MDU2LWFmNjEtZTE1OTY4NGUxZTc4IiwiYXVkIjpbImVzaWduIl0sImV4cCI6MTcyOTI1NTE2OCwibmJmIjoxNzI4MDQ1NTY4LCJpYXQiOjE3MjgwNDU1NjgsImp0aSI6IjdjZmJmM2M2LWRiYWUtNDA1Ni1hZjYxLWUxNTk2ODRlMWU3OCIsInBheWxvYWQiOnsiZW52ZWxvcGVfaWQiOiIyNDYxNDE2ZC1iYWJmLTQzMDktOTRhYy1hZWJkYzRjMmZmY2MiLCJzaWduX3JlcXVlc3RfaWQiOiI3Y2ZiZjNjNi1kYmFlLTQwNTYtYWY2MS1lMTU5Njg0ZTFlNzgiLCJ0b2tlbl90eXBlIjoibm90aWZpY2F0aW9uIiwidXNlcl9lbWFpbCI6ImZyYW5jZXMud29vZEB1a3JpLm9yZyIsInVzZXJfZmlyc3RuYW1lIjoiZnJhbmNlcy53b29kQHVrcmkub3JnIiwidXNlcl9sYXN0bmFtZSI6ImZyYW5jZXMud29vZEB1a3JpLm9yZyJ9fQ.OqxYiO2DP6wYmX2t6u3X4Qa-FIZ5J__ELTV29qKimLo&eid=2461416d-babf-4309-94ac-aebdc4c2ffcc&esrt=7cfbf3c6-dbae-4056-af61-e159684e1e78Get hashmaliciousHTMLPhisherBrowse
                                                                                                                                                                                                                                                      https://rb.gy/a8jf8cGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                        https://mail.inforumahsumut.com/Get hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                          207.211.211.27https://bitfinexinvestment.com/Get hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                            Play_VM-NowCWhiteAudiowav012.htmlGet hashmaliciousTycoon2FABrowse
                                                                                                                                                                                                                                                              https://wtm.ventes-privees-du-jour.com/r/eNplj92OmzAQRp+GvQwYbGNfRBVNwgblh61I0jQ3kTEmOAXsgoFNnr6utFppVcnSSOd845mZXApCiJCbs5xhHwkaMq/EwEMCc1wCRjGl3MOeC0iAXArdEmJaepgUhBKOwoJCQIUgBJU+CwoB3NCFrnK/DfPKGN07QeT4sX3TNM0q1TRCd3IUM64aC2Xb805qI1XrBLENL33iewR4nu/4eDDNtVdDx4UVk6htjxh1cf9QjSjk0FjFdf2BOGs0k7f2v7xomKwt7VQuOuNAz4hatMLMcmEtH3pjs921lF1vWtb8Gxi1rfwia/bpfibb7WqXWVvr66gtcfzgmiyvtrwUfJ4+1qCs1GnU/YrCyR4TK60aFU3idQ8ntNjW9+hZoTo/m7dl4PjfT7UZq27RguCy3hwOoZ/CanOkZnFKm8Oe4SnLJU5uXnywf50j/fb0ft/+8Et0eC2nJEu3krdIqEyy22bEjzBN90n9rLTMyO7Ml8kK3n+dH7dwWhNYgGP6owiHUdD7eRVnLOlHu8Lx/ZJ2uwc/BY8jgXGUDvsXJueAIgDJX8NYskg=Get hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                                http://ubschf.com/updateGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                                  http://gooel.comGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                                    https://2b01876c-5741-4e94-bfb6-30973e4a6517.filesusr.com/ugd/45d688_e6550f66144a4c99bd218d863a7cb192.pdf?index=trueGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                                      http://l9sa.github.io/Get hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                                        https://view-itemopensea.ddnss.eu/7943019761788058721123456380221807687558/assets/nft-monkey-bored-ape-sold-ever/64897/create.htmlGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                                          http://mail.sox.co.rs/webmail/Get hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                                            tKr6T60C1r.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                                              195.181.170.18__.exeGet hashmaliciousPureLog StealerBrowse
                                                                                                                                                                                                                                                                              • static.adguard.com/installer.v1.0.json
                                                                                                                                                                                                                                                                              104.248.126.225Setup (1).exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                                                MDE_File_Sample_c30dd28cb119f2aa20ddabe8968b8cadbe80bcb2.zipGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                                                  nso7806.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                                                    Setup.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                                                      http://pcapp.storeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                                                        http://pcapp.storeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                                                          PcAppStore.exeGet hashmaliciousUnknownBrowse

                                                                                                                                                                                                                                                                                            Domains

                                                                                                                                                                                                                                                                                            MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                                                                                                                                                                                                                            d74queuslupub.cloudfront.nettKr6T60C1r.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                                                            • 18.173.205.111
                                                                                                                                                                                                                                                                                            Setup.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                                                            • 18.173.205.117
                                                                                                                                                                                                                                                                                            Setup (1).exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                                                            • 18.239.94.126
                                                                                                                                                                                                                                                                                            1715720427.rsc.cdn77.orgtKr6T60C1r.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                                                            • 207.211.211.27
                                                                                                                                                                                                                                                                                            https://pivotanimator.net/Download.phpGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                                                            • 156.146.33.14
                                                                                                                                                                                                                                                                                            Setup.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                                                            • 138.199.37.37
                                                                                                                                                                                                                                                                                            Setup (1).exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                                                            • 195.181.170.19
                                                                                                                                                                                                                                                                                            Setup (1).exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                                                            • 89.187.173.11
                                                                                                                                                                                                                                                                                            Setup (1).exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                                                            • 37.19.206.5
                                                                                                                                                                                                                                                                                            Setup (1).exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                                                            • 37.19.206.5
                                                                                                                                                                                                                                                                                            http://pcapp.storeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                                                            • 195.181.175.15
                                                                                                                                                                                                                                                                                            http://pcapp.storeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                                                            • 195.181.170.18
                                                                                                                                                                                                                                                                                            1285660440.rsc.cdn77.orgtKr6T60C1r.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                                                            • 212.102.56.179
                                                                                                                                                                                                                                                                                            Setup.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                                                            • 138.199.37.37
                                                                                                                                                                                                                                                                                            Setup (1).exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                                                            • 156.146.33.138
                                                                                                                                                                                                                                                                                            Setup (1).exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                                                            • 89.187.173.13
                                                                                                                                                                                                                                                                                            MDE_File_Sample_c30dd28cb119f2aa20ddabe8968b8cadbe80bcb2.zipGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                                                            • 89.187.173.11
                                                                                                                                                                                                                                                                                            Setup.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                                                            • 89.187.183.11
                                                                                                                                                                                                                                                                                            MDE_File_Sample_ba40401128d2ff2734a7e554120b7de438870654.zipGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                                                            • 37.19.206.5
                                                                                                                                                                                                                                                                                            pcapp.storehttps://pivotanimator.net/Download.phpGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                                                            • 45.32.1.23

                                                                                                                                                                                                                                                                                            ASNs

                                                                                                                                                                                                                                                                                            MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                                                                                                                                                                                                                            NAVISITE-EAST-2UShttps://bitfinexinvestment.com/Get hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                                                            • 207.211.211.26
                                                                                                                                                                                                                                                                                            Play_VM-NowCWhiteAudiowav012.htmlGet hashmaliciousTycoon2FABrowse
                                                                                                                                                                                                                                                                                            • 207.211.211.27
                                                                                                                                                                                                                                                                                            novo.x86_64.elfGet hashmaliciousMirai, MoobotBrowse
                                                                                                                                                                                                                                                                                            • 207.211.60.201
                                                                                                                                                                                                                                                                                            https://wtm.ventes-privees-du-jour.com/r/eNplj92OmzAQRp+GvQwYbGNfRBVNwgblh61I0jQ3kTEmOAXsgoFNnr6utFppVcnSSOd845mZXApCiJCbs5xhHwkaMq/EwEMCc1wCRjGl3MOeC0iAXArdEmJaepgUhBKOwoJCQIUgBJU+CwoB3NCFrnK/DfPKGN07QeT4sX3TNM0q1TRCd3IUM64aC2Xb805qI1XrBLENL33iewR4nu/4eDDNtVdDx4UVk6htjxh1cf9QjSjk0FjFdf2BOGs0k7f2v7xomKwt7VQuOuNAz4hatMLMcmEtH3pjs921lF1vWtb8Gxi1rfwia/bpfibb7WqXWVvr66gtcfzgmiyvtrwUfJ4+1qCs1GnU/YrCyR4TK60aFU3idQ8ntNjW9+hZoTo/m7dl4PjfT7UZq27RguCy3hwOoZ/CanOkZnFKm8Oe4SnLJU5uXnywf50j/fb0ft/+8Et0eC2nJEu3krdIqEyy22bEjzBN90n9rLTMyO7Ml8kK3n+dH7dwWhNYgGP6owiHUdD7eRVnLOlHu8Lx/ZJ2uwc/BY8jgXGUDvsXJueAIgDJX8NYskg=Get hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                                                            • 207.211.211.27
                                                                                                                                                                                                                                                                                            https://www.google.fr/url?q=38pQvvq6xRyj7Y00xDjnlx9kIHOSozurMOiaAkImPuQJnOIWtJjqJLi6stjtDz3yh&rct=tTPSrMOiaAkImPuQJnOIWtJjqJLi6stjtFX08pQvvq6xRyj7Y00xDjnlx9kIjusucT&sa=t&url=amp%2Fcasaderestauraciononline.com%2Fholy%2Findexsyn1.html%23cmltYS5hbWV1ckBjYXRhbGluYW1hcmtldGluZy5mcg==Get hashmaliciousHTMLPhisherBrowse
                                                                                                                                                                                                                                                                                            • 207.211.211.26
                                                                                                                                                                                                                                                                                            http://ubschf.com/updateGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                                                            • 207.211.211.27
                                                                                                                                                                                                                                                                                            http://ecometanexus.unids.com/Get hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                                                            • 207.211.211.26
                                                                                                                                                                                                                                                                                            https://www.google.co.uk/url?q=xtcjw2geVaKWnfmdoGJR&rct=plPBlHNa5kwdhss6Wkqp&sa=t&esrc=513lj8JvP7Ittpg5uakw&source=&cd=HEdeaS5QG8iPRKWBvNC5&cad=v3vi70ntSK6fhpPYoZj8&ved=blJ54Mupbf2HcJbicYcQ&uact=&url=amp/s%2Furl.us.m.mimecastprotect.com/s/n0rICERpMNsxN8vRCNfXC76qeb?domain=sharedocx.z13.web.core.windows.netGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                                                            • 207.211.31.64
                                                                                                                                                                                                                                                                                            https://campaignjoinnow42.cloud/Get hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                                                            • 207.211.214.80
                                                                                                                                                                                                                                                                                            https://u21852888.ct.sendgrid.net/ls/click?upn=u001.FxAvuNMG3o86idXoJiUPvwPTVafVkQ0fOQu9xIRaiT9GUDbevbZ-2Brz-2FdP99b0-2FeJ9NCoEDuq0jeeMWXtrowzE0raIUdT4jy-2BEEtDpMgSxYb9Q5UxPp0NW3BpVBL4PgefSRGa_p4A4YQt8epDIK9HlKea9sa92KkvwQomB2ra1gtBRlBPLm7YESecaRdNOoG-2FIeodVpYkG2TKi9dsP9toTzJTvhsfPLj86Ht-2BRswH6zlJYKXCDtlYGUxd2epvd8WV-2FhC93-2FXrMc1EZWijjqMBqK0SHaIVCWtN9nYpS-2BUSiHA6I6iaFAIE7u9OWiBJ9a5-2Bl7i-2B4XQbBW4PgaFNDoPtbbjDaAg-3D-3DGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                                                            • 207.211.31.106
                                                                                                                                                                                                                                                                                            DIGITALOCEAN-ASNUShttps://jhansalazar.weebly.com/Get hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                                                            • 134.122.57.34
                                                                                                                                                                                                                                                                                            fY2VZpT2HK.htaGet hashmaliciousMetasploitBrowse
                                                                                                                                                                                                                                                                                            • 139.59.198.47
                                                                                                                                                                                                                                                                                            AYTNa5002m.dllGet hashmaliciousMetasploitBrowse
                                                                                                                                                                                                                                                                                            • 139.59.198.47
                                                                                                                                                                                                                                                                                            uakMR01pZx.msiGet hashmaliciousMetasploitBrowse
                                                                                                                                                                                                                                                                                            • 139.59.198.47
                                                                                                                                                                                                                                                                                            http://185.95.84.78/rd/4gmsyP17223JZmx332lihotmtcwn9842ZSCGIOAIIATLJCU85240TITV3606d9Get hashmaliciousPhisherBrowse
                                                                                                                                                                                                                                                                                            • 142.93.185.253
                                                                                                                                                                                                                                                                                            https://go.hginsights.com/rs/214-HYO-692/images/HGGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                                                            • 188.166.193.169
                                                                                                                                                                                                                                                                                            rpedido-002297.exeGet hashmaliciousFormBook, GuLoaderBrowse
                                                                                                                                                                                                                                                                                            • 64.225.91.73
                                                                                                                                                                                                                                                                                            cracklib_runtimeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                                                            • 128.199.59.209
                                                                                                                                                                                                                                                                                            fonts-utilsGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                                                            • 161.35.207.209
                                                                                                                                                                                                                                                                                            DHL_ 46773482.exeGet hashmaliciousFormBookBrowse
                                                                                                                                                                                                                                                                                            • 192.241.156.136
                                                                                                                                                                                                                                                                                            CDN77GBhttps://bitfinexinvestment.com/Get hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                                                            • 212.102.56.179
                                                                                                                                                                                                                                                                                            Play_VM-NowCWhiteAudiowav012.htmlGet hashmaliciousTycoon2FABrowse
                                                                                                                                                                                                                                                                                            • 212.102.56.178
                                                                                                                                                                                                                                                                                            Remittance_10_0224.htmlGet hashmaliciousHTMLPhisherBrowse
                                                                                                                                                                                                                                                                                            • 195.181.170.18
                                                                                                                                                                                                                                                                                            https://www.canva.com/design/DAGSL2lLp_4/lQGTdiRa89y3fkgkaFc-uQ/edit?utm_content=DAGSL2lLp_4&utm_campaign=designshare&utm_medium=link2&utm_source=sharebuttonGet hashmaliciousHTMLPhisherBrowse
                                                                                                                                                                                                                                                                                            • 195.181.175.41
                                                                                                                                                                                                                                                                                            http://microsoft.biosency.com/Get hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                                                            • 195.181.170.18
                                                                                                                                                                                                                                                                                            https://uyapcezaportal.com/sorguGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                                                            • 195.181.172.2
                                                                                                                                                                                                                                                                                            http://telesexprivatexx.vercel.app/Get hashmaliciousPorn ScamBrowse
                                                                                                                                                                                                                                                                                            • 212.102.56.179
                                                                                                                                                                                                                                                                                            https://palomaestro1211.github.io/microsoftlogin/Get hashmaliciousHTMLPhisherBrowse
                                                                                                                                                                                                                                                                                            • 212.102.56.178
                                                                                                                                                                                                                                                                                            https://app.tr.haleygoodman.com/campaigns/ac5749yq4w231/track-url/zw116sahzt951/a797c6d0979e37b970b17db3a6c18ebf03b2c9daGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                                                            • 185.93.1.244
                                                                                                                                                                                                                                                                                            https://www.google.fr/url?q=38pQvvq6xRyj7Y00xDjnlx9kIHOSozurMOiaAkImPuQJnOIWtJjqJLi6stjtDz3yh&rct=tTPSrMOiaAkImPuQJnOIWtJjqJLi6stjtFX08pQvvq6xRyj7Y00xDjnlx9kIjusucT&sa=t&url=amp%2Fcasaderestauraciononline.com%2Fholy%2Findexsyn1.html%23cmltYS5hbWV1ckBjYXRhbGluYW1hcmtldGluZy5mcg==Get hashmaliciousHTMLPhisherBrowse
                                                                                                                                                                                                                                                                                            • 195.181.175.41
                                                                                                                                                                                                                                                                                            AS-CHOOPAUSnJohIBtNm5.exeGet hashmaliciousLummaC, Amadey, Clipboard Hijacker, CryptOne, Cryptbot, LummaC Stealer, RedLineBrowse
                                                                                                                                                                                                                                                                                            • 136.244.88.135
                                                                                                                                                                                                                                                                                            OXrZ6fj4Hq.exeGet hashmaliciousNeshta, Oski Stealer, StormKitty, SugarDump, Vidar, XWormBrowse
                                                                                                                                                                                                                                                                                            • 108.61.168.124
                                                                                                                                                                                                                                                                                            https://bit.ly/4eqfXtgGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                                                            • 80.240.30.52
                                                                                                                                                                                                                                                                                            https://trk.mail.ru/c/kruxy7?clickid=mtg66f14a9e6633b800088f731w&mt_campaign=ss_mark_se_ios&mt_creat%20ive=m-%20se23.mp4&mt_gaid=&mt_idfa=&mt_network=mtg1206891918&mt_oaid=&mt_sub1=ss_mark_se_ios&mt_sub2=mtg12068%2091918&mt_sub3=1809824272&mt_sub5=ss_mark_se_iosGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                                                            • 95.179.215.24
                                                                                                                                                                                                                                                                                            https://www.allegiantair.com/deals//smsgiveawayGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                                                            • 207.148.0.16
                                                                                                                                                                                                                                                                                            cHerHqWi10.exeGet hashmaliciousRedLineBrowse
                                                                                                                                                                                                                                                                                            • 207.246.113.185
                                                                                                                                                                                                                                                                                            https://downcheck.nyc3.cdn.digitaloceanspaces.com/peltgon.zipGet hashmaliciousLummaCBrowse
                                                                                                                                                                                                                                                                                            • 45.77.249.79
                                                                                                                                                                                                                                                                                            file.exeGet hashmaliciousXmrigBrowse
                                                                                                                                                                                                                                                                                            • 45.76.89.70
                                                                                                                                                                                                                                                                                            file.exeGet hashmaliciousRedLineBrowse
                                                                                                                                                                                                                                                                                            • 136.244.88.135
                                                                                                                                                                                                                                                                                            DEMANDA LABORAL.COM.exeGet hashmaliciousAsyncRATBrowse
                                                                                                                                                                                                                                                                                            • 45.32.163.234

                                                                                                                                                                                                                                                                                            JA3 Fingerprints

                                                                                                                                                                                                                                                                                            MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                                                                                                                                                                                                                            28a2c9bd18a11de089ef85a160da29e4niko.exeGet hashmaliciousAmadey, Credential Flusher, Stealc, VidarBrowse
                                                                                                                                                                                                                                                                                            • 4.175.87.197
                                                                                                                                                                                                                                                                                            • 4.245.163.56
                                                                                                                                                                                                                                                                                            • 184.28.90.27
                                                                                                                                                                                                                                                                                            • 13.107.246.60
                                                                                                                                                                                                                                                                                            • 13.85.23.206
                                                                                                                                                                                                                                                                                            ethaertharety.ps1Get hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                                                            • 4.175.87.197
                                                                                                                                                                                                                                                                                            • 4.245.163.56
                                                                                                                                                                                                                                                                                            • 184.28.90.27
                                                                                                                                                                                                                                                                                            • 13.107.246.60
                                                                                                                                                                                                                                                                                            • 13.85.23.206
                                                                                                                                                                                                                                                                                            d1bc91bd44a0.exeGet hashmaliciousPrivateLoader, Stealc, VidarBrowse
                                                                                                                                                                                                                                                                                            • 4.175.87.197
                                                                                                                                                                                                                                                                                            • 4.245.163.56
                                                                                                                                                                                                                                                                                            • 184.28.90.27
                                                                                                                                                                                                                                                                                            • 13.107.246.60
                                                                                                                                                                                                                                                                                            • 13.85.23.206
                                                                                                                                                                                                                                                                                            f2e7fcb20146.exeGet hashmaliciousStealcBrowse
                                                                                                                                                                                                                                                                                            • 4.175.87.197
                                                                                                                                                                                                                                                                                            • 4.245.163.56
                                                                                                                                                                                                                                                                                            • 184.28.90.27
                                                                                                                                                                                                                                                                                            • 13.107.246.60
                                                                                                                                                                                                                                                                                            • 13.85.23.206
                                                                                                                                                                                                                                                                                            a43486128347.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                                                                                                                                            • 4.175.87.197
                                                                                                                                                                                                                                                                                            • 4.245.163.56
                                                                                                                                                                                                                                                                                            • 184.28.90.27
                                                                                                                                                                                                                                                                                            • 13.107.246.60
                                                                                                                                                                                                                                                                                            • 13.85.23.206
                                                                                                                                                                                                                                                                                            956d73b7f041.exeGet hashmaliciousStealcBrowse
                                                                                                                                                                                                                                                                                            • 4.175.87.197
                                                                                                                                                                                                                                                                                            • 4.245.163.56
                                                                                                                                                                                                                                                                                            • 184.28.90.27
                                                                                                                                                                                                                                                                                            • 13.107.246.60
                                                                                                                                                                                                                                                                                            • 13.85.23.206
                                                                                                                                                                                                                                                                                            7f3c2473d1e6.exeGet hashmaliciousLummaC, VidarBrowse
                                                                                                                                                                                                                                                                                            • 4.175.87.197
                                                                                                                                                                                                                                                                                            • 4.245.163.56
                                                                                                                                                                                                                                                                                            • 184.28.90.27
                                                                                                                                                                                                                                                                                            • 13.107.246.60
                                                                                                                                                                                                                                                                                            • 13.85.23.206
                                                                                                                                                                                                                                                                                            Payment receipt 50%Invoicelp612117_CQDM.htmlGet hashmaliciousHTMLPhisherBrowse
                                                                                                                                                                                                                                                                                            • 4.175.87.197
                                                                                                                                                                                                                                                                                            • 4.245.163.56
                                                                                                                                                                                                                                                                                            • 184.28.90.27
                                                                                                                                                                                                                                                                                            • 13.107.246.60
                                                                                                                                                                                                                                                                                            • 13.85.23.206
                                                                                                                                                                                                                                                                                            TsxJNxhxMJfQTd.ps1Get hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                                                            • 4.175.87.197
                                                                                                                                                                                                                                                                                            • 4.245.163.56
                                                                                                                                                                                                                                                                                            • 184.28.90.27
                                                                                                                                                                                                                                                                                            • 13.107.246.60
                                                                                                                                                                                                                                                                                            • 13.85.23.206
                                                                                                                                                                                                                                                                                            https://ravenous-feast.co.uk/Get hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                                                            • 4.175.87.197
                                                                                                                                                                                                                                                                                            • 4.245.163.56
                                                                                                                                                                                                                                                                                            • 184.28.90.27
                                                                                                                                                                                                                                                                                            • 13.107.246.60
                                                                                                                                                                                                                                                                                            • 13.85.23.206
                                                                                                                                                                                                                                                                                            a0e9f5d64349fb13191bc781f81f42e1d1bc91bd44a0.exeGet hashmaliciousPrivateLoader, Stealc, VidarBrowse
                                                                                                                                                                                                                                                                                            • 45.32.1.23
                                                                                                                                                                                                                                                                                            a43486128347.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                                                                                                                                            • 45.32.1.23
                                                                                                                                                                                                                                                                                            7f3c2473d1e6.exeGet hashmaliciousLummaC, VidarBrowse
                                                                                                                                                                                                                                                                                            • 45.32.1.23
                                                                                                                                                                                                                                                                                            Payout Receipt.pptxGet hashmaliciousHTMLPhisherBrowse
                                                                                                                                                                                                                                                                                            • 45.32.1.23
                                                                                                                                                                                                                                                                                            setup.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                                                            • 45.32.1.23
                                                                                                                                                                                                                                                                                            msvcp110.dllGet hashmaliciousLummaCBrowse
                                                                                                                                                                                                                                                                                            • 45.32.1.23
                                                                                                                                                                                                                                                                                            c7v62g0YpB.exeGet hashmaliciousSmokeLoaderBrowse
                                                                                                                                                                                                                                                                                            • 45.32.1.23
                                                                                                                                                                                                                                                                                            PO20241003.xlsGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                                                            • 45.32.1.23
                                                                                                                                                                                                                                                                                            file.exeGet hashmaliciousLummaC, VidarBrowse
                                                                                                                                                                                                                                                                                            • 45.32.1.23
                                                                                                                                                                                                                                                                                            file.exeGet hashmaliciousLummaC, VidarBrowse
                                                                                                                                                                                                                                                                                            • 45.32.1.23
                                                                                                                                                                                                                                                                                            37f463bf4616ecd445d4a1937da06e19App_installer32_64x.exeGet hashmaliciousCredGrabber, Meduza StealerBrowse
                                                                                                                                                                                                                                                                                            • 207.211.211.27
                                                                                                                                                                                                                                                                                            • 45.32.1.23
                                                                                                                                                                                                                                                                                            • 207.246.91.177
                                                                                                                                                                                                                                                                                            • 18.173.205.111
                                                                                                                                                                                                                                                                                            setup_run.exeGet hashmaliciousCredGrabber, Meduza StealerBrowse
                                                                                                                                                                                                                                                                                            • 207.211.211.27
                                                                                                                                                                                                                                                                                            • 45.32.1.23
                                                                                                                                                                                                                                                                                            • 207.246.91.177
                                                                                                                                                                                                                                                                                            • 18.173.205.111
                                                                                                                                                                                                                                                                                            presupuesto urgente.exeGet hashmaliciousFormBook, GuLoaderBrowse
                                                                                                                                                                                                                                                                                            • 207.211.211.27
                                                                                                                                                                                                                                                                                            • 45.32.1.23
                                                                                                                                                                                                                                                                                            • 207.246.91.177
                                                                                                                                                                                                                                                                                            • 18.173.205.111
                                                                                                                                                                                                                                                                                            -pdf.bat.exeGet hashmaliciousGuLoaderBrowse
                                                                                                                                                                                                                                                                                            • 207.211.211.27
                                                                                                                                                                                                                                                                                            • 45.32.1.23
                                                                                                                                                                                                                                                                                            • 207.246.91.177
                                                                                                                                                                                                                                                                                            • 18.173.205.111
                                                                                                                                                                                                                                                                                            PEDIDO-144797.exeGet hashmaliciousFormBook, GuLoaderBrowse
                                                                                                                                                                                                                                                                                            • 207.211.211.27
                                                                                                                                                                                                                                                                                            • 45.32.1.23
                                                                                                                                                                                                                                                                                            • 207.246.91.177
                                                                                                                                                                                                                                                                                            • 18.173.205.111
                                                                                                                                                                                                                                                                                            -pdf.bat.exeGet hashmaliciousFormBookBrowse
                                                                                                                                                                                                                                                                                            • 207.211.211.27
                                                                                                                                                                                                                                                                                            • 45.32.1.23
                                                                                                                                                                                                                                                                                            • 207.246.91.177
                                                                                                                                                                                                                                                                                            • 18.173.205.111
                                                                                                                                                                                                                                                                                            TERMENII CONTRACTULUI (ACORD NOU#U0102 COMAND#U0102)-pdf.bat.exeGet hashmaliciousFormBook, GuLoaderBrowse
                                                                                                                                                                                                                                                                                            • 207.211.211.27
                                                                                                                                                                                                                                                                                            • 45.32.1.23
                                                                                                                                                                                                                                                                                            • 207.246.91.177
                                                                                                                                                                                                                                                                                            • 18.173.205.111
                                                                                                                                                                                                                                                                                            Cotizaci#U00f3n#12643283.exeGet hashmaliciousGuLoaderBrowse
                                                                                                                                                                                                                                                                                            • 207.211.211.27
                                                                                                                                                                                                                                                                                            • 45.32.1.23
                                                                                                                                                                                                                                                                                            • 207.246.91.177
                                                                                                                                                                                                                                                                                            • 18.173.205.111
                                                                                                                                                                                                                                                                                            BnxBRWQWhy.exeGet hashmaliciousStealc, VidarBrowse
                                                                                                                                                                                                                                                                                            • 207.211.211.27
                                                                                                                                                                                                                                                                                            • 45.32.1.23
                                                                                                                                                                                                                                                                                            • 207.246.91.177
                                                                                                                                                                                                                                                                                            • 18.173.205.111
                                                                                                                                                                                                                                                                                            file.exeGet hashmaliciousRDPWrap Tool, Amadey, Socks5Systemz, Stealc, Vidar, XmrigBrowse
                                                                                                                                                                                                                                                                                            • 207.211.211.27
                                                                                                                                                                                                                                                                                            • 45.32.1.23
                                                                                                                                                                                                                                                                                            • 207.246.91.177
                                                                                                                                                                                                                                                                                            • 18.173.205.111

                                                                                                                                                                                                                                                                                            Dropped Files

                                                                                                                                                                                                                                                                                            MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                                                                                                                                                                                                                            C:\Users\user\AppData\Local\Temp\nsr9111.tmp\Math.dlltKr6T60C1r.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                                                              Setup.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                                                                Setup (1).exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                                                                  Setup (1).exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                                                                    MDE_File_Sample_c30dd28cb119f2aa20ddabe8968b8cadbe80bcb2.zipGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                                                                      Setup.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                                                                        bf.exeGet hashmaliciousNanoCore, GuLoaderBrowse
                                                                                                                                                                                                                                                                                                          bf.exeGet hashmaliciousGuLoaderBrowse
                                                                                                                                                                                                                                                                                                            hVAj77o331.exeGet hashmaliciousGuLoader, RemcosBrowse
                                                                                                                                                                                                                                                                                                              hVAj77o331.exeGet hashmaliciousGuLoaderBrowse

                                                                                                                                                                                                                                                                                                                Created / dropped Files

                                                                                                                                                                                                                                                                                                                C:\Users\user\AppData\Local\Microsoft\Windows\Caches\{3DA71D5A-20CC-432F-A115-DFE92379E91F}.3.ver0x000000000000002d.db

                                                                                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                                                                                Process:C:\Windows\explorer.exe
                                                                                                                                                                                                                                                                                                                File Type:data
                                                                                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                                                                                Size (bytes):106768
                                                                                                                                                                                                                                                                                                                Entropy (8bit):4.0224764539388325
                                                                                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                                                                                SSDEEP:768:ns7Fk3r1kDGsHhXXjk0Yct63CXBwNXLF/aJIYXxkxvRCR1vcdPk8dRmRypE3oXBD:nLknHltImBNubhBiQG9n1aFjKGiGx
                                                                                                                                                                                                                                                                                                                MD5:7A45E24CD3FCE6030C9264A6DDB54F9A
                                                                                                                                                                                                                                                                                                                SHA1:4DB9855B72D0657FB18DC50FB523899094DB37A4
                                                                                                                                                                                                                                                                                                                SHA-256:5514D1391AFF3D9C8B9BF09BE90C2C4E862E6F230532342A752CE7BD5FF64CF6
                                                                                                                                                                                                                                                                                                                SHA-512:EDA123B363601895577353BC76E076C99F3A3985F139697DF6F405FC6F28562DADDAA893486749865154C8560500C62096792B34CB3C381DEA1899A186AAE7E1
                                                                                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                                                                                Reputation:low
                                                                                                                                                                                                                                                                                                                Preview:....h... ...............P...............Z...(..._...h...................X.......e.n.-.C.H.;.e.n.-.G.B..............................P.O. .:i.....+00.../C:\...................P.1...........Users.<............................................U.s.e.r.s.....P.1...........user.<............................................j.o.n.e.s.....V.1...........AppData.@............................................A.p.p.D.a.t.a.....V.1...........Roaming.@............................................R.o.a.m.i.n.g.....\.1...........Microsoft.D............................................M.i.c.r.o.s.o.f.t.....V.1...........Windows.@............................................W.i.n.d.o.w.s.....`.1...........Start Menu..F............................................S.t.a.r.t. .M.e.n.u.................. ..........P.O. .:i.....+00.../C:\...................P.1...........Users.<............................................U.s.e.r.s.....P.1...........user.<............................................j.o.n.e.s

                                                                                                                                                                                                                                                                                                                C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\3D003UC5\p[1].gif

                                                                                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                                                                                Process:C:\Users\user\PCAppStore\Watchdog.exe
                                                                                                                                                                                                                                                                                                                File Type:GIF image data, version 89a, 1 x 1
                                                                                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                                                                                Size (bytes):42
                                                                                                                                                                                                                                                                                                                Entropy (8bit):2.9881439641616536
                                                                                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                                                                                SSDEEP:3:CUXPQE/xlEy:1QEoy
                                                                                                                                                                                                                                                                                                                MD5:D89746888DA2D9510B64A9F031EAECD5
                                                                                                                                                                                                                                                                                                                SHA1:D5FCEB6532643D0D84FFE09C40C481ECDF59E15A
                                                                                                                                                                                                                                                                                                                SHA-256:EF1955AE757C8B966C83248350331BD3A30F658CED11F387F8EBF05AB3368629
                                                                                                                                                                                                                                                                                                                SHA-512:D5DA26B5D496EDB0221DF1A4057A8B0285D15592A8F8DC7016A294DF37ED335F3FDE6A2252962E0DF38B62847F8B771463A0124EF3F84299F262ED9D9D3CEE4C
                                                                                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                                                                                Reputation:high, very likely benign file
                                                                                                                                                                                                                                                                                                                Preview:GIF89a.............!.......,...........D.;

                                                                                                                                                                                                                                                                                                                C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\3D003UC5\p[2].gif

                                                                                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                                                                                Process:C:\Users\user\PCAppStore\Watchdog.exe
                                                                                                                                                                                                                                                                                                                File Type:GIF image data, version 89a, 1 x 1
                                                                                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                                                                                Size (bytes):42
                                                                                                                                                                                                                                                                                                                Entropy (8bit):2.9881439641616536
                                                                                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                                                                                SSDEEP:3:CUXPQE/xlEy:1QEoy
                                                                                                                                                                                                                                                                                                                MD5:D89746888DA2D9510B64A9F031EAECD5
                                                                                                                                                                                                                                                                                                                SHA1:D5FCEB6532643D0D84FFE09C40C481ECDF59E15A
                                                                                                                                                                                                                                                                                                                SHA-256:EF1955AE757C8B966C83248350331BD3A30F658CED11F387F8EBF05AB3368629
                                                                                                                                                                                                                                                                                                                SHA-512:D5DA26B5D496EDB0221DF1A4057A8B0285D15592A8F8DC7016A294DF37ED335F3FDE6A2252962E0DF38B62847F8B771463A0124EF3F84299F262ED9D9D3CEE4C
                                                                                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                                                                                Reputation:high, very likely benign file
                                                                                                                                                                                                                                                                                                                Preview:GIF89a.............!.......,...........D.;

                                                                                                                                                                                                                                                                                                                C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\YLNGKWRH\p[1].gif

                                                                                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                                                                                Process:C:\Users\user\PCAppStore\Watchdog.exe
                                                                                                                                                                                                                                                                                                                File Type:GIF image data, version 89a, 1 x 1
                                                                                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                                                                                Size (bytes):42
                                                                                                                                                                                                                                                                                                                Entropy (8bit):2.9881439641616536
                                                                                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                                                                                SSDEEP:3:CUXPQE/xlEy:1QEoy
                                                                                                                                                                                                                                                                                                                MD5:D89746888DA2D9510B64A9F031EAECD5
                                                                                                                                                                                                                                                                                                                SHA1:D5FCEB6532643D0D84FFE09C40C481ECDF59E15A
                                                                                                                                                                                                                                                                                                                SHA-256:EF1955AE757C8B966C83248350331BD3A30F658CED11F387F8EBF05AB3368629
                                                                                                                                                                                                                                                                                                                SHA-512:D5DA26B5D496EDB0221DF1A4057A8B0285D15592A8F8DC7016A294DF37ED335F3FDE6A2252962E0DF38B62847F8B771463A0124EF3F84299F262ED9D9D3CEE4C
                                                                                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                                                                                Preview:GIF89a.............!.......,...........D.;

                                                                                                                                                                                                                                                                                                                C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\ZJCZETOO\p[1].gif

                                                                                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                                                                                Process:C:\Users\user\PCAppStore\Watchdog.exe
                                                                                                                                                                                                                                                                                                                File Type:GIF image data, version 89a, 1 x 1
                                                                                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                                                                                Size (bytes):42
                                                                                                                                                                                                                                                                                                                Entropy (8bit):2.9881439641616536
                                                                                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                                                                                SSDEEP:3:CUXPQE/xlEy:1QEoy
                                                                                                                                                                                                                                                                                                                MD5:D89746888DA2D9510B64A9F031EAECD5
                                                                                                                                                                                                                                                                                                                SHA1:D5FCEB6532643D0D84FFE09C40C481ECDF59E15A
                                                                                                                                                                                                                                                                                                                SHA-256:EF1955AE757C8B966C83248350331BD3A30F658CED11F387F8EBF05AB3368629
                                                                                                                                                                                                                                                                                                                SHA-512:D5DA26B5D496EDB0221DF1A4057A8B0285D15592A8F8DC7016A294DF37ED335F3FDE6A2252962E0DF38B62847F8B771463A0124EF3F84299F262ED9D9D3CEE4C
                                                                                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                                                                                Preview:GIF89a.............!.......,...........D.;

                                                                                                                                                                                                                                                                                                                C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\ZVZFKMB9\p[1].gif

                                                                                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                                                                                Process:C:\Users\user\PCAppStore\Watchdog.exe
                                                                                                                                                                                                                                                                                                                File Type:GIF image data, version 89a, 1 x 1
                                                                                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                                                                                Size (bytes):42
                                                                                                                                                                                                                                                                                                                Entropy (8bit):2.9881439641616536
                                                                                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                                                                                SSDEEP:3:CUXPQE/xlEy:1QEoy
                                                                                                                                                                                                                                                                                                                MD5:D89746888DA2D9510B64A9F031EAECD5
                                                                                                                                                                                                                                                                                                                SHA1:D5FCEB6532643D0D84FFE09C40C481ECDF59E15A
                                                                                                                                                                                                                                                                                                                SHA-256:EF1955AE757C8B966C83248350331BD3A30F658CED11F387F8EBF05AB3368629
                                                                                                                                                                                                                                                                                                                SHA-512:D5DA26B5D496EDB0221DF1A4057A8B0285D15592A8F8DC7016A294DF37ED335F3FDE6A2252962E0DF38B62847F8B771463A0124EF3F84299F262ED9D9D3CEE4C
                                                                                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                                                                                Preview:GIF89a.............!.......,...........D.;

                                                                                                                                                                                                                                                                                                                C:\Users\user\AppData\Local\Temp\nsr7B99.tmp

                                                                                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                                                                                Process:C:\Users\user\Desktop\Setup.exe
                                                                                                                                                                                                                                                                                                                File Type:PE32 executable (GUI) Intel 80386, for MS Windows, Nullsoft Installer self-extracting archive
                                                                                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                                                                                Size (bytes):93366688
                                                                                                                                                                                                                                                                                                                Entropy (8bit):7.9999929729047174
                                                                                                                                                                                                                                                                                                                Encrypted:true
                                                                                                                                                                                                                                                                                                                SSDEEP:1572864:X4m7xwyBzzRtMlzL3fd91EoSUVEVGlq5XOp1+u5A49re4dBX5R2hCC9s6aVi5/y1:X48vzRtWzL3fT1EoA0qy12qreIBX5Rs2
                                                                                                                                                                                                                                                                                                                MD5:7D864ECA0B76FBC20223DFA8A0CBD588
                                                                                                                                                                                                                                                                                                                SHA1:F9EA17E067BD063FBB2989066789F576983F383E
                                                                                                                                                                                                                                                                                                                SHA-256:07B1CA0CE87A0756ACAAFBD481D6842F5ED94662B10B33ADA375088395CA1E2E
                                                                                                                                                                                                                                                                                                                SHA-512:24D3C51108D7D3D5DA538F62627DA7B7CC3B5F57495ED94E34A6FA3B0CB0A2941078A7086F801E9B50DCAEF6AFD90DE8A12893A37C4A052CD65169F6DF086A36
                                                                                                                                                                                                                                                                                                                Malicious:true
                                                                                                                                                                                                                                                                                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........1...Pf..Pf..Pf.*_9..Pf..Pg.LPf.*_;..Pf.sV..Pf..V`..Pf.Rich.Pf.........................PE..L.....Oa.................h...*......@6............@.......................... ......K-....@.............................................HO..........@...`)...........................................................................................text...vf.......h.................. ..`.rdata...............l..............@..@.data...x...........................@....ndata... ...............................rsrc...HO.......P..................@..@................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                                                C:\Users\user\AppData\Local\Temp\nsr9111.tmp\Math.dll

                                                                                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\nsr7B99.tmp
                                                                                                                                                                                                                                                                                                                File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                                                                                Size (bytes):69120
                                                                                                                                                                                                                                                                                                                Entropy (8bit):6.024967061017882
                                                                                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                                                                                SSDEEP:1536:GUZ9QC7V7IGMp2ZmtSX5p9IeJXlSM2tS:T97WSth5lwt
                                                                                                                                                                                                                                                                                                                MD5:85428CF1F140E5023F4C9D179B704702
                                                                                                                                                                                                                                                                                                                SHA1:1B51213DDBAEDFFFB7E7F098F172F1D4E5C9EFBA
                                                                                                                                                                                                                                                                                                                SHA-256:8D9A23DD2004B68C0D2E64E6C6AD330D0C648BFFE2B9F619A1E9760EF978207A
                                                                                                                                                                                                                                                                                                                SHA-512:DFE7F9F3030485CAF30EC631424120030C3985DF778993342A371BF1724FA84AA885B4E466C6F6B356D99CC24E564B9C702C7BCDD33052172E0794C2FDECCE59
                                                                                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                                                                                Antivirus:
                                                                                                                                                                                                                                                                                                                • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                                                                                                Joe Sandbox View:
                                                                                                                                                                                                                                                                                                                • Filename: tKr6T60C1r.exe, Detection: malicious, Browse
                                                                                                                                                                                                                                                                                                                • Filename: Setup.exe, Detection: malicious, Browse
                                                                                                                                                                                                                                                                                                                • Filename: Setup (1).exe, Detection: malicious, Browse
                                                                                                                                                                                                                                                                                                                • Filename: Setup (1).exe, Detection: malicious, Browse
                                                                                                                                                                                                                                                                                                                • Filename: MDE_File_Sample_c30dd28cb119f2aa20ddabe8968b8cadbe80bcb2.zip, Detection: malicious, Browse
                                                                                                                                                                                                                                                                                                                • Filename: Setup.exe, Detection: malicious, Browse
                                                                                                                                                                                                                                                                                                                • Filename: bf.exe, Detection: malicious, Browse
                                                                                                                                                                                                                                                                                                                • Filename: bf.exe, Detection: malicious, Browse
                                                                                                                                                                                                                                                                                                                • Filename: hVAj77o331.exe, Detection: malicious, Browse
                                                                                                                                                                                                                                                                                                                • Filename: hVAj77o331.exe, Detection: malicious, Browse
                                                                                                                                                                                                                                                                                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........w.................F.........................5.....5....:6....Rich...........PE..L.....Oa...........!................KG....................................................@.............................B.......(....................................................................................................................text...b........................... ..`.rdata..R...........................@..@.data............2..................@....reloc..............................@..B................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                                                C:\Users\user\AppData\Local\Temp\nsr9111.tmp\System.dll

                                                                                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\nsr7B99.tmp
                                                                                                                                                                                                                                                                                                                File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                                                                                Size (bytes):12288
                                                                                                                                                                                                                                                                                                                Entropy (8bit):5.814115788739565
                                                                                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                                                                                SSDEEP:192:Zjvco0qWTlt70m5Aj/lQ0sEWD/wtYbBHFNaDybC7y+XBz0QPi:FHQlt70mij/lQRv/9VMjzr
                                                                                                                                                                                                                                                                                                                MD5:CFF85C549D536F651D4FB8387F1976F2
                                                                                                                                                                                                                                                                                                                SHA1:D41CE3A5FF609DF9CF5C7E207D3B59BF8A48530E
                                                                                                                                                                                                                                                                                                                SHA-256:8DC562CDA7217A3A52DB898243DE3E2ED68B80E62DDCB8619545ED0B4E7F65A8
                                                                                                                                                                                                                                                                                                                SHA-512:531D6328DAF3B86D85556016D299798FA06FEFC81604185108A342D000E203094C8C12226A12BD6E1F89B0DB501FB66F827B610D460B933BD4AB936AC2FD8A88
                                                                                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                                                                                Antivirus:
                                                                                                                                                                                                                                                                                                                • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                                                                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......qr*.5.D.5.D.5.D...J.2.D.5.E.!.D.....2.D.a0t.1.D.V1n.4.D..3@.4.D.Rich5.D.........PE..L.....Oa...........!....."...........*.......@...............................p............@..........................B.......@..P............................`.......................................................@..X............................text.... .......".................. ..`.rdata..c....@.......&..............@..@.data...x....P.......*..............@....reloc.......`.......,..............@..B................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                                                C:\Users\user\AppData\Local\Temp\nsr9111.tmp\image.gif

                                                                                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\nsr7B99.tmp
                                                                                                                                                                                                                                                                                                                File Type:GIF image data, version 89a, 16 x 16
                                                                                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                                                                                Size (bytes):997
                                                                                                                                                                                                                                                                                                                Entropy (8bit):4.188896534234179
                                                                                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                                                                                SSDEEP:12:2E5KZbHOjOruFw6MLxENScRVar7FC53tK1Oqd3Aa0n:tAlHOjOX60ENvRVZKbEn
                                                                                                                                                                                                                                                                                                                MD5:1636218C14C357455B5C872982E2A047
                                                                                                                                                                                                                                                                                                                SHA1:21FBD1308AF7AD25352667583A8DC340B0847DBC
                                                                                                                                                                                                                                                                                                                SHA-256:9B8B6285BF65F086E08701EEE04E57F2586E973A49C5A38660C9C6502A807045
                                                                                                                                                                                                                                                                                                                SHA-512:837FA6BCBE69A3728F5CB4C25C35C1D13E84B11232FC5279A91F21341892AD0E36003D86962C8AB1A056D3BEEB2652C754D51D6EC7EEE0E0EBFE19CD93FB5CB0
                                                                                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                                                                                Preview:GIF89a............P..........4q...5j...O..F.].......................o..._.....5y.t........\....K>}...g..t....X...B..ET....t~....go..Jx...........|..U!f.|....>u.M.........w>..+r...|...A{.....t...E...b.8}....d....A.....R..y..l...w....G5u...{....t.............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................!..NETSCAPE2.0.....!.......,...............H..A....`pp....~.xR......d.......,...D...)2 .1.....N` R......(@......,8RDA../..XB....P.F .....#...b`F...#8p......<\.`.........A....n|.CH...........+... .E.....d`.@......;

                                                                                                                                                                                                                                                                                                                C:\Users\user\AppData\Local\Temp\nsr9111.tmp\inetc.dll

                                                                                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\nsr7B99.tmp
                                                                                                                                                                                                                                                                                                                File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                                                                                Size (bytes):39424
                                                                                                                                                                                                                                                                                                                Entropy (8bit):4.684597989866362
                                                                                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                                                                                SSDEEP:384:njt65uI9oYzcCaHjl9Cb4I1f0AGhrHXoREnRxtIpH/u0abJ2v2DW9O9tk8ZwkpwD:noHtNQoRSIwTJB6Q/kPyBp6
                                                                                                                                                                                                                                                                                                                MD5:A35CDC9CF1D17216C0AB8C5282488EAD
                                                                                                                                                                                                                                                                                                                SHA1:ED8E8091A924343AD8791D85E2733C14839F0D36
                                                                                                                                                                                                                                                                                                                SHA-256:A793929232AFB78B1C5B2F45D82094098BCF01523159FAD1032147D8D5F9C4DF
                                                                                                                                                                                                                                                                                                                SHA-512:0F15B00D0BF2AABD194302E599D69962147B4B3EF99E5A5F8D5797A7A56FD75DD9DB0A667CFBA9C758E6F0DAB9CED126A9B43948935FE37FC31D96278A842BDF
                                                                                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                                                                                Antivirus:
                                                                                                                                                                                                                                                                                                                • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                                                                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........&.[.H.[.H.[.H.O.I.R.H.[.I...H...M.Y.H...L.Z.H...H.Z.H.....Z.H...J.Z.H.Rich[.H.................PE..L...n..c...........!.....T.........._........p............................... ............@..........................x......D...d...............................t....w..8...............................................D............................text....S.......T.................. ..`.rdata.......p.......X..............@..@.data....i...........d..............@....idata..A............v..............@..@.rsrc...............................@..@.reloc..............................@..B................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                                                C:\Users\user\AppData\Local\Temp\nsr9111.tmp\nsJSON.dll

                                                                                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\nsr7B99.tmp
                                                                                                                                                                                                                                                                                                                File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                                                                                Size (bytes):24064
                                                                                                                                                                                                                                                                                                                Entropy (8bit):5.819708895488079
                                                                                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                                                                                SSDEEP:384:n7U5CiIZ1ZC2RvhrTfldNuwQ5pk+BISivMyyOgqCoRUj+OvHxOuofnykhVQJrTU:YoZ1ZnhrTfldqk7Yyy94RxOcVQJrT
                                                                                                                                                                                                                                                                                                                MD5:F4D89D9A2A3E2F164AEA3E93864905C9
                                                                                                                                                                                                                                                                                                                SHA1:4D4E05EE5E4E77A0631A3DD064C171BA2E227D4A
                                                                                                                                                                                                                                                                                                                SHA-256:64B3EFDF3DE54E338D4DB96B549A7BDB7237BB88A82A0A63AEF570327A78A6FB
                                                                                                                                                                                                                                                                                                                SHA-512:DBDA3FE7CA22C23D2D0F2A5D9D415A96112E2965081582C7A42C139A55C5D861A27F0BD919504DE4F82C59CF7D1B97F95ED5A55E87D574635AFDB7EB2D8CADF2
                                                                                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                                                                                Antivirus:
                                                                                                                                                                                                                                                                                                                • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                                                                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......U.'..fI_.fI_.fI_3.H^.fI_.fH_?fI_.8M^.fI_.8I^.fI_.8._.fI_.8K^.fI_Rich.fI_........PE..L...`..Z...........!.....>..........E........P............................................@..........................X......@Z..P....p..........................H....X...............................................P...............................text...W<.......>.................. ..`.rdata.......P.......B..............@..@.data...@....`.......R..............@....rsrc........p.......T..............@..@.reloc..H............X..............@..B........................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                                                C:\Users\user\AppData\Local\Temp\nst5AB2.tmp\System.dll

                                                                                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                                                                                Process:C:\Users\user\Desktop\Setup.exe
                                                                                                                                                                                                                                                                                                                File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                                                                                Size (bytes):12288
                                                                                                                                                                                                                                                                                                                Entropy (8bit):5.814115788739565
                                                                                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                                                                                SSDEEP:192:Zjvco0qWTlt70m5Aj/lQ0sEWD/wtYbBHFNaDybC7y+XBz0QPi:FHQlt70mij/lQRv/9VMjzr
                                                                                                                                                                                                                                                                                                                MD5:CFF85C549D536F651D4FB8387F1976F2
                                                                                                                                                                                                                                                                                                                SHA1:D41CE3A5FF609DF9CF5C7E207D3B59BF8A48530E
                                                                                                                                                                                                                                                                                                                SHA-256:8DC562CDA7217A3A52DB898243DE3E2ED68B80E62DDCB8619545ED0B4E7F65A8
                                                                                                                                                                                                                                                                                                                SHA-512:531D6328DAF3B86D85556016D299798FA06FEFC81604185108A342D000E203094C8C12226A12BD6E1F89B0DB501FB66F827B610D460B933BD4AB936AC2FD8A88
                                                                                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                                                                                Antivirus:
                                                                                                                                                                                                                                                                                                                • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                                                                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......qr*.5.D.5.D.5.D...J.2.D.5.E.!.D.....2.D.a0t.1.D.V1n.4.D..3@.4.D.Rich5.D.........PE..L.....Oa...........!....."...........*.......@...............................p............@..........................B.......@..P............................`.......................................................@..X............................text.... .......".................. ..`.rdata..c....@.......&..............@..@.data...x....P.......*..............@....reloc.......`.......,..............@..B................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                                                C:\Users\user\AppData\Local\Temp\nst5AB2.tmp\image.gif

                                                                                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                                                                                Process:C:\Users\user\Desktop\Setup.exe
                                                                                                                                                                                                                                                                                                                File Type:GIF image data, version 89a, 16 x 16
                                                                                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                                                                                Size (bytes):997
                                                                                                                                                                                                                                                                                                                Entropy (8bit):4.188896534234179
                                                                                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                                                                                SSDEEP:12:2E5KZbHOjOruFw6MLxENScRVar7FC53tK1Oqd3Aa0n:tAlHOjOX60ENvRVZKbEn
                                                                                                                                                                                                                                                                                                                MD5:1636218C14C357455B5C872982E2A047
                                                                                                                                                                                                                                                                                                                SHA1:21FBD1308AF7AD25352667583A8DC340B0847DBC
                                                                                                                                                                                                                                                                                                                SHA-256:9B8B6285BF65F086E08701EEE04E57F2586E973A49C5A38660C9C6502A807045
                                                                                                                                                                                                                                                                                                                SHA-512:837FA6BCBE69A3728F5CB4C25C35C1D13E84B11232FC5279A91F21341892AD0E36003D86962C8AB1A056D3BEEB2652C754D51D6EC7EEE0E0EBFE19CD93FB5CB0
                                                                                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                                                                                Preview:GIF89a............P..........4q...5j...O..F.].......................o..._.....5y.t........\....K>}...g..t....X...B..ET....t~....go..Jx...........|..U!f.|....>u.M.........w>..+r...|...A{.....t...E...b.8}....d....A.....R..y..l...w....G5u...{....t.............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................!..NETSCAPE2.0.....!.......,...............H..A....`pp....~.xR......d.......,...D...)2 .1.....N` R......(@......,8RDA../..XB....P.F .....#...b`F...#8p......<\.`.........A....n|.CH...........+... .E.....d`.@......;

                                                                                                                                                                                                                                                                                                                C:\Users\user\AppData\Local\Temp\nst5AB2.tmp\inetc.dll

                                                                                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                                                                                Process:C:\Users\user\Desktop\Setup.exe
                                                                                                                                                                                                                                                                                                                File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                                                                                Size (bytes):39424
                                                                                                                                                                                                                                                                                                                Entropy (8bit):4.684597989866362
                                                                                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                                                                                SSDEEP:384:njt65uI9oYzcCaHjl9Cb4I1f0AGhrHXoREnRxtIpH/u0abJ2v2DW9O9tk8ZwkpwD:noHtNQoRSIwTJB6Q/kPyBp6
                                                                                                                                                                                                                                                                                                                MD5:A35CDC9CF1D17216C0AB8C5282488EAD
                                                                                                                                                                                                                                                                                                                SHA1:ED8E8091A924343AD8791D85E2733C14839F0D36
                                                                                                                                                                                                                                                                                                                SHA-256:A793929232AFB78B1C5B2F45D82094098BCF01523159FAD1032147D8D5F9C4DF
                                                                                                                                                                                                                                                                                                                SHA-512:0F15B00D0BF2AABD194302E599D69962147B4B3EF99E5A5F8D5797A7A56FD75DD9DB0A667CFBA9C758E6F0DAB9CED126A9B43948935FE37FC31D96278A842BDF
                                                                                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                                                                                Antivirus:
                                                                                                                                                                                                                                                                                                                • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                                                                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........&.[.H.[.H.[.H.O.I.R.H.[.I...H...M.Y.H...L.Z.H...H.Z.H.....Z.H...J.Z.H.Rich[.H.................PE..L...n..c...........!.....T.........._........p............................... ............@..........................x......D...d...............................t....w..8...............................................D............................text....S.......T.................. ..`.rdata.......p.......X..............@..@.data....i...........d..............@....idata..A............v..............@..@.rsrc...............................@..@.reloc..............................@..B................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                                                C:\Users\user\AppData\Local\Temp\nst5AB2.tmp\modern-wizard.bmp

                                                                                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                                                                                Process:C:\Users\user\Desktop\Setup.exe
                                                                                                                                                                                                                                                                                                                File Type:PC bitmap, Windows 3.x format, 164 x 314 x 4, image size 26376, resolution 2834 x 2834 px/m, cbSize 26494, bits offset 118
                                                                                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                                                                                Size (bytes):26494
                                                                                                                                                                                                                                                                                                                Entropy (8bit):1.9568109962493656
                                                                                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                                                                                SSDEEP:24:Qwika6aSaaDaVYoG6abuJsnZs5GhI11BayNXPcDrSsUWcSphsWwlEWqCl6aHAX2x:Qoi47a5G8SddzKFIcsOz3Xz
                                                                                                                                                                                                                                                                                                                MD5:CBE40FD2B1EC96DAEDC65DA172D90022
                                                                                                                                                                                                                                                                                                                SHA1:366C216220AA4329DFF6C485FD0E9B0F4F0A7944
                                                                                                                                                                                                                                                                                                                SHA-256:3AD2DC318056D0A2024AF1804EA741146CFC18CC404649A44610CBF8B2056CF2
                                                                                                                                                                                                                                                                                                                SHA-512:62990CB16E37B6B4EFF6AB03571C3A82DCAA21A1D393C3CB01D81F62287777FB0B4B27F8852B5FA71BC975FEAB5BAA486D33F2C58660210E115DE7E2BD34EA63
                                                                                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                                                                                Preview:BM~g......v...(.......:............g..................................................................................DDD@@@@DDDDDD@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@DDDDDDDDDD@@@@DDDDDDDDD@@@@@@..DDD....DDDDDD........................................DDDDDDDDDD....DDDDDDDDD........DD@@@@DDDDDD@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@DDDDDDDDD@@@@DDDDDDDDDD@@@@@@D..DD....DDDDDDD......................................DDDDDDDDDD....DDDDDDDDDD......D..D@@@@@DDDDDD@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@DDDDDDDDDD@@@@DDDDDDDDDD@@@@@DDD..D.....DDDDDD......................................DDDDDDDDD.....DDDDDDDDD......DDD..@@@@@DDDDDD@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@DDDDDDDDDD@@@@DDDDDDDDDD@@@@@@DDDD.......DDDDDD.....................................DDDDDDDDDD....DDDDDDDDDD.....DDDDD..@@@@@DDDDDD@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@DDDDDDDDDD@@@@DDDDDDDDD@@@@@@DDDDDD.......DDDDDD....................................DDDDDDDDD....DDDDDDDDDD......DDDDDD..@@@@DDDDDD@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@

                                                                                                                                                                                                                                                                                                                C:\Users\user\AppData\Local\Temp\nst5AB2.tmp\nsDialogs.dll

                                                                                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                                                                                Process:C:\Users\user\Desktop\Setup.exe
                                                                                                                                                                                                                                                                                                                File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                                                                                Size (bytes):9728
                                                                                                                                                                                                                                                                                                                Entropy (8bit):5.158136237602734
                                                                                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                                                                                SSDEEP:96:o0svUu3Uy+sytcS8176b+XR8pCHFcMcxSgB5PKtAtgt+Nt+rnt3DVEB3YcNqkzfS:o0svWyNO81b8pCHFcM0PuAgkOyuIFc
                                                                                                                                                                                                                                                                                                                MD5:6C3F8C94D0727894D706940A8A980543
                                                                                                                                                                                                                                                                                                                SHA1:0D1BCAD901BE377F38D579AAFC0C41C0EF8DCEFD
                                                                                                                                                                                                                                                                                                                SHA-256:56B96ADD1978B1ABBA286F7F8982B0EFBE007D4A48B3DED6A4D408E01D753FE2
                                                                                                                                                                                                                                                                                                                SHA-512:2094F0E4BB7C806A5FF27F83A1D572A5512D979EEFDA3345BAFF27D2C89E828F68466D08C3CA250DA11B01FC0407A21743037C25E94FBE688566DD7DEAEBD355
                                                                                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                                                                                Antivirus:
                                                                                                                                                                                                                                                                                                                • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                                                                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......|..c8O`08O`08O`08Oa0.O`0.@=05O`0llP0=O`0.If09O`0.od09O`0Rich8O`0........PE..L.....Oa...........!.........0......g........0............................................@..........................6..k....0.......p...............................................................................0...............................text............................... ..`.rdata..{....0......................@..@.data...h!...@......................@....rsrc........p....... ..............@..@.reloc..~............"..............@..B................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                                                C:\Users\user\AppData\Local\Temp\nst5AB2.tmp\nsJSON.dll

                                                                                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                                                                                Process:C:\Users\user\Desktop\Setup.exe
                                                                                                                                                                                                                                                                                                                File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                                                                                Size (bytes):24064
                                                                                                                                                                                                                                                                                                                Entropy (8bit):5.819708895488079
                                                                                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                                                                                SSDEEP:384:n7U5CiIZ1ZC2RvhrTfldNuwQ5pk+BISivMyyOgqCoRUj+OvHxOuofnykhVQJrTU:YoZ1ZnhrTfldqk7Yyy94RxOcVQJrT
                                                                                                                                                                                                                                                                                                                MD5:F4D89D9A2A3E2F164AEA3E93864905C9
                                                                                                                                                                                                                                                                                                                SHA1:4D4E05EE5E4E77A0631A3DD064C171BA2E227D4A
                                                                                                                                                                                                                                                                                                                SHA-256:64B3EFDF3DE54E338D4DB96B549A7BDB7237BB88A82A0A63AEF570327A78A6FB
                                                                                                                                                                                                                                                                                                                SHA-512:DBDA3FE7CA22C23D2D0F2A5D9D415A96112E2965081582C7A42C139A55C5D861A27F0BD919504DE4F82C59CF7D1B97F95ED5A55E87D574635AFDB7EB2D8CADF2
                                                                                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                                                                                Antivirus:
                                                                                                                                                                                                                                                                                                                • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                                                                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......U.'..fI_.fI_.fI_3.H^.fI_.fH_?fI_.8M^.fI_.8I^.fI_.8._.fI_.8K^.fI_Rich.fI_........PE..L...`..Z...........!.....>..........E........P............................................@..........................X......@Z..P....p..........................H....X...............................................P...............................text...W<.......>.................. ..`.rdata.......P.......B..............@..@.data...@....`.......R..............@....rsrc........p.......T..............@..@.reloc..H............X..............@..B........................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                                                C:\Users\user\AppData\Local\Temp\nsw90E1.tmp

                                                                                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\nsr7B99.tmp
                                                                                                                                                                                                                                                                                                                File Type:OpenPGP Secret Key Version 2
                                                                                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                                                                                Size (bytes):318266670
                                                                                                                                                                                                                                                                                                                Entropy (8bit):6.9314449353629195
                                                                                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                                                                                SSDEEP:3145728:8E8qgvUBRlhK9QJiDS610scieJq1SXCSnsmdAGFQWa:8ErKe0Djq7hCSk7
                                                                                                                                                                                                                                                                                                                MD5:2B94895119E678D0907CB9DE945A054B
                                                                                                                                                                                                                                                                                                                SHA1:E6BF56DF7F282F3F52EC6387FE71DEEE602FB287
                                                                                                                                                                                                                                                                                                                SHA-256:B74BCBB6D214230DDDE51FAA40903F427F1A6690B4CAB51C587AC040F77430B9
                                                                                                                                                                                                                                                                                                                SHA-512:E08A3D89C8CAAD770E891281DCA21AE0E740D2211A29886D84FEA96040D34A25874391F23A026ABCAC78962AEBA88DCCF1374C50899F591F9136D13113DB2F7C
                                                                                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                                                                                Preview:........,.......,.......D...?...(.......6.......4...............................................................\...........................................................................................................................................................................3...............x2..................................................................................................................................j.......................k...................................................................................................................b.......r...................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                                                C:\Users\user\AppData\Local\Temp\temp

                                                                                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\nsr7B99.tmp
                                                                                                                                                                                                                                                                                                                File Type:GIF image data, version 89a, 1 x 1
                                                                                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                                                                                Size (bytes):42
                                                                                                                                                                                                                                                                                                                Entropy (8bit):2.9881439641616536
                                                                                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                                                                                SSDEEP:3:CUXPQE/xlEy:1QEoy
                                                                                                                                                                                                                                                                                                                MD5:D89746888DA2D9510B64A9F031EAECD5
                                                                                                                                                                                                                                                                                                                SHA1:D5FCEB6532643D0D84FFE09C40C481ECDF59E15A
                                                                                                                                                                                                                                                                                                                SHA-256:EF1955AE757C8B966C83248350331BD3A30F658CED11F387F8EBF05AB3368629
                                                                                                                                                                                                                                                                                                                SHA-512:D5DA26B5D496EDB0221DF1A4057A8B0285D15592A8F8DC7016A294DF37ED335F3FDE6A2252962E0DF38B62847F8B771463A0124EF3F84299F262ED9D9D3CEE4C
                                                                                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                                                                                Preview:GIF89a.............!.......,...........D.;

                                                                                                                                                                                                                                                                                                                C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\PC App Store.lnk

                                                                                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\nsr7B99.tmp
                                                                                                                                                                                                                                                                                                                File Type:MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Wed Sep 4 06:01:36 2024, mtime=Fri Oct 4 13:02:07 2024, atime=Wed Sep 4 06:01:36 2024, length=3007328, window=hide
                                                                                                                                                                                                                                                                                                                Category:modified
                                                                                                                                                                                                                                                                                                                Size (bytes):1857
                                                                                                                                                                                                                                                                                                                Entropy (8bit):3.4806207856061153
                                                                                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                                                                                SSDEEP:24:8kNOfZPlEfyATlrN6RknwtkkyHiO/7fN3qyFm:8kNUPlMRjkknOyHi7yF
                                                                                                                                                                                                                                                                                                                MD5:26DD16D3514347EB5825AF6FB836EF6D
                                                                                                                                                                                                                                                                                                                SHA1:AFD0C3E0431D335528E0F6CAA8725A51841952F2
                                                                                                                                                                                                                                                                                                                SHA-256:89187E98D9828D40FF46566DBE6CD09FAE2B261214F41318113FAF9F041B7C3B
                                                                                                                                                                                                                                                                                                                SHA-512:F8E654B879228CF325B01CE1732988D688193A4D1417B53ABCF964098DB880EFDDABE4C1B3FF9039DA3748B29C5625EA9059A41C30FE2FE63F9BC03A0FC80CC7
                                                                                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                                                                                Preview:L..................F.@.. ....H)H.......e....H)H....`.-.....................0.:..DG..Yr?.D..U..k0.&...&......vk.v....4|..e...I&..e.......t...CFSF..1.....DYCp..PCAPPS~1....t.Y^...H.g.3..(.....gVA.G..k...F......DY0pDYCp..............................P.C.A.p.p.S.t.o.r.e...D.j.2.`.-.$Y28 .PCAPPS~1.EXE..N......$Y28DYDp..............................P.c.A.p.p.S.t.o.r.e...e.x.e.......W...............-.......V...........LHy......C:\Users\user\PCAppStore\PcAppStore.exe..+.....\.....\.....\.....\.....\.....\.P.C.A.p.p.S.t.o.r.e.\.P.c.A.p.p.S.t.o.r.e...e.x.e...C.:.\.U.s.e.r.s.\.j.o.n.e.s.\.P.C.A.p.p.S.t.o.r.e.../.i.n.i.t. .d.e.f.a.u.l.t. .s.h.o.w.M.(.C.:.\.U.s.e.r.s.\.j.o.n.e.s.\.P.C.A.p.p.S.t.o.r.e.\.p.c.a.p.p.s.t.o.r.e...i.c.o.........%USERPROFILE%\PCAppStore\pcappstore.ico.............................................................................................................................................................................................................................%

                                                                                                                                                                                                                                                                                                                C:\Users\user\PCAppStore\AutoUpdater.exe

                                                                                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\nsr7B99.tmp
                                                                                                                                                                                                                                                                                                                File Type:PE32+ executable (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                                                                                Size (bytes):586072
                                                                                                                                                                                                                                                                                                                Entropy (8bit):6.3416892195606
                                                                                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                                                                                SSDEEP:12288:StVAhPej3HHF0jGKoNdasaI0fqbM4EuxW:SIhPetKOdasv0IHEuU
                                                                                                                                                                                                                                                                                                                MD5:475D973CB23A21F2C2282528FBFAF486
                                                                                                                                                                                                                                                                                                                SHA1:FF5554C592819C03946ED0900C90D4ED917AE49D
                                                                                                                                                                                                                                                                                                                SHA-256:BEE8D6366E1DC83AA7443A9E924B60705E573D046D275416CDBDC3CF56A0B6D0
                                                                                                                                                                                                                                                                                                                SHA-512:734108BE8915455C652A1ABC6B23E17FD187403C1C28DA44F399DCA030A51FB6C8F0B01B69275DC609513435EEF79A7ECBA597388BD21FCF0E15B5C8FF1AA703
                                                                                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                                                                                Antivirus:
                                                                                                                                                                                                                                                                                                                • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                                                                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......F.....i...i...i.I.j...i.I.l...i.I.m...i..&j...i..&m...i..&l.X.i.I.h...i...h...i..!l...i..!....i.......i..!k...i.Rich..i.........PE..d......f.........."....(.....V......X..........@....................................3.....`..............................................................G...P..DR......X)..........0...T.......................(.......@............................................text...h........................... ..`.rdata..hm.......n..................@..@.data....<....... ..................@....pdata..DR...P...T..................@..@.rsrc....G.......H...r..............@..@.reloc..............................@..B................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                                                C:\Users\user\PCAppStore\PcAppStore.exe

                                                                                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\nsr7B99.tmp
                                                                                                                                                                                                                                                                                                                File Type:PE32+ executable (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                                                                                Size (bytes):3007328
                                                                                                                                                                                                                                                                                                                Entropy (8bit):5.936704210165154
                                                                                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                                                                                SSDEEP:24576:WyhD/wkr4SuIuJaa05Fo222twv/PueLw3JTbiNG8g9ME9CQCsSnFpca97/VeZAKD:diUuftvO9NFAsWIGssLV
                                                                                                                                                                                                                                                                                                                MD5:B9769675AB9AA29B4D54C8140A1E218E
                                                                                                                                                                                                                                                                                                                SHA1:2782E8E15A29F043249AE137B11CB654F7E5A66F
                                                                                                                                                                                                                                                                                                                SHA-256:5A8AA541EEE8D85ABE483BD2976B6B291AECA2377FE8FC2AAE2EB1A1C6A3926A
                                                                                                                                                                                                                                                                                                                SHA-512:BC3745A87D236DF7A7846114707FBA161E9CF9618BF41824135EE7CB803756C665F2B2655A5BD575627F36C4B7827176018F1F4C7B76E5912298AA502C58B0EB
                                                                                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                                                                                Antivirus:
                                                                                                                                                                                                                                                                                                                • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                                                                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......2.I.v.'.v.'.v.'.=.$.~.'.=."...'...#.e.'...t.'...$.z.'..."...'.=.#.`.'.=.!.w.'.=.&.Q.'.v.&..'.b.#.t.'.b.".l.'.b..w.'.v...w.'.b.%.w.'.Richv.'.........PE..d......f.........."....(..%..D......D. ........@......................................-...`..................................................e)...... ..P^...0,.P.....-.`).......%....'.p.....................'.(.....'.@............@%..............................text....-%.......%................. ..`.rdata...P...@%..R...2%.............@..@.data...x.....).......).............@....pdata..P....0,......R+.............@..@.rsrc...P^... ...`...4-.............@..@.reloc...%.......&....-.............@..B........................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                                                C:\Users\user\PCAppStore\ReadMe.txt

                                                                                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\nsr7B99.tmp
                                                                                                                                                                                                                                                                                                                File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                                                                                Size (bytes):146
                                                                                                                                                                                                                                                                                                                Entropy (8bit):4.577360416859904
                                                                                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                                                                                SSDEEP:3:TKPyFfliFRNAl2sIaRjyM1KOTxLELMZ4MKLJF8EelYq8AsXJVVWM4v:TyyFflmSssI+j1NLELM6MKn8EquZVVCv
                                                                                                                                                                                                                                                                                                                MD5:2845450EA9D938CFEA9809CA0C827F12
                                                                                                                                                                                                                                                                                                                SHA1:8DE2189530DA5923365436C37E4C55C500AC3FBF
                                                                                                                                                                                                                                                                                                                SHA-256:7FDADB3CA5B81C6D1C58A20610921BF89D63DC65B77BE982F422C6FD2A13F166
                                                                                                                                                                                                                                                                                                                SHA-512:7D19FE6E9DD51BB880FD6FBB7EE126C8078771EE5166D53F312B04D117CE2897CBB6DFB5E5627314C3CF8B56F7A2BBF5B9D38258E7912B0AC5D420B611B7C363
                                                                                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                                                                                Preview:Fhis folder contains the PC App Store for Microsoft Windows.....For additional information, please visit https://pcapp.store/?p=lpd_appstore-faq..

                                                                                                                                                                                                                                                                                                                C:\Users\user\PCAppStore\Temp\tempPOSTData

                                                                                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\nsr7B99.tmp
                                                                                                                                                                                                                                                                                                                File Type:JSON data
                                                                                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                                                                                Size (bytes):1402
                                                                                                                                                                                                                                                                                                                Entropy (8bit):5.239292078049216
                                                                                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                                                                                SSDEEP:24:YZ1HZ7tYI8Diw9+iamLsnUYQZMq6f9kHcZkefO+wWfFWLkUfYOOzfise:YZ1HdtyDF9hsU3ZMqr8ZPfOqfYLkGYOT
                                                                                                                                                                                                                                                                                                                MD5:24693D01A5F6DD2B955F3E9F91ECDDAE
                                                                                                                                                                                                                                                                                                                SHA1:196F9C42B0FBEE47212D18E288A6C9290F45CB19
                                                                                                                                                                                                                                                                                                                SHA-256:ACD9254390B6137681DFC92DA40F717499260583DE94C21C45BE0AFF0CA5B722
                                                                                                                                                                                                                                                                                                                SHA-512:15859BF80C07C2170343F62849001614D4FD3754F76C9406D36D07055AFE0F5125726297845B51FECABC816E2916515DBD7F3C90E06114E13D670671E98481D5
                                                                                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                                                                                Preview:{"system_stats":{"os_name":"Microsoft+Windows+10+Pro","os_installdate":"20231003095718%2E000000%2B060","os_processes":"113","os_architecture":"64-bit","os_virtmem":"8387636","os_mem":"4193332","cpu_name":"Intel%28R%29+Core%28TM%292+CPU+6600+%40+2%2E40+GHz","cpu_maxclock":"2000","cpu_cores":"4","cpu_logicalproc":"1","pc_vendor":"VMware%2C+Inc%2E","pc_version":"None","gpu_name":"CCKMX_FC","gpu_ram":"0","gpu_bitsperpixel":"32","gpu_x":"1280","gpu_y":"1024","disk_name":"TDP2BRRD+SCSI+Disk+Device","disk_size":"412300001200","sec_as":"","sec_av":"Windows+Defender","sec_fw":"","bios_releasedate":"20221121000000%2E000000%2B000"},"pcapps":{"0":"7-Zip+23%2E01+%28x64%29","1":"Mozilla+Firefox+%28x64+en-US%29","2":"Mozilla+Maintenance+Service","3":"Microsoft+Office+Professional+Plus+2019+-+en-us","4":"Microsoft+Visual+C%2B%2B+2022+X64+Additional+Runtime+-+14%2E36%2E32532","5":"Office+16+Click-to-Run+Licensing+Component","6":"Office+16+Click-to-Run+Extensibility+Component+64-bit+Registration","7":"A

                                                                                                                                                                                                                                                                                                                C:\Users\user\PCAppStore\Temp\tempPOSTResponse

                                                                                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\nsr7B99.tmp
                                                                                                                                                                                                                                                                                                                File Type:JSON data
                                                                                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                                                                                Size (bytes):73
                                                                                                                                                                                                                                                                                                                Entropy (8bit):4.089026662492467
                                                                                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                                                                                SSDEEP:3:YGVE8fptxgDQLRv6zjQJNRvUXZ5:YGFRt9IoNaZ5
                                                                                                                                                                                                                                                                                                                MD5:3024A54E0C352ABE5EB5F753CA4828DA
                                                                                                                                                                                                                                                                                                                SHA1:DF0206851654405C8E5C2D3BC96FB536B8C2DCBF
                                                                                                                                                                                                                                                                                                                SHA-256:3CD0A703506C7394D6115D9FF721516560894358AEF07459F30D8930DF6C3B61
                                                                                                                                                                                                                                                                                                                SHA-512:D9D44051DF56B29AA596EE38463B781DBE27F917F7DAE1B2420122616DA108520429DDA58C75C7E6B2D41093F83C5A4BAE96024885AF3956F23A3CE5BD3F9358
                                                                                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                                                                                Preview:{"cpg":"default","inst_excl":null,"inst_addon":null,"inst_advanced":null}

                                                                                                                                                                                                                                                                                                                C:\Users\user\PCAppStore\Uninstaller.exe

                                                                                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\nsr7B99.tmp
                                                                                                                                                                                                                                                                                                                File Type:PE32 executable (GUI) Intel 80386, for MS Windows, Nullsoft Installer self-extracting archive
                                                                                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                                                                                Size (bytes):93856
                                                                                                                                                                                                                                                                                                                Entropy (8bit):6.893675649612655
                                                                                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                                                                                SSDEEP:1536:cmsAYBdTU9fEAIS2PEtu3zqbES5ohe7ukhk73A6xGkg:bfY/TU9fE9PEtuDqoSYe7GU5
                                                                                                                                                                                                                                                                                                                MD5:0A044092D1D1350D29DF870F2E34929C
                                                                                                                                                                                                                                                                                                                SHA1:BA70B80A498348940B00549C5763CB890E3C9841
                                                                                                                                                                                                                                                                                                                SHA-256:2153958B5F53BE20CC2863650F4BDBD822D5D75AB4403919EB4B48E3100A43E2
                                                                                                                                                                                                                                                                                                                SHA-512:BDA48D99BF75E6318A34103A2A40E6D1896FA52AB2F42C7400AF13B992F107440879EE5D1DE4BE98C3B4430FC2AC5454054420038FB818C746537AA0FB16B819
                                                                                                                                                                                                                                                                                                                Malicious:true
                                                                                                                                                                                                                                                                                                                Antivirus:
                                                                                                                                                                                                                                                                                                                • Antivirus: ReversingLabs, Detection: 25%
                                                                                                                                                                                                                                                                                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........1...Pf..Pf..Pf.*_9..Pf..Pg.LPf.*_;..Pf.sV..Pf..V`..Pf.Rich.Pf.........................PE..L.....Oa.................h...*......@6............@.......................... ............@.............................................HO..........HE..X)...........................................................................................text...vf.......h.................. ..`.rdata...............l..............@..@.data...x...........................@....ndata... ...............................rsrc...HO.......P..................@..@................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                                                C:\Users\user\PCAppStore\Watchdog.exe

                                                                                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\nsr7B99.tmp
                                                                                                                                                                                                                                                                                                                File Type:PE32+ executable (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                                                                                Size (bytes):276320
                                                                                                                                                                                                                                                                                                                Entropy (8bit):6.1545266166204975
                                                                                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                                                                                SSDEEP:3072:rI5Nzd7398vxuYr+kdRYDuSLRWaexv1z9uZJGYzKor7+rPmQX7Ls0PNXLRejbxn6:yeYDzLMamRoZJ5WPcmLi4
                                                                                                                                                                                                                                                                                                                MD5:C8C3AC12EF71E9CE0C7911250B85154C
                                                                                                                                                                                                                                                                                                                SHA1:2ED91D55C0061527D2BCC49D7AAC3D30A090BACB
                                                                                                                                                                                                                                                                                                                SHA-256:38169ACBEAFE4A6B8C893D57BD5DCB622AB7D2A1E87FFC625C690B4348461DF7
                                                                                                                                                                                                                                                                                                                SHA-512:C3922912629BF1B1B885169549002113245FB36890BE476E468796A153EC4EDAC00916364F36AA95AAD38B65AFEA4B5937B5DFBF1312245070CB2181531EFEFE
                                                                                                                                                                                                                                                                                                                Malicious:true
                                                                                                                                                                                                                                                                                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......^S.0.2.c.2.c.2.cQJ.b.2.cQJ.b.2.cQJ.b.2.c..b.2.c..b.2.c..b'2.cQJ.b.2.c.2.c.2.c...b.2.c..sc.2.c.2.c.2.c...b.2.cRich.2.c........................PE..d......f.........."....(............L,.........@.............................p.......(....`.....................................................x........G......t1......`)...`......pO..p....................Q..(...0N..@............................................text...T........................... ..`.rdata..............................@..@.data....%...........|..............@....pdata..t1.......2..................@..@.rsrc....G.......H..................@..@.reloc.......`......................@..B................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                                                C:\Users\user\PCAppStore\nwjs\NW_store.exe

                                                                                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\nsr7B99.tmp
                                                                                                                                                                                                                                                                                                                File Type:PE32+ executable (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                                                                                Size (bytes):2312704
                                                                                                                                                                                                                                                                                                                Entropy (8bit):6.449649685576397
                                                                                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                                                                                SSDEEP:49152:gg6wrmvfu6ZPfRFq8BcvDEzT3CuaMUgKS:H8Zn3Ci
                                                                                                                                                                                                                                                                                                                MD5:E472E46BDFD736351D4B086B4C4CA134
                                                                                                                                                                                                                                                                                                                SHA1:1AA886F0CB23B3D322A43BE797D411FCA84D82A7
                                                                                                                                                                                                                                                                                                                SHA-256:E825A252B5C5C9C2DE8A6A6ADE12A7F9CD0040F6A20E6EE44BA659034E6D5223
                                                                                                                                                                                                                                                                                                                SHA-512:173F5A7ABDFEA01C9C21EC716CBA14EEC4539DA45E5734B3FD1E0688E1C22E4718BD701C25C8040D20CF48867E2A67EF2ABA46380BAB9AB1F7A42BD66FD33AFB
                                                                                                                                                                                                                                                                                                                Malicious:true
                                                                                                                                                                                                                                                                                                                Antivirus:
                                                                                                                                                                                                                                                                                                                • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                                                                                                Preview:MZx.....................@...................................x...........!..L.!This program cannot be run in DOS mode.$..PE..d...P0Wd.........."..........R.......R.........@.............................0$...........`.........................................',.......,..d....0........................$.@!..l...8...................@...(.......8............4..........`....................text...X........................... ..`.rdata..............................@..@.data............F..................@....pdata..............................@..@.gxfg...P........0..................@..@.retplne.............N...................tls.................P..............@....voltbl.D............T..................CPADinfo8............V..............@..._RDATA...............X..............@..@malloc_h0.... .......Z.............. ..`.rsrc........0.......\..............@..@.reloc..@!....$.."...(#.............@..B................................................................................................

                                                                                                                                                                                                                                                                                                                C:\Users\user\PCAppStore\nwjs\credits.html

                                                                                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\nsr7B99.tmp
                                                                                                                                                                                                                                                                                                                File Type:HTML document, ASCII text, with CRLF line terminators
                                                                                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                                                                                Size (bytes):9560433
                                                                                                                                                                                                                                                                                                                Entropy (8bit):4.8475056659478915
                                                                                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                                                                                SSDEEP:24576:/28lTEaiPJK0PJgVEv+F26vbV2f2EvYvAKMc/+uBPJ1PJLPJ1PJOPJDKspVosXxY:/2ETWgqSq+sIp2+qO1McdLRPiY2zXO
                                                                                                                                                                                                                                                                                                                MD5:7A32B7C762C76BD3EE38E3E998705899
                                                                                                                                                                                                                                                                                                                SHA1:E1C611A57115374A48CD84619BD06E43021B7352
                                                                                                                                                                                                                                                                                                                SHA-256:726276A62DB14DD751F32B77200E90A8000712BD256ED038BEA928C6AEF0C892
                                                                                                                                                                                                                                                                                                                SHA-512:9FE66FE4479915B0EFE12ADFB386BA251B2C2AF8CCD92B4D67F61C9D2AE537C6D3512E4379AFF10EAB3CD433FC1EDEC702E63DDFE4F83769A746FF249288D4DA
                                                                                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                                                                                Preview: Generated by licenses.py; do not edit. --><!doctype html>..<html>..<head>..<meta charset="utf-8">..<meta name="viewport" content="width=device-width">..<meta name="color-scheme" content="light dark">..<title>Credits</title>..<link rel="stylesheet" href="chrome://resources/css/text_defaults.css">..<link rel="stylesheet" href="chrome://credits/credits.css">..</head>..<body>..<span class="page-title">Credits</span>..<a id="print-link" href="#" hidden>Print</a>..<label class="show show-all" tabindex="0">..<input type="checkbox" hidden>..</label>..<div class="open-sourced">.. Chromium software is made available as source code.. <a href="https://source.chromium.org/chromium">here</a>...</div>....<div style="clear:both; overflow:auto;"> Chromium <3s the following projects -->..<div class="product">..<span class="title">2-dim General Purpose FFT (Fast Fourier/Cosine/Sine Transform) Package</span>..<span class="homepage"><a href="http://www.kurims.kyoto-u.ac.jp/~ooura/fft.html">h

                                                                                                                                                                                                                                                                                                                C:\Users\user\PCAppStore\nwjs\d3dcompiler_47.dll

                                                                                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\nsr7B99.tmp
                                                                                                                                                                                                                                                                                                                File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                                                                                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                                                                                Size (bytes):4916712
                                                                                                                                                                                                                                                                                                                Entropy (8bit):6.398049523846958
                                                                                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                                                                                SSDEEP:49152:KCZnRO4XyM53Rkq4ypQqdoRpmruVNYvkaRwvhiD0N+YEzI4og/RfzHLeHTRhFRNc:xG2QCwmHPnog/pzHAo/A6l
                                                                                                                                                                                                                                                                                                                MD5:2191E768CC2E19009DAD20DC999135A3
                                                                                                                                                                                                                                                                                                                SHA1:F49A46BA0E954E657AAED1C9019A53D194272B6A
                                                                                                                                                                                                                                                                                                                SHA-256:7353F25DC5CF84D09894E3E0461CEF0E56799ADBC617FCE37620CA67240B547D
                                                                                                                                                                                                                                                                                                                SHA-512:5ADCB00162F284C16EC78016D301FC11559DD0A781FFBEFF822DB22EFBED168B11D7E5586EA82388E9503B0C7D3740CF2A08E243877F5319202491C8A641C970
                                                                                                                                                                                                                                                                                                                Malicious:true
                                                                                                                                                                                                                                                                                                                Antivirus:
                                                                                                                                                                                                                                                                                                                • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                                                                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........|3..]...]...]..e\...]...\.5.]..e...]..wX...]..wY...]..e^...]..eX.y.]..eY...]..e]...]..eU./.]..e....]..e_...].Rich..].................PE..d...^.}`.........." ......8..........<).......................................K.....:FK...`A........................................`%G.x....(G.P.....J.@.....H.......J..%....J.....p.D.p....................S<.(...pR<.@............S<.(............................text.....8.......8................. ..`.rdata...F....8..P....8.............@..@.data...`....@G......@G.............@....pdata........H......@H.............@..@.rsrc...@.....J......@J.............@..@.reloc........J......PJ.............@..B........................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                                                C:\Users\user\PCAppStore\nwjs\ffmpeg.dll

                                                                                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\nsr7B99.tmp
                                                                                                                                                                                                                                                                                                                File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                                                                                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                                                                                Size (bytes):2028032
                                                                                                                                                                                                                                                                                                                Entropy (8bit):6.64708834859118
                                                                                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                                                                                SSDEEP:24576:x+QrVq8lxXjKAri3/8XLpvdZ4RAfdDY0K1w/cjWsdSJNTtMfxTCC:pdlNBfXt16RsFY0K3jWsdQVtM0C
                                                                                                                                                                                                                                                                                                                MD5:5FFF6F0423A38BFAF174CB670650F4F9
                                                                                                                                                                                                                                                                                                                SHA1:13ECD1C4784A5A178A998E9FC0DC08F556121712
                                                                                                                                                                                                                                                                                                                SHA-256:D4E6FC4E1BC6CB5B3EF7010E61D3A65E97804FB20346CEE657688339075B2727
                                                                                                                                                                                                                                                                                                                SHA-512:E6FF0EA9F6196470F6E094D0AB655FB527C28FC2B2A5D126A10C1F4185C0DFF5ED4F19E7ED717D67DF324562B7AA56ED87AA0BD396A6BA722D3141B9F30FC41B
                                                                                                                                                                                                                                                                                                                Malicious:true
                                                                                                                                                                                                                                                                                                                Antivirus:
                                                                                                                                                                                                                                                                                                                • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                                                                                                Preview:MZx.....................@...................................x...........!..L.!This program cannot be run in DOS mode.$..PE..d...P0Wd.........." .........D......0.........................................c...........`A.........................................T.......Z..(.....c.0.....b..|............c..2...<..8....................;..(....<..8...........8^..`............................text............................... ..`.rdata..\7.......8..................@..@.data....D......"..................@....pdata...|....b..~..................@..@.gxfg....,....c.....................@..@.retplne.....@c..........................tls.........Pc.....................@....voltbl.8....`c........................._RDATA.......pc.....................@..@.rsrc...0.....c.....................@..@.reloc...2....c..4..................@..B................................................................................................................................................................................

                                                                                                                                                                                                                                                                                                                C:\Users\user\PCAppStore\nwjs\icudtl.dat

                                                                                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\nsr7B99.tmp
                                                                                                                                                                                                                                                                                                                File Type:data
                                                                                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                                                                                Size (bytes):10717392
                                                                                                                                                                                                                                                                                                                Entropy (8bit):6.282534560973548
                                                                                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                                                                                SSDEEP:196608:hpgPBhORiuQwCliXUxbblHa93Whli6Z86WOH:n8wkDliXUxbblHa93Whli6Z8I
                                                                                                                                                                                                                                                                                                                MD5:E0F1AD85C0933ECCE2E003A2C59AE726
                                                                                                                                                                                                                                                                                                                SHA1:A8539FC5A233558EDFA264A34F7AF6187C3F0D4F
                                                                                                                                                                                                                                                                                                                SHA-256:F5170AA2B388D23BEBF98784DD488A9BCB741470384A6A9A8D7A2638D768DEFB
                                                                                                                                                                                                                                                                                                                SHA-512:714ED5AE44DFA4812081B8DE42401197C235A4FA05206597F4C7B4170DD37E8360CC75D176399B735C9AEC200F5B7D5C81C07B9AB58CBCA8DC08861C6814FB28
                                                                                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                                                                                Preview:...'........CmnD........ Copyright (C) 2016 and later: Unicode, Inc. and others. License & terms of use: http://www.unicode.org/copyright.html ......E.......E.......E..P/...E.../...E..P7...E...7...E...h...F...h.. F..Pi..0F......DF.....WF.....jF..P...}F.......F..`....F.......F.. ....F.......F..0....F.......G......G......(G.....;G..@...NG......aG.....tG.......G.......G..@....G.......G.......G.......G..P....G.......H.......H..P...2H......EH..`...UH......hH......yH..P....H.......H.......H..`....H.......H.......H..P....I.......I......-I..@...=I......PI......aI..@...uI.......I...0...I.. 1...I..p1...I...e...I...e...I...i...I..`i...J...i..)J...K..BJ..p...^J..."'.uJ..P.'..J....'..J...5'..J..06'..J...>'..J..P?'..K...D'..K...F'.0K...H'.IK...V'.hK....(..K....(..K..P.)..K....)..K..pW*..K..P.*..L...*+.?L..p.+.bL....+..L...U,..L....,..L....,..L....,..L..@.,..M....,.-M..P.-.IM.. e-.`M...e-.~M...R/..M.../..M..0.0..M..@.0..M..P.0..M....0..N....0.!N...,0.9N...,0.NN..0-0.fN...-0.vN...Y0..N...Z0..N..

                                                                                                                                                                                                                                                                                                                C:\Users\user\PCAppStore\nwjs\libEGL.dll

                                                                                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\nsr7B99.tmp
                                                                                                                                                                                                                                                                                                                File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                                                                                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                                                                                Size (bytes):454144
                                                                                                                                                                                                                                                                                                                Entropy (8bit):6.3485070297294985
                                                                                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                                                                                SSDEEP:6144:yLSe7mxAked1dLX9ValhL1IA9SbD/9PAE:yExAkedHLX9VC9OKE
                                                                                                                                                                                                                                                                                                                MD5:7255FCCD39F330CA2123F380B4967E0A
                                                                                                                                                                                                                                                                                                                SHA1:C8E0E1A3E129DF7AB8922F039FFDBBA20DFBA8E2
                                                                                                                                                                                                                                                                                                                SHA-256:22C2E5452FB01513C331B9E88313830C96EB3E554FAB942AFCBD6FB8702DF730
                                                                                                                                                                                                                                                                                                                SHA-512:ECD66B0A43AEFD2C4721CD574D2394A2A9069B5258E310A0FC16C3919FD2505BFE91DB2FF8E4B5C7EF0187C86B167004659D15943F5BE6DF42BBFC297FB42119
                                                                                                                                                                                                                                                                                                                Malicious:true
                                                                                                                                                                                                                                                                                                                Antivirus:
                                                                                                                                                                                                                                                                                                                • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                                                                                                Preview:MZx.....................@...................................x...........!..L.!This program cannot be run in DOS mode.$..PE..d...P0Wd.........." .................7....................................................`A........................................`...h.......(.......x........A..............(...L...8...................0...(....)..8............... ............................text...2........................... ..`.rdata...}.......~..................@..@.data....O...`... ...H..............@....pdata...A.......B...h..............@..@.gxfg...`%.......&..................@..@.retplne.....0...........................tls....!....@......................@....voltbl.8....P.........................._RDATA.......`......................@..@malloc_h0....p...................... ..`.rsrc...x...........................@..@.reloc..(...........................@..B........................................................................................................................................

                                                                                                                                                                                                                                                                                                                C:\Users\user\PCAppStore\nwjs\libGLESv2.dll

                                                                                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\nsr7B99.tmp
                                                                                                                                                                                                                                                                                                                File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                                                                                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                                                                                Size (bytes):8058880
                                                                                                                                                                                                                                                                                                                Entropy (8bit):6.448026576223661
                                                                                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                                                                                SSDEEP:98304:XUoMnbHa6h5CmPt75W2+G15kI6a7Xm3rC:gDTCe4rt/aTCr
                                                                                                                                                                                                                                                                                                                MD5:6CD8726BEEFCFA69B48EAB1362A5CAD5
                                                                                                                                                                                                                                                                                                                SHA1:F4249179B86C0A870C55E6C5A263180C77017E81
                                                                                                                                                                                                                                                                                                                SHA-256:2636DA528EDCAEC9834255A92411BD5DA921D793825D74CEB997E336A0DBD393
                                                                                                                                                                                                                                                                                                                SHA-512:0F6600315B0E1B5371BB39290E5417EBAA0F3C7FB47EEF32D73AFCE299722A426DD244FD3775D88FCEB6F170F16B23B099244EE825F7F8185D58F1BF28583515
                                                                                                                                                                                                                                                                                                                Malicious:true
                                                                                                                                                                                                                                                                                                                Antivirus:
                                                                                                                                                                                                                                                                                                                • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                                                                                                Preview:MZx.....................@...................................x...........!..L.!This program cannot be run in DOS mode.$..PE..d...P0Wd.........." ......^...........Z.......................................{...........`A.........................................2r.......s.d.....z.......x.HX............{.|...$.q.8.....................q.(.....p.8.............s.....@1r.@....................text.....^.......^................. ..`.rdata..d....0^.......^.............@..@.data.........s.......s.............@....pdata..HX....x..Z...pw.............@..@.gxfg....,...pz.......y.............@..@.retplne......z.......y..................tls....Q.....z.......y.............@....voltbl.D.....z.......y................._RDATA........z.......y.............@..@malloc_h0.....z.......z............. ..`.rsrc.........z.......z.............@..@.reloc..|.....{.......z.............@..B........................................................................................................................................

                                                                                                                                                                                                                                                                                                                C:\Users\user\PCAppStore\nwjs\locales\af.pak

                                                                                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\nsr7B99.tmp
                                                                                                                                                                                                                                                                                                                File Type:data
                                                                                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                                                                                Size (bytes):502905
                                                                                                                                                                                                                                                                                                                Entropy (8bit):5.409605383978337
                                                                                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                                                                                SSDEEP:12288:Mqyim2uho5EnirXKhaG1B2+H2JynyaH4IFzZo0vgElgA2W0PSq+2ss30fzO75g6p:U2uhounkXyd1B2+H2JynyaH4IFzZo0ve
                                                                                                                                                                                                                                                                                                                MD5:8032CB8A1B40AC85ACBEAFD6514BE668
                                                                                                                                                                                                                                                                                                                SHA1:EE15C360BD913FFEC94E9E36224548CA83B2564C
                                                                                                                                                                                                                                                                                                                SHA-256:1762EB36E254C02A50ED089ED737235FD7A64C0D234581612ACA56F6398CAC97
                                                                                                                                                                                                                                                                                                                SHA-512:956241DA1EE60C648417C6BF3921554F1F19AB17163DBDA764AE0DC21E1729C9357BFB900B1F948D2C649F9D53DA7CEFF3128B8CFAB34FD03053A8C37C663F5D
                                                                                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                                                                                Preview:........$&).e.....h.....i.....j.....k.....l.....n.....o.....p.....q.....r.....s.....t.....v.....w.(...y.....z.=...|.C...}.U.....].....b.....j.....r.....z.................................................................Y.................&.......................).................H.....]...........#.....X.....q.................9.....G.......................*.......................4................./.....L.................:.....L.................6.....E.................T.....j...........R.......................G.....d.....u.................,.....9.............................I.......................?.......................%.....m.......................6.....].....f.................(.....1.................`.....w.................:.....R.......................5...............................................P.............................~.......................~...................................p.................] ..... ..... .....!.....!.....!.....!....."....Y"....}"....."....."....9#....d#

                                                                                                                                                                                                                                                                                                                C:\Users\user\PCAppStore\nwjs\locales\af.pak.info

                                                                                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\nsr7B99.tmp
                                                                                                                                                                                                                                                                                                                File Type:CSV text
                                                                                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                                                                                Size (bytes):1051021
                                                                                                                                                                                                                                                                                                                Entropy (8bit):5.4211132061857965
                                                                                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                                                                                SSDEEP:12288:SDb4GbP8IrxcFMOCGHo2QZIZ40P7usnnR6yTgkXb2X:dTgkXO
                                                                                                                                                                                                                                                                                                                MD5:82D7AB0FF6C34DB264FD6778818F42B1
                                                                                                                                                                                                                                                                                                                SHA1:EB508BD01721BA67F7DAAD55BA8E7ACDB0A096EB
                                                                                                                                                                                                                                                                                                                SHA-256:E84331E84CD61D8BDACC574D5186FB259C00467513AA3F2090406330F68A45DB
                                                                                                                                                                                                                                                                                                                SHA-512:176458B03CC2B2D3711965CD277531E002AE55D284B6C9178D2353E268F882430235468E5A1E9E45C8427864D109CF30A024A993B4763A75FA2744F6E0A6AE2A
                                                                                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                                                                                Preview:IDS_ACCESS_CODE_CAST_ACCESS_CODE_MESSAGE,1400,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_BACK,1401,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_CAST,1402,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_CONNECT,1403,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_DIALOG_TITLE,1404,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_ENTER_CHARACTER,1405,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_ERROR_ACCESS_CODE,1406,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_ERROR_DIFFERENT_NETWORK,1407,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_ERROR_NETWORK,1408,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_ERROR_PERMISSION,1409,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_ERROR_TOO_MANY_REQUESTS,1410,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_E

                                                                                                                                                                                                                                                                                                                C:\Users\user\PCAppStore\nwjs\locales\am.pak

                                                                                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\nsr7B99.tmp
                                                                                                                                                                                                                                                                                                                File Type:data
                                                                                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                                                                                Size (bytes):813426
                                                                                                                                                                                                                                                                                                                Entropy (8bit):4.915984741122479
                                                                                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                                                                                SSDEEP:12288:dTZog2ule8/xHT9KG3Sj+KRRz0l85X9icV03OzP+Xx30jH8+j:/ogg8/xpKGCj+KRRz085X9icV03OzP+W
                                                                                                                                                                                                                                                                                                                MD5:7B88BD642C86EC4D4FB9A5614D1DA63F
                                                                                                                                                                                                                                                                                                                SHA1:92CF23267B78039E2413F7F7F90E6636614A0C5C
                                                                                                                                                                                                                                                                                                                SHA-256:0C1DE970426BA291B10CD08FF0E6B078ADF4C1D07B24E0D89D9322FD2EC2E296
                                                                                                                                                                                                                                                                                                                SHA-512:17E2381491A8844D1AD6910C3876C817ADE5CF2DAD8461771BAE9E967F7F64954917E20F8258CE6548AF1C21F8CF7E9477C7BCDCE6DD216140BF4D32410A31D9
                                                                                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                                                                                Preview:........?&..e.....h.....i.....j.....k.....l.....n.....o.....p.....q.....r.%...s.6...t.?...v.T...w.a...y.g...z.v...|.|...}.....................................................................................0.....O.....$.......................u.....-.......................i................................... .................\.....o...........h.................f...........7.....g.....J...........\........... .............................\.............................r...........l.....+.................Z.......................z...........".....5.................B.....U.......................?...........o ..... ..... ....r!.....!....Q"....g".....".....#.....#.....#....l$.....$....6%....F%.....%.....&...."'....H'.....'....;(....u(.....(....!).....).....).....).....*.....*....C+....\+.....,.....,.....,....E-.....-....'.....`............/...../...../.....0.....0....A1.....1.....1.....2....`3.....3.....4.....4....y5.....5.... 6.....6.....7.....7.... 8.....8.....8.....9.....9.....9....p:.....:

                                                                                                                                                                                                                                                                                                                C:\Users\user\PCAppStore\nwjs\locales\am.pak.info

                                                                                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\nsr7B99.tmp
                                                                                                                                                                                                                                                                                                                File Type:CSV text
                                                                                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                                                                                Size (bytes):1051021
                                                                                                                                                                                                                                                                                                                Entropy (8bit):5.4211132061857965
                                                                                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                                                                                SSDEEP:12288:SDb4GbP8IrxcFMOCGHo2QZIZ40P7usnnR6yTgkXb2X:dTgkXO
                                                                                                                                                                                                                                                                                                                MD5:82D7AB0FF6C34DB264FD6778818F42B1
                                                                                                                                                                                                                                                                                                                SHA1:EB508BD01721BA67F7DAAD55BA8E7ACDB0A096EB
                                                                                                                                                                                                                                                                                                                SHA-256:E84331E84CD61D8BDACC574D5186FB259C00467513AA3F2090406330F68A45DB
                                                                                                                                                                                                                                                                                                                SHA-512:176458B03CC2B2D3711965CD277531E002AE55D284B6C9178D2353E268F882430235468E5A1E9E45C8427864D109CF30A024A993B4763A75FA2744F6E0A6AE2A
                                                                                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                                                                                Preview:IDS_ACCESS_CODE_CAST_ACCESS_CODE_MESSAGE,1400,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_BACK,1401,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_CAST,1402,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_CONNECT,1403,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_DIALOG_TITLE,1404,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_ENTER_CHARACTER,1405,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_ERROR_ACCESS_CODE,1406,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_ERROR_DIFFERENT_NETWORK,1407,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_ERROR_NETWORK,1408,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_ERROR_PERMISSION,1409,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_ERROR_TOO_MANY_REQUESTS,1410,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_E

                                                                                                                                                                                                                                                                                                                C:\Users\user\PCAppStore\nwjs\locales\ar-XB.pak

                                                                                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\nsr7B99.tmp
                                                                                                                                                                                                                                                                                                                File Type:data
                                                                                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                                                                                Size (bytes):822020
                                                                                                                                                                                                                                                                                                                Entropy (8bit):4.925237393732045
                                                                                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                                                                                SSDEEP:6144:vFB3t9DiYK8a4HHFLrgOIPcd1CyWpQ5fuiDbmpQ:vn3t5SzU5fu+
                                                                                                                                                                                                                                                                                                                MD5:621B390B8AF0C70D682715323A92B61F
                                                                                                                                                                                                                                                                                                                SHA1:C34B2F2C91CD0786FEBBD26223D1CB096A87C1F4
                                                                                                                                                                                                                                                                                                                SHA-256:729B677BE93020DDEF1297869CA7378D3A102927294C634A1087D63F48FB8A79
                                                                                                                                                                                                                                                                                                                SHA-512:E55691ED5FBCEF7AA8330CABDA72E9D803E12784B661A42FFE3FF725FE663AEF62EED407FDC2269135437AB7AE047A6F0CCEAA90F2349073E554DD45C5F9D0BC
                                                                                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                                                                                Preview:.........&g.e.....h.....i.....j.*...k.9...l.D...n.L...o.Q...p.^...q.d...r.p...s.....t.....v.....w.....y.....z.....|.....}.........................................................................3.....N.....j...........].....!.................t...........p...........S...........}...........R...........J.....q.............................x...........H.....a...................................n.......................4.................A...........%.....A...........q.......................g.............................&.....G...........D.................!.............................A.................^ ..... ....R!....j!.....".....".....".....#.....#....,$.....$.....$....2%.....%.....&....5&.....&.....'.....(....E(.....(....P).....).....)....W*.....*....%+....R+.....+.....,.....,.....,.....-......................D/...../...../...../.....0....:1.....1.....1....o2.....2...._3.....3....s4....J5.....5.....6.....6....Y7.....7.....7.....8....'9....}9.....9....!:.....:.....:.....;.....;....M<.....<

                                                                                                                                                                                                                                                                                                                C:\Users\user\PCAppStore\nwjs\locales\ar-XB.pak.info

                                                                                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\nsr7B99.tmp
                                                                                                                                                                                                                                                                                                                File Type:CSV text
                                                                                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                                                                                Size (bytes):1051021
                                                                                                                                                                                                                                                                                                                Entropy (8bit):5.4211132061857965
                                                                                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                                                                                SSDEEP:12288:SDb4GbP8IrxcFMOCGHo2QZIZ40P7usnnR6yTgkXb2X:dTgkXO
                                                                                                                                                                                                                                                                                                                MD5:82D7AB0FF6C34DB264FD6778818F42B1
                                                                                                                                                                                                                                                                                                                SHA1:EB508BD01721BA67F7DAAD55BA8E7ACDB0A096EB
                                                                                                                                                                                                                                                                                                                SHA-256:E84331E84CD61D8BDACC574D5186FB259C00467513AA3F2090406330F68A45DB
                                                                                                                                                                                                                                                                                                                SHA-512:176458B03CC2B2D3711965CD277531E002AE55D284B6C9178D2353E268F882430235468E5A1E9E45C8427864D109CF30A024A993B4763A75FA2744F6E0A6AE2A
                                                                                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                                                                                Preview:IDS_ACCESS_CODE_CAST_ACCESS_CODE_MESSAGE,1400,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_BACK,1401,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_CAST,1402,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_CONNECT,1403,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_DIALOG_TITLE,1404,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_ENTER_CHARACTER,1405,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_ERROR_ACCESS_CODE,1406,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_ERROR_DIFFERENT_NETWORK,1407,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_ERROR_NETWORK,1408,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_ERROR_PERMISSION,1409,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_ERROR_TOO_MANY_REQUESTS,1410,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_E

                                                                                                                                                                                                                                                                                                                C:\Users\user\PCAppStore\nwjs\locales\ar.pak

                                                                                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\nsr7B99.tmp
                                                                                                                                                                                                                                                                                                                File Type:data
                                                                                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                                                                                Size (bytes):897122
                                                                                                                                                                                                                                                                                                                Entropy (8bit):4.928723053414015
                                                                                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                                                                                SSDEEP:12288:CIPFaBsPG/d/RXZwRq4fvPU7XUUk/K58N0j+JzIQ4pF:CIvAAC5h+c
                                                                                                                                                                                                                                                                                                                MD5:3C8E3C5B1D029E9A01943DDBA053C37F
                                                                                                                                                                                                                                                                                                                SHA1:785EE0C46B11A19C80770F2B310057E59D90C2E1
                                                                                                                                                                                                                                                                                                                SHA-256:98CD654847FF28C0EE580A7374276EE5BD2A38DDE8F45ADFBACBD7917E4C026D
                                                                                                                                                                                                                                                                                                                SHA-512:DCA2FC0BE678BEBF047DBAA5A71C01AD57F9B463E3F80DBFABC0937BCFDCEEFC8AE84FD415C40D0B6B713FFF24CEBFB84373ECDDE3741F78265E082C5B9951D0
                                                                                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                                                                                Preview:.........%Q.e.>...h.B...i.M...j.Y...k.h...l.s...n.{...o.....p.....q.....r.....s.....t.....v.....w.....y.....z.....|.....}.........................%.....-.....4.....;.....B.....D.....I.....b...................................o...........,...........#.....E.......................0.......................$...........?.........................................x...........\...........\...........n...........s.....C.......................(.....{...........J...................................4.....s.............................r.................1...........;.....{...........K...... ....u ..... .....!.....!.....!.....!.....".....#....r#.....#.....$.....$.....$.....$....w%.....%....C&....X&.....&.....'.....'.....(.....(.....)....C)....i).....)....d*.....*....C+.....+....:,....X,.....,....{-.....-......................./.... /...../....C0.....0.....0....91.....1.....1.....2.....3.....3.....4.....4.....5.....6....e6.....6....+7.....7.....7.....8....g8.....8.....8.....9.....9....k:.....:.....:.....;

                                                                                                                                                                                                                                                                                                                C:\Users\user\PCAppStore\nwjs\locales\ar.pak.info

                                                                                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\nsr7B99.tmp
                                                                                                                                                                                                                                                                                                                File Type:CSV text
                                                                                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                                                                                Size (bytes):1051021
                                                                                                                                                                                                                                                                                                                Entropy (8bit):5.4211132061857965
                                                                                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                                                                                SSDEEP:12288:SDb4GbP8IrxcFMOCGHo2QZIZ40P7usnnR6yTgkXb2X:dTgkXO
                                                                                                                                                                                                                                                                                                                MD5:82D7AB0FF6C34DB264FD6778818F42B1
                                                                                                                                                                                                                                                                                                                SHA1:EB508BD01721BA67F7DAAD55BA8E7ACDB0A096EB
                                                                                                                                                                                                                                                                                                                SHA-256:E84331E84CD61D8BDACC574D5186FB259C00467513AA3F2090406330F68A45DB
                                                                                                                                                                                                                                                                                                                SHA-512:176458B03CC2B2D3711965CD277531E002AE55D284B6C9178D2353E268F882430235468E5A1E9E45C8427864D109CF30A024A993B4763A75FA2744F6E0A6AE2A
                                                                                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                                                                                Preview:IDS_ACCESS_CODE_CAST_ACCESS_CODE_MESSAGE,1400,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_BACK,1401,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_CAST,1402,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_CONNECT,1403,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_DIALOG_TITLE,1404,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_ENTER_CHARACTER,1405,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_ERROR_ACCESS_CODE,1406,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_ERROR_DIFFERENT_NETWORK,1407,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_ERROR_NETWORK,1408,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_ERROR_PERMISSION,1409,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_ERROR_TOO_MANY_REQUESTS,1410,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_E

                                                                                                                                                                                                                                                                                                                C:\Users\user\PCAppStore\nwjs\locales\bg.pak

                                                                                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\nsr7B99.tmp
                                                                                                                                                                                                                                                                                                                File Type:data
                                                                                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                                                                                Size (bytes):927865
                                                                                                                                                                                                                                                                                                                Entropy (8bit):4.686646990438899
                                                                                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                                                                                SSDEEP:24576:4Tax7YKC3cquMMLYzzQkECPUwVbtbHp373ZL+3aAKHkVDYyKzumpod2nm5g0XuGq:W8C3cquMMLYUKUwVbtbHp373Zq3arkV8
                                                                                                                                                                                                                                                                                                                MD5:27C55B97D549BCF13145EC75F0A503CA
                                                                                                                                                                                                                                                                                                                SHA1:4D7BEC85366FBB602EB6FC02297FB402BD40B6BF
                                                                                                                                                                                                                                                                                                                SHA-256:F2EB47878B5D34589A2AFC2E74AB346003BF4D2C450230B9CFD084935BB54A4D
                                                                                                                                                                                                                                                                                                                SHA-512:CA3ABB2403B8A67A53F2156E11C361B137F45378737E39D45D5F77148FF3CD031E37DB9EA144B76749667CBA20698C2049E86CA5927475B1E22112751B9BDF3F
                                                                                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                                                                                Preview:........$&).e.....h.....i.....j.....k.....l.....n.....o.....p.....q.....r.....s.....t.....v.....w.(...y.....z.=...|.C...}.U.....].....b.....j.....r.....z................................................................. .............................K...........................................................V.........................................^...........p...................................&.....n.....X.............................L...................................I.....\.....5.......................E ..... ..... ....R!.....!....5"....]".....".....#.....#.....#.....$....?%.....%.....%....h&.....&....<'....['.....'....n(.....(.....(....g).....)....#*....I*.....*....|+.....+.....+.....,.....-....}...........Y/...../....'0....W0.....0...._1.....1.....1.....2....w3.....3.....4.....5.....5....06.....6....L7.....7.....8....A8.....9.....9.....:....8:....&;.....;....;<....p<....`=....;>.....>.....?.....?.....@....7A.....A....LB.....B....?C....wC.....D.....D.....D.....E.....F.....F....hG

                                                                                                                                                                                                                                                                                                                C:\Users\user\PCAppStore\nwjs\locales\bg.pak.info

                                                                                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\nsr7B99.tmp
                                                                                                                                                                                                                                                                                                                File Type:CSV text
                                                                                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                                                                                Size (bytes):1051021
                                                                                                                                                                                                                                                                                                                Entropy (8bit):5.4211132061857965
                                                                                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                                                                                SSDEEP:12288:SDb4GbP8IrxcFMOCGHo2QZIZ40P7usnnR6yTgkXb2X:dTgkXO
                                                                                                                                                                                                                                                                                                                MD5:82D7AB0FF6C34DB264FD6778818F42B1
                                                                                                                                                                                                                                                                                                                SHA1:EB508BD01721BA67F7DAAD55BA8E7ACDB0A096EB
                                                                                                                                                                                                                                                                                                                SHA-256:E84331E84CD61D8BDACC574D5186FB259C00467513AA3F2090406330F68A45DB
                                                                                                                                                                                                                                                                                                                SHA-512:176458B03CC2B2D3711965CD277531E002AE55D284B6C9178D2353E268F882430235468E5A1E9E45C8427864D109CF30A024A993B4763A75FA2744F6E0A6AE2A
                                                                                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                                                                                Preview:IDS_ACCESS_CODE_CAST_ACCESS_CODE_MESSAGE,1400,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_BACK,1401,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_CAST,1402,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_CONNECT,1403,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_DIALOG_TITLE,1404,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_ENTER_CHARACTER,1405,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_ERROR_ACCESS_CODE,1406,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_ERROR_DIFFERENT_NETWORK,1407,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_ERROR_NETWORK,1408,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_ERROR_PERMISSION,1409,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_ERROR_TOO_MANY_REQUESTS,1410,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_E

                                                                                                                                                                                                                                                                                                                C:\Users\user\PCAppStore\nwjs\locales\bn.pak

                                                                                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\nsr7B99.tmp
                                                                                                                                                                                                                                                                                                                File Type:data
                                                                                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                                                                                Size (bytes):1193463
                                                                                                                                                                                                                                                                                                                Entropy (8bit):4.299730648702171
                                                                                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                                                                                SSDEEP:3072:o3d2APzZl1uPXdf826YBWviytaGHFGuzhr0Ylf14/QISydDbrK8VBbFKQg51lNDS:o3d3Fl18fPAtt1MFSydHrK8VBbG5llA
                                                                                                                                                                                                                                                                                                                MD5:7351AE61AE5884088AE68CE5BE0043D8
                                                                                                                                                                                                                                                                                                                SHA1:DBEEA5DA228F63A405548F0E6F82FBBB3D624058
                                                                                                                                                                                                                                                                                                                SHA-256:D367339A1AC5CE27E58AA03D33E567C06C02F4AC87DB26ACA5D8A3D915AAA01A
                                                                                                                                                                                                                                                                                                                SHA-512:85D5D0372C162DE8660B4A8A4EC493585C6C3D29F999F1734C319532DB572A13C91C87320BE139F9FFA957ADD52CDC36584226FAF5AFC39F8A82A2E9C146156B
                                                                                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                                                                                Preview:........%&(.e.....h.....i.....j.....k.....l.....n.....o.....p.....q.....r.....s.....t.....v.'...w.4...y.:...z.I...|.O...}.a.....i.....n.....v.....~.......................................................................Y.................I...........z.....Q...........*.....O.....I...........F.....>.............................G.......................G.............................Q.................t...........Z.....I.............................K.............................]............ .....!....Q"....."....n#.....$....L$.....$....'%.....%.....%.....&.....&....H'....{'.....'....~(....-).....).....).....*....(+.....+.....+....s,.....-....g-.....-....5...........!/....D/...../.....0.....0.....1..../2....K3.....4....^4....X5....'6.....6.....6.....7.....8....L8....|8....J9.....:....w:.....:.....;....d<.....<....s=....->.....>.....?....??....$@.....@....-A....eA....hB.....C.....C.....C....)E....}F....pG.....G.....H.....I.....J.....J.....K.....L.....L....0M.....M.....N....7O....fO....lP....@Q

                                                                                                                                                                                                                                                                                                                C:\Users\user\PCAppStore\nwjs\locales\bn.pak.info

                                                                                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\nsr7B99.tmp
                                                                                                                                                                                                                                                                                                                File Type:CSV text
                                                                                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                                                                                Size (bytes):1051021
                                                                                                                                                                                                                                                                                                                Entropy (8bit):5.4211132061857965
                                                                                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                                                                                SSDEEP:12288:SDb4GbP8IrxcFMOCGHo2QZIZ40P7usnnR6yTgkXb2X:dTgkXO
                                                                                                                                                                                                                                                                                                                MD5:82D7AB0FF6C34DB264FD6778818F42B1
                                                                                                                                                                                                                                                                                                                SHA1:EB508BD01721BA67F7DAAD55BA8E7ACDB0A096EB
                                                                                                                                                                                                                                                                                                                SHA-256:E84331E84CD61D8BDACC574D5186FB259C00467513AA3F2090406330F68A45DB
                                                                                                                                                                                                                                                                                                                SHA-512:176458B03CC2B2D3711965CD277531E002AE55D284B6C9178D2353E268F882430235468E5A1E9E45C8427864D109CF30A024A993B4763A75FA2744F6E0A6AE2A
                                                                                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                                                                                Preview:IDS_ACCESS_CODE_CAST_ACCESS_CODE_MESSAGE,1400,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_BACK,1401,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_CAST,1402,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_CONNECT,1403,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_DIALOG_TITLE,1404,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_ENTER_CHARACTER,1405,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_ERROR_ACCESS_CODE,1406,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_ERROR_DIFFERENT_NETWORK,1407,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_ERROR_NETWORK,1408,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_ERROR_PERMISSION,1409,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_ERROR_TOO_MANY_REQUESTS,1410,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_E

                                                                                                                                                                                                                                                                                                                C:\Users\user\PCAppStore\nwjs\locales\ca.pak

                                                                                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\nsr7B99.tmp
                                                                                                                                                                                                                                                                                                                File Type:data
                                                                                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                                                                                Size (bytes):573774
                                                                                                                                                                                                                                                                                                                Entropy (8bit):5.391859865204477
                                                                                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                                                                                SSDEEP:12288:gQQL7QREpAp973K5PqF4N3Mw2juwHzejm0t3lvqbETX9/RSHhIsjcmlLEYuCJkdz:hb9zaBRnvWDMN8UpOO5k/mVb
                                                                                                                                                                                                                                                                                                                MD5:F6E50323E0C5A657EBDC2FE7285C15F6
                                                                                                                                                                                                                                                                                                                SHA1:944356D207A7962A81801BB76B0E2C5226FF7F1E
                                                                                                                                                                                                                                                                                                                SHA-256:DE474CF24B68B6D862C96B8057EDE3F53C6F63C46532E4988E9D1979B1CF59DA
                                                                                                                                                                                                                                                                                                                SHA-512:8BC4EA1E2EB03E0423A7C3008BF6001B904928B5B7D7E84D61469C8D8CDBD34E9A4FFFA900B7CBF4216FBA3A469D7A26AF9C22E618902C28044F426693B09EC7
                                                                                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                                                                                Preview:........"&+.e.....h.....i.....j.....k.....l.....n.....o.....p.....q.....r.....s.....t.....v.....w.$...y.*...z.9...|.?...}.Q.....Y.....^.....f.....n.....v.....}.................................................................9.................3...................................n.................P.......................T.......................K.....~.................y.................n...........$.....J.................^.....r...........,.....c.....w...........U.................Q...........5.....[.................<.....X.......................(......................................... .....5.......................1.............................[.......................>.......................^.................0.......................3.......................V.......................t.................Z.................. ....7 ..... ..... .....!....(!.....!.....!....6"....R"....."....w#.....#.....$.....$.....$....0%....Z%.....%....)&....\&....|&.....&.....'....='....P'.....'....((....h(.....(

                                                                                                                                                                                                                                                                                                                C:\Users\user\PCAppStore\nwjs\locales\ca.pak.info

                                                                                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\nsr7B99.tmp
                                                                                                                                                                                                                                                                                                                File Type:CSV text
                                                                                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                                                                                Size (bytes):1051021
                                                                                                                                                                                                                                                                                                                Entropy (8bit):5.4211132061857965
                                                                                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                                                                                SSDEEP:12288:SDb4GbP8IrxcFMOCGHo2QZIZ40P7usnnR6yTgkXb2X:dTgkXO
                                                                                                                                                                                                                                                                                                                MD5:82D7AB0FF6C34DB264FD6778818F42B1
                                                                                                                                                                                                                                                                                                                SHA1:EB508BD01721BA67F7DAAD55BA8E7ACDB0A096EB
                                                                                                                                                                                                                                                                                                                SHA-256:E84331E84CD61D8BDACC574D5186FB259C00467513AA3F2090406330F68A45DB
                                                                                                                                                                                                                                                                                                                SHA-512:176458B03CC2B2D3711965CD277531E002AE55D284B6C9178D2353E268F882430235468E5A1E9E45C8427864D109CF30A024A993B4763A75FA2744F6E0A6AE2A
                                                                                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                                                                                Preview:IDS_ACCESS_CODE_CAST_ACCESS_CODE_MESSAGE,1400,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_BACK,1401,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_CAST,1402,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_CONNECT,1403,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_DIALOG_TITLE,1404,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_ENTER_CHARACTER,1405,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_ERROR_ACCESS_CODE,1406,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_ERROR_DIFFERENT_NETWORK,1407,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_ERROR_NETWORK,1408,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_ERROR_PERMISSION,1409,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_ERROR_TOO_MANY_REQUESTS,1410,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_E

                                                                                                                                                                                                                                                                                                                C:\Users\user\PCAppStore\nwjs\locales\cs.pak

                                                                                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\nsr7B99.tmp
                                                                                                                                                                                                                                                                                                                File Type:data
                                                                                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                                                                                Size (bytes):583431
                                                                                                                                                                                                                                                                                                                Entropy (8bit):5.838398613999325
                                                                                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                                                                                SSDEEP:12288:eV2UufpvPlAhTbe65aU8rwsiNOA3SzmPN:eV2UufpvNAhHh5aU8rvYOrzmPN
                                                                                                                                                                                                                                                                                                                MD5:7F1AD2897B210C4C25CFBDF0736F6809
                                                                                                                                                                                                                                                                                                                SHA1:62E0335A63BC9E2AE8A9826E08256B00E433D9F5
                                                                                                                                                                                                                                                                                                                SHA-256:E0826C8E2FE737307D09D808BC693A397E0F1E093AC249B24CEB48327685A4A4
                                                                                                                                                                                                                                                                                                                SHA-512:C656B1FF7FCD93B3AEF5FC9E91373D0588520546EAF6CB5E2F965FD66ED0D60E2C04FB22155723D6EFDFDB377EF98CD6420F9944C5B0FC4AE8DE14C830A05B15
                                                                                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                                                                                Preview:.........&;.e.j...h.n...i.v...j.....k.....l.....n.....o.....p.....q.....r.....s.....t.....v.....w.....y.....z.....|.....}.1.....9.....>.....F.....N.....V.....].....d.....k.....l.....m.....o.............................T...........G.....e...........).....^.....m...........p.................V.......................{.................$.....w.......................z.................7...........H.................$.......................N.......................w...........2.....G...........B.......................Q.....n.................*.....V.....h................./.....@.................F.....Z.................R.....d.................9.....F.................H.....[...........*.....d.....x...........m.......................`.....{.................0.....Q.....p...........7.....c.....y...........Y.......................w.................. ..... ..... ..... ....I!.....!.....!....."....t"....."....0#....B#.....#....T$.....$.....$....2%.....%.....%.....%....<&.....&.....&.....&....@'.....'.....'

                                                                                                                                                                                                                                                                                                                C:\Users\user\PCAppStore\nwjs\locales\cs.pak.info

                                                                                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\nsr7B99.tmp
                                                                                                                                                                                                                                                                                                                File Type:CSV text
                                                                                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                                                                                Size (bytes):1051021
                                                                                                                                                                                                                                                                                                                Entropy (8bit):5.4211132061857965
                                                                                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                                                                                SSDEEP:12288:SDb4GbP8IrxcFMOCGHo2QZIZ40P7usnnR6yTgkXb2X:dTgkXO
                                                                                                                                                                                                                                                                                                                MD5:82D7AB0FF6C34DB264FD6778818F42B1
                                                                                                                                                                                                                                                                                                                SHA1:EB508BD01721BA67F7DAAD55BA8E7ACDB0A096EB
                                                                                                                                                                                                                                                                                                                SHA-256:E84331E84CD61D8BDACC574D5186FB259C00467513AA3F2090406330F68A45DB
                                                                                                                                                                                                                                                                                                                SHA-512:176458B03CC2B2D3711965CD277531E002AE55D284B6C9178D2353E268F882430235468E5A1E9E45C8427864D109CF30A024A993B4763A75FA2744F6E0A6AE2A
                                                                                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                                                                                Preview:IDS_ACCESS_CODE_CAST_ACCESS_CODE_MESSAGE,1400,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_BACK,1401,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_CAST,1402,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_CONNECT,1403,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_DIALOG_TITLE,1404,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_ENTER_CHARACTER,1405,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_ERROR_ACCESS_CODE,1406,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_ERROR_DIFFERENT_NETWORK,1407,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_ERROR_NETWORK,1408,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_ERROR_PERMISSION,1409,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_ERROR_TOO_MANY_REQUESTS,1410,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_E

                                                                                                                                                                                                                                                                                                                C:\Users\user\PCAppStore\nwjs\locales\da.pak

                                                                                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\nsr7B99.tmp
                                                                                                                                                                                                                                                                                                                File Type:data
                                                                                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                                                                                Size (bytes):530651
                                                                                                                                                                                                                                                                                                                Entropy (8bit):5.44607278354406
                                                                                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                                                                                SSDEEP:6144:QnPhyMLsqSAzVWgss5sbse814eBjtwlRDdJwL2obEXZaFRQ5gk2rp/b3d4nTGqF5:WDgxsJjiT55g/r2Tpj
                                                                                                                                                                                                                                                                                                                MD5:9D6A98D53208092F687AD7BB3DBAED7D
                                                                                                                                                                                                                                                                                                                SHA1:161D0689CA85147B356167F98EAD84783E331986
                                                                                                                                                                                                                                                                                                                SHA-256:04BF402123BFA1C7E256A62A666C0488A42ACEB585C1A9A744341EBC6FDD9A7C
                                                                                                                                                                                                                                                                                                                SHA-512:B85832A3DBF5C97870683A655E2CB0F00C04DA4907644561894BB34DE9756334E60CAF75F0CB42E43692BF00C5EF3CFBE6D2E8F7802FFED8E6948757D2DE3E5A
                                                                                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                                                                                Preview:........&&'.e.....h.....i.....j.....k.....l.....n.....o.....p.....q.....r.....s.....t.....v.(...w.5...y.;...z.J...|.P...}.b.....j.....o.....w.............................................................................\.................".................@.....X...........d.................1.......................1.............................x.......................y.................<.......................w...........#.....6.................C.....W...........`.................]...........5.....[.................8.....J.......................#.....q.......................\.......................b.......................[.......................?.......................!.......................-.......................t.......................X.......................3.......................0.......................n.......................n............ ..... ..... ..... .....!.....!.....!.....!....:"....H"....."....Y#.....#.....#....%$.....$.....$.....$.....%....d%.....%.....%.....%....O&.....&

                                                                                                                                                                                                                                                                                                                C:\Users\user\PCAppStore\nwjs\locales\da.pak.info

                                                                                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\nsr7B99.tmp
                                                                                                                                                                                                                                                                                                                File Type:CSV text
                                                                                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                                                                                Size (bytes):1051021
                                                                                                                                                                                                                                                                                                                Entropy (8bit):5.4211132061857965
                                                                                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                                                                                SSDEEP:12288:SDb4GbP8IrxcFMOCGHo2QZIZ40P7usnnR6yTgkXb2X:dTgkXO
                                                                                                                                                                                                                                                                                                                MD5:82D7AB0FF6C34DB264FD6778818F42B1
                                                                                                                                                                                                                                                                                                                SHA1:EB508BD01721BA67F7DAAD55BA8E7ACDB0A096EB
                                                                                                                                                                                                                                                                                                                SHA-256:E84331E84CD61D8BDACC574D5186FB259C00467513AA3F2090406330F68A45DB
                                                                                                                                                                                                                                                                                                                SHA-512:176458B03CC2B2D3711965CD277531E002AE55D284B6C9178D2353E268F882430235468E5A1E9E45C8427864D109CF30A024A993B4763A75FA2744F6E0A6AE2A
                                                                                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                                                                                Preview:IDS_ACCESS_CODE_CAST_ACCESS_CODE_MESSAGE,1400,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_BACK,1401,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_CAST,1402,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_CONNECT,1403,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_DIALOG_TITLE,1404,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_ENTER_CHARACTER,1405,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_ERROR_ACCESS_CODE,1406,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_ERROR_DIFFERENT_NETWORK,1407,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_ERROR_NETWORK,1408,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_ERROR_PERMISSION,1409,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_ERROR_TOO_MANY_REQUESTS,1410,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_E

                                                                                                                                                                                                                                                                                                                C:\Users\user\PCAppStore\nwjs\locales\de.pak

                                                                                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\nsr7B99.tmp
                                                                                                                                                                                                                                                                                                                File Type:data
                                                                                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                                                                                Size (bytes):571551
                                                                                                                                                                                                                                                                                                                Entropy (8bit):5.489447532911186
                                                                                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                                                                                SSDEEP:6144:if1WFbCgp1nHaxa03K7UpKD93g/ahmOC2GzV6wAXaOV5jbt5sRqJoUaM5QIBCAL:wQAgnp03K7Up4g/a01JE3t5yUfvBCAL
                                                                                                                                                                                                                                                                                                                MD5:851D55585CBC90143DD4C70EB4900574
                                                                                                                                                                                                                                                                                                                SHA1:DA5DBD04CFEFE63D1DB69D7C6E19DAC34F379C39
                                                                                                                                                                                                                                                                                                                SHA-256:DDBAFE037C6E7509650373D084BC0F198D3ABB7BFD93FAEDD5595F1B354EDC32
                                                                                                                                                                                                                                                                                                                SHA-512:B1718430F3540F2455E93A1F6C47E92D7FEA99A9943E8C585EBD4DD807B5A4C1172BBDC83D434EE806C5FC3875B60D7EBDEB933D1CDE6DB50DCED9C0DAAFCD04
                                                                                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                                                                                Preview:.........%..e.....h.....i.....j.....k.....l.....n.....o.....p.....q.....r.....s.0...t.9...v.N...w.[...y.a...z.p...|.v...}.........................................................................................................................{...........;.....P...........H.................).......................e...................................:.....N...........T.................=.................!...........".....\.....m...........o.................V...........<.....V.............................z.................".................%.....7.................6.....G...........T.................!.......................S.......................|...........&.....5...........'....._.....q.............................w.......................q.................. ....o ..... ..... .....!.....!....)"....b"....."....."....c#.....#.....#.....$....}$.....$.....$....H%.....%.....%.....&.....&.....'....b'....l'.....(.....(.....(.....(....e).....).....*.....*.....*.....*.....+....)+.....+....(,....`,

                                                                                                                                                                                                                                                                                                                C:\Users\user\PCAppStore\nwjs\locales\de.pak.info

                                                                                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\nsr7B99.tmp
                                                                                                                                                                                                                                                                                                                File Type:CSV text
                                                                                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                                                                                Size (bytes):1051021
                                                                                                                                                                                                                                                                                                                Entropy (8bit):5.4211132061857965
                                                                                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                                                                                SSDEEP:12288:SDb4GbP8IrxcFMOCGHo2QZIZ40P7usnnR6yTgkXb2X:dTgkXO
                                                                                                                                                                                                                                                                                                                MD5:82D7AB0FF6C34DB264FD6778818F42B1
                                                                                                                                                                                                                                                                                                                SHA1:EB508BD01721BA67F7DAAD55BA8E7ACDB0A096EB
                                                                                                                                                                                                                                                                                                                SHA-256:E84331E84CD61D8BDACC574D5186FB259C00467513AA3F2090406330F68A45DB
                                                                                                                                                                                                                                                                                                                SHA-512:176458B03CC2B2D3711965CD277531E002AE55D284B6C9178D2353E268F882430235468E5A1E9E45C8427864D109CF30A024A993B4763A75FA2744F6E0A6AE2A
                                                                                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                                                                                Preview:IDS_ACCESS_CODE_CAST_ACCESS_CODE_MESSAGE,1400,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_BACK,1401,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_CAST,1402,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_CONNECT,1403,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_DIALOG_TITLE,1404,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_ENTER_CHARACTER,1405,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_ERROR_ACCESS_CODE,1406,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_ERROR_DIFFERENT_NETWORK,1407,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_ERROR_NETWORK,1408,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_ERROR_PERMISSION,1409,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_ERROR_TOO_MANY_REQUESTS,1410,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_E

                                                                                                                                                                                                                                                                                                                C:\Users\user\PCAppStore\nwjs\locales\el.pak

                                                                                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\nsr7B99.tmp
                                                                                                                                                                                                                                                                                                                File Type:data
                                                                                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                                                                                Size (bytes):1016551
                                                                                                                                                                                                                                                                                                                Entropy (8bit):4.766567786580532
                                                                                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                                                                                SSDEEP:24576:WStxYcxPdGgxh1hxFFiL9+YJXDsSaSmqHuuD2Np6P4j/MAVH8yeVd85tRDQr3egJ:TtxYcxPdGgxh1hxFFiL9+YJXDsSaSmqv
                                                                                                                                                                                                                                                                                                                MD5:F497F06BC0430F2FA1E2BFFC32E2B9C5
                                                                                                                                                                                                                                                                                                                SHA1:38141C3F85FD4A8FCF2A82B0DEB68BD93F062F60
                                                                                                                                                                                                                                                                                                                SHA-256:B3CB15115252BBF1363B7231ED32309C9E2E5B6EEEC1B2BBC2700A49A26E56D0
                                                                                                                                                                                                                                                                                                                SHA-512:C455DE6466A9FA535C685163A6B4540DC00EB51CC5565ADDFB0E124E3A29CD4AFEC7AB9DF7848C9D3A6C7F435E1CC761F74D8F162D8BC7378D086E96EFA2E705
                                                                                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                                                                                Preview:........%&(.e.....h.....i.....j.....k.....l.....n.....o.....p.....q.....r.....s.....t.....v.....w.(...y.....z.=...|.C...}.U.....].....b.....j.....r.....z...........................................................R.....y.....W...........C.....>...................................X.................C.......................O.................k...........J.....j.....9...........X.......................(.....b.....4...........s...........u.....1.......................z...........0.....d.....\...... ....I ..... .....!.....!....!".....".....#.....#.....#.....$....<%....|%.....%.....&....m'.....'.....(.....(.....).....)...."*.....*.....+....1,....X,.....-.....-....'.....N....../...../....#0....D0....O1....W2.....2....%3.....3.....4....!5....V5.....5.....6.....6.....6.....7....(8.....8.....8.....9....Y:.....:....-;.....;....|<.....<.....<.....=....l>.....>.....>.....?.....@....!A....PA....zB.....C....KD.....D.....E....lF.....F....&G....6H....2I.....I.....I.....J....iK.....K.....K.....L.....M....zN

                                                                                                                                                                                                                                                                                                                C:\Users\user\PCAppStore\nwjs\locales\el.pak.info

                                                                                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\nsr7B99.tmp
                                                                                                                                                                                                                                                                                                                File Type:CSV text
                                                                                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                                                                                Size (bytes):1051021
                                                                                                                                                                                                                                                                                                                Entropy (8bit):5.4211132061857965
                                                                                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                                                                                SSDEEP:12288:SDb4GbP8IrxcFMOCGHo2QZIZ40P7usnnR6yTgkXb2X:dTgkXO
                                                                                                                                                                                                                                                                                                                MD5:82D7AB0FF6C34DB264FD6778818F42B1
                                                                                                                                                                                                                                                                                                                SHA1:EB508BD01721BA67F7DAAD55BA8E7ACDB0A096EB
                                                                                                                                                                                                                                                                                                                SHA-256:E84331E84CD61D8BDACC574D5186FB259C00467513AA3F2090406330F68A45DB
                                                                                                                                                                                                                                                                                                                SHA-512:176458B03CC2B2D3711965CD277531E002AE55D284B6C9178D2353E268F882430235468E5A1E9E45C8427864D109CF30A024A993B4763A75FA2744F6E0A6AE2A
                                                                                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                                                                                Preview:IDS_ACCESS_CODE_CAST_ACCESS_CODE_MESSAGE,1400,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_BACK,1401,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_CAST,1402,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_CONNECT,1403,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_DIALOG_TITLE,1404,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_ENTER_CHARACTER,1405,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_ERROR_ACCESS_CODE,1406,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_ERROR_DIFFERENT_NETWORK,1407,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_ERROR_NETWORK,1408,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_ERROR_PERMISSION,1409,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_ERROR_TOO_MANY_REQUESTS,1410,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_E

                                                                                                                                                                                                                                                                                                                C:\Users\user\PCAppStore\nwjs\locales\en-GB.pak

                                                                                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\nsr7B99.tmp
                                                                                                                                                                                                                                                                                                                File Type:data
                                                                                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                                                                                Size (bytes):459985
                                                                                                                                                                                                                                                                                                                Entropy (8bit):5.5152848417450615
                                                                                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                                                                                SSDEEP:6144:HAeAGZgSZ+XKFELrqmjLCd3MP9ej7HXfaYISMv5n5CSEBcWRnFc:HjfZgseoEL5C3Ma7H6N5CSgc
                                                                                                                                                                                                                                                                                                                MD5:F8EEEBF6B363D8578D769AA05FED5BA7
                                                                                                                                                                                                                                                                                                                SHA1:12E8B6FE48CA49936769B766A9A13510D9569A20
                                                                                                                                                                                                                                                                                                                SHA-256:1F7D3BEACD2A55F3BF2D3571BEF1D05FA333FADD9E6CA141C2525B0678824CDD
                                                                                                                                                                                                                                                                                                                SHA-512:3AAE1B6881E50E88635336218D7C13ACF81687AD78FB902900746EB875D9DD29DBF83A1D51344DF617DD86E31BAAD04564460ECC48886308E742830412E8C71D
                                                                                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                                                                                Preview:.........&..e.`...h.d...i.r...j.~...k.....l.....n.....o.....p.....q.....r.....s.....t.....v.....w.....y.....z.....|.....}.-.....5.....:.....B.....J.....R.....Y.....`.....g.....h.....i.....n.....{.............................~.......................|.................$.....}.................(.....t.......................J.....s.......................5.....B.............................v.......................l.......................H.............................^.......................^.......................*.....E.....T.............................8.....u.......................J.....|.................&.....S....._.......................!.....i.......................).....n.......................[.......................:.....].....s.............................{.......................J.......................1.....h.......................;.....j.....z.................W.....o...........B.......................X.......................N.....z.......................4.....D..................

                                                                                                                                                                                                                                                                                                                C:\Users\user\PCAppStore\nwjs\locales\en-GB.pak.info

                                                                                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\nsr7B99.tmp
                                                                                                                                                                                                                                                                                                                File Type:CSV text
                                                                                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                                                                                Size (bytes):1051021
                                                                                                                                                                                                                                                                                                                Entropy (8bit):5.4211132061857965
                                                                                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                                                                                SSDEEP:12288:SDb4GbP8IrxcFMOCGHo2QZIZ40P7usnnR6yTgkXb2X:dTgkXO
                                                                                                                                                                                                                                                                                                                MD5:82D7AB0FF6C34DB264FD6778818F42B1
                                                                                                                                                                                                                                                                                                                SHA1:EB508BD01721BA67F7DAAD55BA8E7ACDB0A096EB
                                                                                                                                                                                                                                                                                                                SHA-256:E84331E84CD61D8BDACC574D5186FB259C00467513AA3F2090406330F68A45DB
                                                                                                                                                                                                                                                                                                                SHA-512:176458B03CC2B2D3711965CD277531E002AE55D284B6C9178D2353E268F882430235468E5A1E9E45C8427864D109CF30A024A993B4763A75FA2744F6E0A6AE2A
                                                                                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                                                                                Preview:IDS_ACCESS_CODE_CAST_ACCESS_CODE_MESSAGE,1400,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_BACK,1401,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_CAST,1402,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_CONNECT,1403,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_DIALOG_TITLE,1404,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_ENTER_CHARACTER,1405,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_ERROR_ACCESS_CODE,1406,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_ERROR_DIFFERENT_NETWORK,1407,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_ERROR_NETWORK,1408,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_ERROR_PERMISSION,1409,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_ERROR_TOO_MANY_REQUESTS,1410,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_E

                                                                                                                                                                                                                                                                                                                C:\Users\user\PCAppStore\nwjs\locales\en-US.pak

                                                                                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\nsr7B99.tmp
                                                                                                                                                                                                                                                                                                                File Type:data
                                                                                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                                                                                Size (bytes):464664
                                                                                                                                                                                                                                                                                                                Entropy (8bit):5.505055040425703
                                                                                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                                                                                SSDEEP:6144:V0BSJCCPeiISZuw3jcMP9eD3D9faYLbcNx5FSZngP/eXywB:8SJDPeDIjcMY3DzA5FSHywB
                                                                                                                                                                                                                                                                                                                MD5:4B6300C27E7575C32888C1F3364D5346
                                                                                                                                                                                                                                                                                                                SHA1:C5F5E1D3524ACC96FB4E18C08B02F54ABF83C3D4
                                                                                                                                                                                                                                                                                                                SHA-256:0945C89B16D4FEBA346E85E14792B772DCC6278F7DCA7FB099A6100C93E79740
                                                                                                                                                                                                                                                                                                                SHA-512:3F21B6F4A3E18755B355CE5F20384D549B3F723104A67C67AE521D2C4544AA3095FADA8855A0CC1A10E7C5BF3E8F55D061AB2DCEC210F76101A61D9484D4EE6F
                                                                                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                                                                                Preview:.........&..e.....h.....i.....j.....k.....l.....n.....o.....p.&...q.,...r.8...s.I...t.R...v.g...w.t...y.z...z.....|.....}.............................................................................................................;.....N.................".....2.................-.....C.......................+.....w.......................<.............................E.....j.................4.....i.................".....S.....a.................#.....3.............................i.......................\.............................6.....U....._.............................e.......................F.............................V.............................>.....I.............................l.......................g.......................).....e.......................+.....M.....\.................5.....[.............................Z.......................?.......................;.......................`.......................a.......................+.....i.......................C ....t

                                                                                                                                                                                                                                                                                                                C:\Users\user\PCAppStore\nwjs\locales\en-US.pak.info

                                                                                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\nsr7B99.tmp
                                                                                                                                                                                                                                                                                                                File Type:CSV text
                                                                                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                                                                                Size (bytes):1051021
                                                                                                                                                                                                                                                                                                                Entropy (8bit):5.4211132061857965
                                                                                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                                                                                SSDEEP:12288:SDb4GbP8IrxcFMOCGHo2QZIZ40P7usnnR6yTgkXb2X:dTgkXO
                                                                                                                                                                                                                                                                                                                MD5:82D7AB0FF6C34DB264FD6778818F42B1
                                                                                                                                                                                                                                                                                                                SHA1:EB508BD01721BA67F7DAAD55BA8E7ACDB0A096EB
                                                                                                                                                                                                                                                                                                                SHA-256:E84331E84CD61D8BDACC574D5186FB259C00467513AA3F2090406330F68A45DB
                                                                                                                                                                                                                                                                                                                SHA-512:176458B03CC2B2D3711965CD277531E002AE55D284B6C9178D2353E268F882430235468E5A1E9E45C8427864D109CF30A024A993B4763A75FA2744F6E0A6AE2A
                                                                                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                                                                                Preview:IDS_ACCESS_CODE_CAST_ACCESS_CODE_MESSAGE,1400,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_BACK,1401,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_CAST,1402,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_CONNECT,1403,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_DIALOG_TITLE,1404,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_ENTER_CHARACTER,1405,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_ERROR_ACCESS_CODE,1406,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_ERROR_DIFFERENT_NETWORK,1407,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_ERROR_NETWORK,1408,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_ERROR_PERMISSION,1409,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_ERROR_TOO_MANY_REQUESTS,1410,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_E

                                                                                                                                                                                                                                                                                                                C:\Users\user\PCAppStore\nwjs\locales\en-XA.pak

                                                                                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\nsr7B99.tmp
                                                                                                                                                                                                                                                                                                                File Type:data
                                                                                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                                                                                Size (bytes):1031027
                                                                                                                                                                                                                                                                                                                Entropy (8bit):5.210875521790238
                                                                                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                                                                                SSDEEP:24576:HmdiMRfFgJWHLboEFFRyYHiLNQTCvXTOnXv1x7S6a8wGi4ADjn1VtuYtP01+Z5zp:H/sm5z9v
                                                                                                                                                                                                                                                                                                                MD5:D5A14353A7FCC1F199F9234BD4551FF9
                                                                                                                                                                                                                                                                                                                SHA1:7476E2846B6C0D03338A074D7FE325BB468992FE
                                                                                                                                                                                                                                                                                                                SHA-256:E5CFEBD81831A65CA268866A8EEADB334F64FA3B0853BD550E5BB69724408FBC
                                                                                                                                                                                                                                                                                                                SHA-512:BCE4FB535509834EA32ACBA72FC22B76CE591F9B6C1C15207B023460F59E9BC6F65118F816A82D235E7F20E26BF822EA102C95B5DA71FCFF099D56215945BD27
                                                                                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                                                                                Preview:.........&g.e.....h.....i.....j.*...k.9...l.D...n.L...o.Q...p.^...q.d...r.p...s.....t.....v.....w.....y.....z.....|.....}.........................................................................8.....[.............................k...........t.....=.............................f.................J.......................t.......................a.......................g.............................]...........i.............................P.......................q........................ ..... ..... .....!....."....O"....y".....#.....#.....$..../$.....$.....%.....%.....%.....&.....'.....(....[(....%).....)....a*.....*....C+.....,....s,.....,....R-..........~...........X/.....0....~0.....0.....1....x2.....3....M3.....4.....4.....5....J5.....6.....6.....7....J7.....8.....8....!9....K9....2:.....:....q;.....;....z<.....=....L=....r=....U>.....?....|?.....?.....@....EA.....A.....B....,C....8D.....D...."E....!F.....F....zG.....G.....H....dI.....I.....I.....J....RK.....K.....K.....L.....M.....N

                                                                                                                                                                                                                                                                                                                C:\Users\user\PCAppStore\nwjs\locales\en-XA.pak.info

                                                                                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\nsr7B99.tmp
                                                                                                                                                                                                                                                                                                                File Type:CSV text
                                                                                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                                                                                Size (bytes):1051021
                                                                                                                                                                                                                                                                                                                Entropy (8bit):5.4211132061857965
                                                                                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                                                                                SSDEEP:12288:SDb4GbP8IrxcFMOCGHo2QZIZ40P7usnnR6yTgkXb2X:dTgkXO
                                                                                                                                                                                                                                                                                                                MD5:82D7AB0FF6C34DB264FD6778818F42B1
                                                                                                                                                                                                                                                                                                                SHA1:EB508BD01721BA67F7DAAD55BA8E7ACDB0A096EB
                                                                                                                                                                                                                                                                                                                SHA-256:E84331E84CD61D8BDACC574D5186FB259C00467513AA3F2090406330F68A45DB
                                                                                                                                                                                                                                                                                                                SHA-512:176458B03CC2B2D3711965CD277531E002AE55D284B6C9178D2353E268F882430235468E5A1E9E45C8427864D109CF30A024A993B4763A75FA2744F6E0A6AE2A
                                                                                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                                                                                Preview:IDS_ACCESS_CODE_CAST_ACCESS_CODE_MESSAGE,1400,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_BACK,1401,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_CAST,1402,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_CONNECT,1403,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_DIALOG_TITLE,1404,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_ENTER_CHARACTER,1405,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_ERROR_ACCESS_CODE,1406,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_ERROR_DIFFERENT_NETWORK,1407,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_ERROR_NETWORK,1408,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_ERROR_PERMISSION,1409,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_ERROR_TOO_MANY_REQUESTS,1410,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_E

                                                                                                                                                                                                                                                                                                                C:\Users\user\PCAppStore\nwjs\locales\es-419.pak

                                                                                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\nsr7B99.tmp
                                                                                                                                                                                                                                                                                                                File Type:data
                                                                                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                                                                                Size (bytes):560321
                                                                                                                                                                                                                                                                                                                Entropy (8bit):5.366866302767652
                                                                                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                                                                                SSDEEP:6144:jjxzJ7FnfONzx0T8puYnKwoR5g6qLFYUudBm+u:nP8/pQj5g64F4Tu
                                                                                                                                                                                                                                                                                                                MD5:AAB525A7681AE93791B283205064E2B4
                                                                                                                                                                                                                                                                                                                SHA1:A021DBDCD3F269B77D7133F47B63906FFF794F76
                                                                                                                                                                                                                                                                                                                SHA-256:5EF4BB4558102F2E39669208BECE79FD5B474E0A87C8A1EED5BCD6B13DA6C6FA
                                                                                                                                                                                                                                                                                                                SHA-512:841CD903FCF716692FF1873EDAC4FEB5F8B907AFEC1D0DEBFABB39255A74B9B2096FAE3E562E95893DAC731EF46D07B12B6A441975042981CC88638B7673B435
                                                                                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                                                                                Preview:........+&".e.....h.....i.....j.....k.....l.....n.....o.....p.....q.....r.....s.....t.....v.*...w.7...y.=...z.L...|.R...}.d.....l.....q.....y.........................................................................................v.................i.................Z...........7.....U...........B.......................B.....l.................<.....d.....u...........o.................n...........".....L...........).....n.................V.................)...................................j.................(.....W.....r.................K.....Z.................R.....h...........E.......................a.......................W.......................<.....l.....v...........D.........................................Y.......................c.................J.......................r...........) ....j ..... .....!....?!....Y!.....!....."....O"....h"....."....5#.....#.....#....*$.....$.....%....(%.....%.....&....z&.....&....#'.....'.....'.....'....5(.....(.....(.....(....7).....).....).....*

                                                                                                                                                                                                                                                                                                                C:\Users\user\PCAppStore\nwjs\locales\es-419.pak.info

                                                                                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\nsr7B99.tmp
                                                                                                                                                                                                                                                                                                                File Type:CSV text
                                                                                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                                                                                Size (bytes):1051021
                                                                                                                                                                                                                                                                                                                Entropy (8bit):5.4211132061857965
                                                                                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                                                                                SSDEEP:12288:SDb4GbP8IrxcFMOCGHo2QZIZ40P7usnnR6yTgkXb2X:dTgkXO
                                                                                                                                                                                                                                                                                                                MD5:82D7AB0FF6C34DB264FD6778818F42B1
                                                                                                                                                                                                                                                                                                                SHA1:EB508BD01721BA67F7DAAD55BA8E7ACDB0A096EB
                                                                                                                                                                                                                                                                                                                SHA-256:E84331E84CD61D8BDACC574D5186FB259C00467513AA3F2090406330F68A45DB
                                                                                                                                                                                                                                                                                                                SHA-512:176458B03CC2B2D3711965CD277531E002AE55D284B6C9178D2353E268F882430235468E5A1E9E45C8427864D109CF30A024A993B4763A75FA2744F6E0A6AE2A
                                                                                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                                                                                Preview:IDS_ACCESS_CODE_CAST_ACCESS_CODE_MESSAGE,1400,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_BACK,1401,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_CAST,1402,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_CONNECT,1403,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_DIALOG_TITLE,1404,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_ENTER_CHARACTER,1405,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_ERROR_ACCESS_CODE,1406,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_ERROR_DIFFERENT_NETWORK,1407,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_ERROR_NETWORK,1408,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_ERROR_PERMISSION,1409,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_ERROR_TOO_MANY_REQUESTS,1410,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_E

                                                                                                                                                                                                                                                                                                                C:\Users\user\PCAppStore\nwjs\locales\es.pak

                                                                                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\nsr7B99.tmp
                                                                                                                                                                                                                                                                                                                File Type:data
                                                                                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                                                                                Size (bytes):559178
                                                                                                                                                                                                                                                                                                                Entropy (8bit):5.34611084339133
                                                                                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                                                                                SSDEEP:6144:tMTZMKZuHswv12Jp/bNg86ip3+UxojFtnj45vzr700Iu96PZrk8jb:AZMKUGVVLpzojTnj45brY0sb
                                                                                                                                                                                                                                                                                                                MD5:078BD56804D26C26E9AA4F41BF6549F6
                                                                                                                                                                                                                                                                                                                SHA1:B1B575D34769F35CF28158BCB40C92264DECC551
                                                                                                                                                                                                                                                                                                                SHA-256:99389110A1497D3999E8CB5799A629A471D221E07C2818CEFEEDB1C95BF5A9F3
                                                                                                                                                                                                                                                                                                                SHA-512:4108B3BDED940A7D3939EE68DD489A4453391BAE548285867B81A50217C248280111853A1EB6838B6C079A01A74D11CEE61E7F441CBC6D7BA91F1DFAE3EE602F
                                                                                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                                                                                Preview:........2&..e.....h.....i.....j.....k.....l.....n.....o.....p.....q.....r.....s.....t."...v.7...w.D...y.J...z.Y...|._...}.q.....y.....~.........................................................................................+.........................................v...........f.................c.......................u.......................v.................7...................................V.....t...........L.......................p.................@.............................#.....q.................K.....~.................@.....h.....w...........:.....p.................R.......................M.......................:.....k.....v.................N.....X.................E.....U...........C.......................Z.......................T.....{...................................A.................1 ..... ..... .....!.....!.....!.....!....."....."....."....."....>#....X#.....#....l$.....$.....$....o%.....%....:&....c&.....&....F'.....'.....'.....'....@(....f(....y(.....(....J).....)

                                                                                                                                                                                                                                                                                                                C:\Users\user\PCAppStore\nwjs\locales\es.pak.info

                                                                                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\nsr7B99.tmp
                                                                                                                                                                                                                                                                                                                File Type:CSV text
                                                                                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                                                                                Size (bytes):1051021
                                                                                                                                                                                                                                                                                                                Entropy (8bit):5.4211132061857965
                                                                                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                                                                                SSDEEP:12288:SDb4GbP8IrxcFMOCGHo2QZIZ40P7usnnR6yTgkXb2X:dTgkXO
                                                                                                                                                                                                                                                                                                                MD5:82D7AB0FF6C34DB264FD6778818F42B1
                                                                                                                                                                                                                                                                                                                SHA1:EB508BD01721BA67F7DAAD55BA8E7ACDB0A096EB
                                                                                                                                                                                                                                                                                                                SHA-256:E84331E84CD61D8BDACC574D5186FB259C00467513AA3F2090406330F68A45DB
                                                                                                                                                                                                                                                                                                                SHA-512:176458B03CC2B2D3711965CD277531E002AE55D284B6C9178D2353E268F882430235468E5A1E9E45C8427864D109CF30A024A993B4763A75FA2744F6E0A6AE2A
                                                                                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                                                                                Preview:IDS_ACCESS_CODE_CAST_ACCESS_CODE_MESSAGE,1400,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_BACK,1401,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_CAST,1402,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_CONNECT,1403,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_DIALOG_TITLE,1404,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_ENTER_CHARACTER,1405,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_ERROR_ACCESS_CODE,1406,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_ERROR_DIFFERENT_NETWORK,1407,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_ERROR_NETWORK,1408,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_ERROR_PERMISSION,1409,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_ERROR_TOO_MANY_REQUESTS,1410,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_E

                                                                                                                                                                                                                                                                                                                C:\Users\user\PCAppStore\nwjs\locales\et.pak

                                                                                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\nsr7B99.tmp
                                                                                                                                                                                                                                                                                                                File Type:data
                                                                                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                                                                                Size (bytes):509452
                                                                                                                                                                                                                                                                                                                Entropy (8bit):5.455817407928288
                                                                                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                                                                                SSDEEP:6144:Z0izVKnUJ1HNRSUSx+DuM/Fb0WmFosQ4Eqsoh7Pwiw4dQH5ejnrlvCKMvaKWcEzn:vVKi7S65JmFosZtQH5ejJsW
                                                                                                                                                                                                                                                                                                                MD5:45E28E64378FABED845EB242A8F1563D
                                                                                                                                                                                                                                                                                                                SHA1:8FAA0651CA0D29596CA294DC448CB870D553C0FF
                                                                                                                                                                                                                                                                                                                SHA-256:68386C75B1E414B5F94E1AA5EB9A98A42B6298177FABB834A8B9E96E1EF70A2D
                                                                                                                                                                                                                                                                                                                SHA-512:3165EC45C2958C382832E4528D38966C28CA90C84777FD48D762FBD75F31FD52BD1B2C069BA4644504913219FAD5DDC08980F69DC67B9AB03D392AFC1321C339
                                                                                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                                                                                Preview:........:&..e.....h.....i.....j.....k.....l.....n.....o.....p.....q.....r.!...s.2...t.;...v.P...w.]...y.c...z.r...|.x...}...............................................................................................................................t.................&.......................I.......................I.......................;.......................=.......................M.......................w.......................{.................'.................).....A...........6.....{.................W.....y.................=.....`.....l...........!.....K.....[...........).....c.....n...........5.....o.....}...........6.....g.....o.........../.....b.....q...........0.....d.....l...........T.......................U.....t.................H.....l.................<.....t.................I.....}.................L.....f.....w...........;.....c.....{...........G ..... ..... .....!.....!.....!.....!.....".....#....I#....n#.....#....J$.....$.....$.....$....-%....I%....]%.....%....+&....Y&

                                                                                                                                                                                                                                                                                                                C:\Users\user\PCAppStore\nwjs\locales\et.pak.info

                                                                                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\nsr7B99.tmp
                                                                                                                                                                                                                                                                                                                File Type:CSV text
                                                                                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                                                                                Size (bytes):1051021
                                                                                                                                                                                                                                                                                                                Entropy (8bit):5.4211132061857965
                                                                                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                                                                                SSDEEP:12288:SDb4GbP8IrxcFMOCGHo2QZIZ40P7usnnR6yTgkXb2X:dTgkXO
                                                                                                                                                                                                                                                                                                                MD5:82D7AB0FF6C34DB264FD6778818F42B1
                                                                                                                                                                                                                                                                                                                SHA1:EB508BD01721BA67F7DAAD55BA8E7ACDB0A096EB
                                                                                                                                                                                                                                                                                                                SHA-256:E84331E84CD61D8BDACC574D5186FB259C00467513AA3F2090406330F68A45DB
                                                                                                                                                                                                                                                                                                                SHA-512:176458B03CC2B2D3711965CD277531E002AE55D284B6C9178D2353E268F882430235468E5A1E9E45C8427864D109CF30A024A993B4763A75FA2744F6E0A6AE2A
                                                                                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                                                                                Preview:IDS_ACCESS_CODE_CAST_ACCESS_CODE_MESSAGE,1400,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_BACK,1401,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_CAST,1402,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_CONNECT,1403,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_DIALOG_TITLE,1404,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_ENTER_CHARACTER,1405,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_ERROR_ACCESS_CODE,1406,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_ERROR_DIFFERENT_NETWORK,1407,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_ERROR_NETWORK,1408,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_ERROR_PERMISSION,1409,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_ERROR_TOO_MANY_REQUESTS,1410,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_E

                                                                                                                                                                                                                                                                                                                C:\Users\user\PCAppStore\nwjs\locales\fa.pak

                                                                                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\nsr7B99.tmp
                                                                                                                                                                                                                                                                                                                File Type:data
                                                                                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                                                                                Size (bytes):825360
                                                                                                                                                                                                                                                                                                                Entropy (8bit):5.0557125829631335
                                                                                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                                                                                SSDEEP:24576:FqvG8u313uyqoT+s1qLpRmX1loT4RmdAQifaQ2XxFMJGk620dri1HMX9O9xdpxHk:Evpu55M
                                                                                                                                                                                                                                                                                                                MD5:A13029CB1D5873121E6BDD0929A6C772
                                                                                                                                                                                                                                                                                                                SHA1:7B88AE77DF959B8C01F5F00F2B0DFC30ED0A85EA
                                                                                                                                                                                                                                                                                                                SHA-256:2527D1821D08E43D2F1259A1F910AF986632B8AEF9257D2FC37BC285AF7EE217
                                                                                                                                                                                                                                                                                                                SHA-512:AF272D021316A71CF2A98126AF9CA993122B3B7B766C6D34003BCDC2FC5936BC4FAE95293B1D74FE35A0C81150D45E95ADABC4B34118974D214049FCDBEE74CA
                                                                                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                                                                                Preview:.........%p.e.....h.....i.....j.....k.*...l.5...n.=...o.B...p.O...q.U...r.a...s.r...t.{...v.....w.....y.....z.....|.....}...................................................................%.....A.....k...........w.....H.......................M.......................]...............................................K.................=...........#.....D...........}.......................O.................Y...........E.....a.................................................................*.....N...........W.................,.............................!.....c.....z...................................@ ..... ..... .....!.....!.....!.....!.....".....#....R#....t#.....$.....$.....$.....$.....%....I&.....&.....&....L'.....'.....'....!(.....(....h).....).....)....}*.....+....j+.....+....>,.....,..../-....u-.....-....k.................e/.....0....a0.....0....&1.....1.....2....%2....#3.....4.....4.....4.....5....N6.....6.....6.....7....98.....8.....8....39.....9.....9.....9.....:....G;.....;.....;

                                                                                                                                                                                                                                                                                                                C:\Users\user\PCAppStore\nwjs\locales\fa.pak.info

                                                                                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\nsr7B99.tmp
                                                                                                                                                                                                                                                                                                                File Type:CSV text
                                                                                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                                                                                Size (bytes):1051021
                                                                                                                                                                                                                                                                                                                Entropy (8bit):5.4211132061857965
                                                                                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                                                                                SSDEEP:12288:SDb4GbP8IrxcFMOCGHo2QZIZ40P7usnnR6yTgkXb2X:dTgkXO
                                                                                                                                                                                                                                                                                                                MD5:82D7AB0FF6C34DB264FD6778818F42B1
                                                                                                                                                                                                                                                                                                                SHA1:EB508BD01721BA67F7DAAD55BA8E7ACDB0A096EB
                                                                                                                                                                                                                                                                                                                SHA-256:E84331E84CD61D8BDACC574D5186FB259C00467513AA3F2090406330F68A45DB
                                                                                                                                                                                                                                                                                                                SHA-512:176458B03CC2B2D3711965CD277531E002AE55D284B6C9178D2353E268F882430235468E5A1E9E45C8427864D109CF30A024A993B4763A75FA2744F6E0A6AE2A
                                                                                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                                                                                Preview:IDS_ACCESS_CODE_CAST_ACCESS_CODE_MESSAGE,1400,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_BACK,1401,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_CAST,1402,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_CONNECT,1403,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_DIALOG_TITLE,1404,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_ENTER_CHARACTER,1405,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_ERROR_ACCESS_CODE,1406,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_ERROR_DIFFERENT_NETWORK,1407,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_ERROR_NETWORK,1408,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_ERROR_PERMISSION,1409,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_ERROR_TOO_MANY_REQUESTS,1410,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_E

                                                                                                                                                                                                                                                                                                                C:\Users\user\PCAppStore\nwjs\locales\fi.pak

                                                                                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\nsr7B99.tmp
                                                                                                                                                                                                                                                                                                                File Type:data
                                                                                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                                                                                Size (bytes):517467
                                                                                                                                                                                                                                                                                                                Entropy (8bit):5.424845538875905
                                                                                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                                                                                SSDEEP:12288:RKUtqd19KJOKu4ar5HZ7kfCHEpyWaZ7WYM:Ntq8S5HFHAl
                                                                                                                                                                                                                                                                                                                MD5:E7B72F44D711DECE8E3043173A553AC4
                                                                                                                                                                                                                                                                                                                SHA1:892424E4E011AAC47B068F9FD929B5E41BCCA525
                                                                                                                                                                                                                                                                                                                SHA-256:5F1A9DF87400AF56F748026F3BAAA41756A4C42FCE4791AABFE2087441689340
                                                                                                                                                                                                                                                                                                                SHA-512:A2907B8E12CCDD0FC5601C37F23CCD5556B4EAE18CB1833481D01B39B30EC643167B0C8295EC9EE8CE851B0C7968E83F9C47C6E1D4543A371A62485D1832835A
                                                                                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                                                                                Preview:.........%..e.....h.....i.....j.....k.....l.....n.#...o.(...p.5...q.;...r.G...s.X...t.a...v.v...w.....y.....z.....|.....}.....................................................................................'.....@...........E.......................s.................(.......................O.......................Y.......................7.............................\.........................................9.......................5.......................8.......................X.................&.............................[.......................!.....k.......................;.....e.....o.................N.....[.................#...................................l.......................a.................0.....~.......................K.......................A.......................?.......................I.............................f.......................^.................7.................................... ....2 ..... ..... .....!.....!....p!.....!.....!.....!....7"....."....."

                                                                                                                                                                                                                                                                                                                C:\Users\user\PCAppStore\nwjs\locales\fi.pak.info

                                                                                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\nsr7B99.tmp
                                                                                                                                                                                                                                                                                                                File Type:CSV text
                                                                                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                                                                                Size (bytes):1051021
                                                                                                                                                                                                                                                                                                                Entropy (8bit):5.4211132061857965
                                                                                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                                                                                SSDEEP:12288:SDb4GbP8IrxcFMOCGHo2QZIZ40P7usnnR6yTgkXb2X:dTgkXO
                                                                                                                                                                                                                                                                                                                MD5:82D7AB0FF6C34DB264FD6778818F42B1
                                                                                                                                                                                                                                                                                                                SHA1:EB508BD01721BA67F7DAAD55BA8E7ACDB0A096EB
                                                                                                                                                                                                                                                                                                                SHA-256:E84331E84CD61D8BDACC574D5186FB259C00467513AA3F2090406330F68A45DB
                                                                                                                                                                                                                                                                                                                SHA-512:176458B03CC2B2D3711965CD277531E002AE55D284B6C9178D2353E268F882430235468E5A1E9E45C8427864D109CF30A024A993B4763A75FA2744F6E0A6AE2A
                                                                                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                                                                                Preview:IDS_ACCESS_CODE_CAST_ACCESS_CODE_MESSAGE,1400,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_BACK,1401,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_CAST,1402,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_CONNECT,1403,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_DIALOG_TITLE,1404,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_ENTER_CHARACTER,1405,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_ERROR_ACCESS_CODE,1406,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_ERROR_DIFFERENT_NETWORK,1407,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_ERROR_NETWORK,1408,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_ERROR_PERMISSION,1409,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_ERROR_TOO_MANY_REQUESTS,1410,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_E

                                                                                                                                                                                                                                                                                                                C:\Users\user\PCAppStore\nwjs\locales\fil.pak

                                                                                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\nsr7B99.tmp
                                                                                                                                                                                                                                                                                                                File Type:data
                                                                                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                                                                                Size (bytes):584976
                                                                                                                                                                                                                                                                                                                Entropy (8bit):5.195604084490558
                                                                                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                                                                                SSDEEP:6144:4ln56kcajNxYUC36tIQy7DQEuq2V8L0dnGNLmG5eXmi1YARFtK:KnAkcmqnxEG5omt
                                                                                                                                                                                                                                                                                                                MD5:F7F3CC17509AF03E639E983A091C2026
                                                                                                                                                                                                                                                                                                                SHA1:D36E61E50B5FA99BE2A3C3727AFEB142969C8308
                                                                                                                                                                                                                                                                                                                SHA-256:5D586C9BFA38452CDFB50BF5D2E9B98E68A8E7CC73E4D641D8FD6BB3E7EC5712
                                                                                                                                                                                                                                                                                                                SHA-512:5A2C037D0AFDC82A4ECA642F43CC10E0040B7F97BE9DA14A8F806970C1E07BEC9CD69AD816A91A41946F35FF7A760ACC65DF21F6CD9D365ACBBA345FF0C1FF70
                                                                                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                                                                                Preview:.........&..e.....h.....i.....j.....k.....l.....n.....o.....p.....q.....r.....s.....t.....v./...w.<...y.B...z.Q...|.W...}.i.....q.....v.....~...................................................................................-.................(.............................4.................5.......................h.......................u.................+...........+.....i...........+.................#.................[.....q...........[.................1.............................5.......................s.......................i.......................R.....|.................h.........................................&.......................(.......................).......................M........... .....=................./.....M.................. ....! ..... ..... .....!....2!.....!....'"....n".....".....#....l#.....#.....#....&$.....$.....$.....$....j%.....%.....&....A&.....&....u'.....'.....'.....(.....)....S).....).....)....d*.....*.....*.....+....j+.....+.....+....",.....,.....,

                                                                                                                                                                                                                                                                                                                C:\Users\user\PCAppStore\nwjs\locales\fil.pak.info

                                                                                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\nsr7B99.tmp
                                                                                                                                                                                                                                                                                                                File Type:CSV text
                                                                                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                                                                                Size (bytes):1051021
                                                                                                                                                                                                                                                                                                                Entropy (8bit):5.4211132061857965
                                                                                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                                                                                SSDEEP:12288:SDb4GbP8IrxcFMOCGHo2QZIZ40P7usnnR6yTgkXb2X:dTgkXO
                                                                                                                                                                                                                                                                                                                MD5:82D7AB0FF6C34DB264FD6778818F42B1
                                                                                                                                                                                                                                                                                                                SHA1:EB508BD01721BA67F7DAAD55BA8E7ACDB0A096EB
                                                                                                                                                                                                                                                                                                                SHA-256:E84331E84CD61D8BDACC574D5186FB259C00467513AA3F2090406330F68A45DB
                                                                                                                                                                                                                                                                                                                SHA-512:176458B03CC2B2D3711965CD277531E002AE55D284B6C9178D2353E268F882430235468E5A1E9E45C8427864D109CF30A024A993B4763A75FA2744F6E0A6AE2A
                                                                                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                                                                                Preview:IDS_ACCESS_CODE_CAST_ACCESS_CODE_MESSAGE,1400,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_BACK,1401,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_CAST,1402,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_CONNECT,1403,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_DIALOG_TITLE,1404,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_ENTER_CHARACTER,1405,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_ERROR_ACCESS_CODE,1406,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_ERROR_DIFFERENT_NETWORK,1407,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_ERROR_NETWORK,1408,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_ERROR_PERMISSION,1409,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_ERROR_TOO_MANY_REQUESTS,1410,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_E

                                                                                                                                                                                                                                                                                                                C:\Users\user\PCAppStore\nwjs\locales\fr.pak

                                                                                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\nsr7B99.tmp
                                                                                                                                                                                                                                                                                                                File Type:data
                                                                                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                                                                                Size (bytes):606342
                                                                                                                                                                                                                                                                                                                Entropy (8bit):5.380118288987104
                                                                                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                                                                                SSDEEP:12288:n2sEZLqUMDpDgEL6QuaMVWXKz05qlZQmZyMYnYtkL09ujzxRe5hxkJSW7v40wCJ/:zj2VIN5JL
                                                                                                                                                                                                                                                                                                                MD5:326917C8F37FE85E58AD3DE991D17A78
                                                                                                                                                                                                                                                                                                                SHA1:683ED0FB95F33DC2B095E774AD3DE84B0E4A63E3
                                                                                                                                                                                                                                                                                                                SHA-256:CFA45E5F86F70AE4D47D82BCEC6C245E618212E67CE8B7BF0A1BE0BE41C6E6E8
                                                                                                                                                                                                                                                                                                                SHA-512:3FDF2B1C8031A06D5140449E22861545CC80E1417A70558DB2ACAC25733AC156A0D7941B053A7CFFB2ED193BBE5E0CAE4F1F68437FA570C612BE606DD10ECAE1
                                                                                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                                                                                Preview:.........&<.e.h...h.l...i.}...j.....k.....l.....n.....o.....p.....q.....r.....s.....t.....v.....w.....y.....z. ...|.&...}.8.....@.....E.....M.....U.....].....d.....k.....r.....s.....t.....v.............................Z...........z...................................k...........P.....l...........G.......................x.........................................c.................>...........).....l.................n.................&.......................\.................-...........Q................./.......................0.......................*.......................B.......................[.......................^.......................K.......................D.......................o...........S.....j...........0.....^.....|.................4.....R.................X.....t...... ..... ..... .....!....[!.....!.....!.....!....[".....".....#....!#.....#.....$....Z$....z$.....$....x%.....%.....%....f&.....&.....'....>'.....'....I(.....(.....(.....)....^).....).....).....*.....*.....*

                                                                                                                                                                                                                                                                                                                C:\Users\user\PCAppStore\nwjs\locales\fr.pak.info

                                                                                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\nsr7B99.tmp
                                                                                                                                                                                                                                                                                                                File Type:CSV text
                                                                                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                                                                                Size (bytes):1051021
                                                                                                                                                                                                                                                                                                                Entropy (8bit):5.4211132061857965
                                                                                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                                                                                SSDEEP:12288:SDb4GbP8IrxcFMOCGHo2QZIZ40P7usnnR6yTgkXb2X:dTgkXO
                                                                                                                                                                                                                                                                                                                MD5:82D7AB0FF6C34DB264FD6778818F42B1
                                                                                                                                                                                                                                                                                                                SHA1:EB508BD01721BA67F7DAAD55BA8E7ACDB0A096EB
                                                                                                                                                                                                                                                                                                                SHA-256:E84331E84CD61D8BDACC574D5186FB259C00467513AA3F2090406330F68A45DB
                                                                                                                                                                                                                                                                                                                SHA-512:176458B03CC2B2D3711965CD277531E002AE55D284B6C9178D2353E268F882430235468E5A1E9E45C8427864D109CF30A024A993B4763A75FA2744F6E0A6AE2A
                                                                                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                                                                                Preview:IDS_ACCESS_CODE_CAST_ACCESS_CODE_MESSAGE,1400,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_BACK,1401,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_CAST,1402,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_CONNECT,1403,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_DIALOG_TITLE,1404,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_ENTER_CHARACTER,1405,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_ERROR_ACCESS_CODE,1406,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_ERROR_DIFFERENT_NETWORK,1407,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_ERROR_NETWORK,1408,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_ERROR_PERMISSION,1409,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_ERROR_TOO_MANY_REQUESTS,1410,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_E

                                                                                                                                                                                                                                                                                                                C:\Users\user\PCAppStore\nwjs\locales\gu.pak

                                                                                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\nsr7B99.tmp
                                                                                                                                                                                                                                                                                                                File Type:data
                                                                                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                                                                                Size (bytes):1177779
                                                                                                                                                                                                                                                                                                                Entropy (8bit):4.338116428198543
                                                                                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                                                                                SSDEEP:3072:C3T12vbLPxCoYITYsRvc38ZUd02GHIwjAwREJKVMjNiT7llj63rhJXlPCKMi5eWt:dTbYITncQi02JCWJL5DAhc2T2
                                                                                                                                                                                                                                                                                                                MD5:D77AEE1AB6AF4FC83813A69D3CA61E46
                                                                                                                                                                                                                                                                                                                SHA1:C0786021AF8C8BBB083E9C4104B68BD28537893A
                                                                                                                                                                                                                                                                                                                SHA-256:5D5E20C5F0CA21D8F1824EEBE8E595FAD4D0E601B224F4433B355A21B643971F
                                                                                                                                                                                                                                                                                                                SHA-512:78C2589BC37594236D5B01C4C6C0CB934CF9CCAE15679159E1BCE64E3F5A3C903F9F7127D0DA8C317FD085A70EDFFDCAC413B4F2627BF14B862794B47BBA042A
                                                                                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                                                                                Preview:........+&".e.....h.....i.....j.....k.....l.....n.....o.....p.....q.....r.....s.....t.&...v.;...w.H...y.N...z.]...|.c...}.u.....}.............................................................................(.....`.................j.................Z.................F.....).............................#.....L...................................=.......................U...............................................|.............................E.....q.....n.....i...........+.....N.....\ .....!....D!.....!....n".....".....".....#....H$.....$.....$....O%.....%....?&....X&....$'.....'....=(....h(....$).....)....?*....a*.....+.....+.....,....),.....,....}-.....-.....-..........S/...../...../.....0.....1.....2.....2.....3....74.....4.....4....;5.....5.....5.....6.....6.....7....08....V8....a9....,:.....:.....;.....;....s<.....<.....<.....=.....>.....>....)?....)@.....@....mA.....A.....B.....C.....D.....D.....E.....F....vG.....G.....H.....I.....I....*J.....J.....K.....L....4L....SM....0N.....N

                                                                                                                                                                                                                                                                                                                C:\Users\user\PCAppStore\nwjs\locales\gu.pak.info

                                                                                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\nsr7B99.tmp
                                                                                                                                                                                                                                                                                                                File Type:CSV text
                                                                                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                                                                                Size (bytes):1051021
                                                                                                                                                                                                                                                                                                                Entropy (8bit):5.4211132061857965
                                                                                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                                                                                SSDEEP:12288:SDb4GbP8IrxcFMOCGHo2QZIZ40P7usnnR6yTgkXb2X:dTgkXO
                                                                                                                                                                                                                                                                                                                MD5:82D7AB0FF6C34DB264FD6778818F42B1
                                                                                                                                                                                                                                                                                                                SHA1:EB508BD01721BA67F7DAAD55BA8E7ACDB0A096EB
                                                                                                                                                                                                                                                                                                                SHA-256:E84331E84CD61D8BDACC574D5186FB259C00467513AA3F2090406330F68A45DB
                                                                                                                                                                                                                                                                                                                SHA-512:176458B03CC2B2D3711965CD277531E002AE55D284B6C9178D2353E268F882430235468E5A1E9E45C8427864D109CF30A024A993B4763A75FA2744F6E0A6AE2A
                                                                                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                                                                                Preview:IDS_ACCESS_CODE_CAST_ACCESS_CODE_MESSAGE,1400,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_BACK,1401,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_CAST,1402,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_CONNECT,1403,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_DIALOG_TITLE,1404,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_ENTER_CHARACTER,1405,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_ERROR_ACCESS_CODE,1406,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_ERROR_DIFFERENT_NETWORK,1407,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_ERROR_NETWORK,1408,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_ERROR_PERMISSION,1409,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_ERROR_TOO_MANY_REQUESTS,1410,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_E

                                                                                                                                                                                                                                                                                                                C:\Users\user\PCAppStore\nwjs\locales\he.pak

                                                                                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\nsr7B99.tmp
                                                                                                                                                                                                                                                                                                                File Type:data
                                                                                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                                                                                Size (bytes):728589
                                                                                                                                                                                                                                                                                                                Entropy (8bit):4.658856122190603
                                                                                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                                                                                SSDEEP:12288:W5SDjhr3FluYMy31frspm29Wqu/kQl4JACVXbfeQCajLn5l67co+oiNB05elmmdi:W5SdY5/oP
                                                                                                                                                                                                                                                                                                                MD5:04C846A7F65C1E95E49CFE69EC9EEB45
                                                                                                                                                                                                                                                                                                                SHA1:78142FD5545EE76B1F90FF5DF6FB7C01D797F3D1
                                                                                                                                                                                                                                                                                                                SHA-256:AFAFB0DADD253E7F665FCB0D9D562D243E32D774B6ABDF602B66734F310E689B
                                                                                                                                                                                                                                                                                                                SHA-512:029F45EE02DAD7D3431B223F5516937E34D685026488BA2DBF7C43FFDEDD1240FA119C349E4F5052CA3FDE109215D6D8813A43297A7E4EDB5D9B063192AC775A
                                                                                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                                                                                Preview:.........%N.e.D...h.H...i.Y...j.e...k.t...l.....n.....o.....p.....q.....r.....s.....t.....v.....w.....y.....z.....|.....}.............!.....).....1.....9.....@.....G.....N.....O.....P.....R.....i.......................}.....3.................g...........%.....>.........................................a.................x.................E...................................=.....m.........................................s...................................q...........8.....Q.......................E...........+.....V.................m.................I...........!.....8...........*.....j.....}...........s.................B.......................s........... .....3.................\.....o...... ..... ..... .....!.....!.....!....."....?".....".....#....>#....b#.....#....Y$.....$.....$....g%.....%...."&...._&.....&....''....H'....a'.....'....D(....u(.....(....4).....).....).....*.....*.....+.... ,....D,.....,....l-.....-.....-.........../....b/...../.....0....u0.....0.....0....~1.....2....k2

                                                                                                                                                                                                                                                                                                                C:\Users\user\PCAppStore\nwjs\locales\he.pak.info

                                                                                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\nsr7B99.tmp
                                                                                                                                                                                                                                                                                                                File Type:CSV text
                                                                                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                                                                                Size (bytes):1051021
                                                                                                                                                                                                                                                                                                                Entropy (8bit):5.4211132061857965
                                                                                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                                                                                SSDEEP:12288:SDb4GbP8IrxcFMOCGHo2QZIZ40P7usnnR6yTgkXb2X:dTgkXO
                                                                                                                                                                                                                                                                                                                MD5:82D7AB0FF6C34DB264FD6778818F42B1
                                                                                                                                                                                                                                                                                                                SHA1:EB508BD01721BA67F7DAAD55BA8E7ACDB0A096EB
                                                                                                                                                                                                                                                                                                                SHA-256:E84331E84CD61D8BDACC574D5186FB259C00467513AA3F2090406330F68A45DB
                                                                                                                                                                                                                                                                                                                SHA-512:176458B03CC2B2D3711965CD277531E002AE55D284B6C9178D2353E268F882430235468E5A1E9E45C8427864D109CF30A024A993B4763A75FA2744F6E0A6AE2A
                                                                                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                                                                                Preview:IDS_ACCESS_CODE_CAST_ACCESS_CODE_MESSAGE,1400,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_BACK,1401,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_CAST,1402,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_CONNECT,1403,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_DIALOG_TITLE,1404,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_ENTER_CHARACTER,1405,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_ERROR_ACCESS_CODE,1406,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_ERROR_DIFFERENT_NETWORK,1407,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_ERROR_NETWORK,1408,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_ERROR_PERMISSION,1409,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_ERROR_TOO_MANY_REQUESTS,1410,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_E

                                                                                                                                                                                                                                                                                                                C:\Users\user\PCAppStore\nwjs\locales\hi.pak

                                                                                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\nsr7B99.tmp
                                                                                                                                                                                                                                                                                                                File Type:data
                                                                                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                                                                                Size (bytes):1250127
                                                                                                                                                                                                                                                                                                                Entropy (8bit):4.3103395858193565
                                                                                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                                                                                SSDEEP:3072:AubcffOrA0yUdRSM7vyWYfbXpgTMoV/BB0ZV1d1AuxXRLiW3Jk1eTByntDPtDl+U:AuAf2E0yjUv3MlgTMJem05f5xhbv
                                                                                                                                                                                                                                                                                                                MD5:114BBD0D21C90DDFCE1D6E26432B7B9C
                                                                                                                                                                                                                                                                                                                SHA1:EBFC476B4D742D9FDF5D0E78996748497EB0B4FF
                                                                                                                                                                                                                                                                                                                SHA-256:E2321752811548A92EF069E53ABE349CAA93BE5596A2579DDE65391EE7CF915B
                                                                                                                                                                                                                                                                                                                SHA-512:6195FC185F8297CA1C38B79339F86F0788B342A90B0E98F1ED5883CBE61725000B1653E911EB749351BB74802B8E75199DCF0C95D903A4422755E809A6A1814D
                                                                                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                                                                                Preview:.........%_.e."...h.&...i.7...j.C...k.R...l.]...n.e...o.j...p.w...q.}...r.....s.....t.....v.....w.....y.....z.....|.....}...........................................%.....,.....-...........0.....R.....w.....................................................g.............................8.....+.............................6.................~...........y.................+.............................8...........^..... .......................W.......................................... ..... .....!.....!....."....y#.....#.....#.....$....b%.....%.....%....s&.....'....M'....f'....=(.....(....b).....)....R*.....+....d+.....+....3,.....,....3-....O-.....-................./...../.....0.....0.....0.....2.....2.....3.....3....x4....#5....p5.....5....76.....6.....6.....7.....7....n8.....8.....9.....:.....:....A;.....;....O<.....<.....=....]=....Q>....-?.....?.....?.....@.....A....BB....zB.....C.....E.....E....+F....9G.....H.....H.....H.....J.....J....~K.....K.....L.....M.....M....:N....7O.....P.....P

                                                                                                                                                                                                                                                                                                                C:\Users\user\PCAppStore\nwjs\locales\hi.pak.info

                                                                                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\nsr7B99.tmp
                                                                                                                                                                                                                                                                                                                File Type:CSV text
                                                                                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                                                                                Size (bytes):1051021
                                                                                                                                                                                                                                                                                                                Entropy (8bit):5.4211132061857965
                                                                                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                                                                                SSDEEP:12288:SDb4GbP8IrxcFMOCGHo2QZIZ40P7usnnR6yTgkXb2X:dTgkXO
                                                                                                                                                                                                                                                                                                                MD5:82D7AB0FF6C34DB264FD6778818F42B1
                                                                                                                                                                                                                                                                                                                SHA1:EB508BD01721BA67F7DAAD55BA8E7ACDB0A096EB
                                                                                                                                                                                                                                                                                                                SHA-256:E84331E84CD61D8BDACC574D5186FB259C00467513AA3F2090406330F68A45DB
                                                                                                                                                                                                                                                                                                                SHA-512:176458B03CC2B2D3711965CD277531E002AE55D284B6C9178D2353E268F882430235468E5A1E9E45C8427864D109CF30A024A993B4763A75FA2744F6E0A6AE2A
                                                                                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                                                                                Preview:IDS_ACCESS_CODE_CAST_ACCESS_CODE_MESSAGE,1400,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_BACK,1401,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_CAST,1402,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_CONNECT,1403,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_DIALOG_TITLE,1404,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_ENTER_CHARACTER,1405,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_ERROR_ACCESS_CODE,1406,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_ERROR_DIFFERENT_NETWORK,1407,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_ERROR_NETWORK,1408,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_ERROR_PERMISSION,1409,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_ERROR_TOO_MANY_REQUESTS,1410,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_E

                                                                                                                                                                                                                                                                                                                C:\Users\user\PCAppStore\nwjs\locales\hr.pak

                                                                                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\nsr7B99.tmp
                                                                                                                                                                                                                                                                                                                File Type:data
                                                                                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                                                                                Size (bytes):562949
                                                                                                                                                                                                                                                                                                                Entropy (8bit):5.503469092776888
                                                                                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                                                                                SSDEEP:3072:5pEDgLd6TlZ/9yZuYUapEXgaBV08L7SkK7D+wwWrDfB+uhAxqOSAq6+xMcwd0uPJ:HEDjTMzU0EV7xHwPBhbKBc5ag7yIjR/K
                                                                                                                                                                                                                                                                                                                MD5:54308E58D399D0F1C4E66A4A4B6E3B59
                                                                                                                                                                                                                                                                                                                SHA1:8DFCE74D45801654531C78E34CF6A6C2E4BA5556
                                                                                                                                                                                                                                                                                                                SHA-256:8141D126CD8ED7CD29B998E4A778E81AEC043BC126B5D2B0FB62F95C5FBF1F62
                                                                                                                                                                                                                                                                                                                SHA-512:33C74ACE0F430D2E7963512075007DCA70ADCDD43FCE31A27F925351CEB00CFECE329EC5E9B60DACFF7E28DA322FC9CEFF3FCD9AE3A7BB6655400F1A580C3EA2
                                                                                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                                                                                Preview:........F&..e.....h.....i.....j.....k.....l.....n.....o.....p.'...q.-...r.9...s.J...t.S...v.h...w.u...y.{...z.....|.....}.......................................................................................................C.................0.......................c...........#.....B.................R.....h...........".....T.....d.................2.....B.................G.....l...........i.................D.......................k...................................L.....g.............................e.......................C.............................U.....v.................I.......................D.....r.................L.......................A.....l.....|...........'.....T.....d...........T.......................Z.....|.................@....._.................(.....U.....l...........K.......................m.................. ....u ..... ..... ....G!.....!.....!.....".....".....#....t#.....#.....$....n$.....$.....$....9%.....%.....%.....%....'&....p&.....&.....&.....'....|'.....'

                                                                                                                                                                                                                                                                                                                C:\Users\user\PCAppStore\nwjs\locales\hr.pak.info

                                                                                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\nsr7B99.tmp
                                                                                                                                                                                                                                                                                                                File Type:CSV text
                                                                                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                                                                                Size (bytes):1051021
                                                                                                                                                                                                                                                                                                                Entropy (8bit):5.4211132061857965
                                                                                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                                                                                SSDEEP:12288:SDb4GbP8IrxcFMOCGHo2QZIZ40P7usnnR6yTgkXb2X:dTgkXO
                                                                                                                                                                                                                                                                                                                MD5:82D7AB0FF6C34DB264FD6778818F42B1
                                                                                                                                                                                                                                                                                                                SHA1:EB508BD01721BA67F7DAAD55BA8E7ACDB0A096EB
                                                                                                                                                                                                                                                                                                                SHA-256:E84331E84CD61D8BDACC574D5186FB259C00467513AA3F2090406330F68A45DB
                                                                                                                                                                                                                                                                                                                SHA-512:176458B03CC2B2D3711965CD277531E002AE55D284B6C9178D2353E268F882430235468E5A1E9E45C8427864D109CF30A024A993B4763A75FA2744F6E0A6AE2A
                                                                                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                                                                                Preview:IDS_ACCESS_CODE_CAST_ACCESS_CODE_MESSAGE,1400,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_BACK,1401,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_CAST,1402,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_CONNECT,1403,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_DIALOG_TITLE,1404,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_ENTER_CHARACTER,1405,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_ERROR_ACCESS_CODE,1406,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_ERROR_DIFFERENT_NETWORK,1407,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_ERROR_NETWORK,1408,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_ERROR_PERMISSION,1409,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_ERROR_TOO_MANY_REQUESTS,1410,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_E

                                                                                                                                                                                                                                                                                                                C:\Users\user\PCAppStore\nwjs\locales\hu.pak

                                                                                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\nsr7B99.tmp
                                                                                                                                                                                                                                                                                                                File Type:data
                                                                                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                                                                                Size (bytes):605952
                                                                                                                                                                                                                                                                                                                Entropy (8bit):5.638270541961174
                                                                                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                                                                                SSDEEP:6144:n0L6iTfLsgtbgq0LcP9wHs8DfcAujkatvV5RvBFZfpduYG3b7ZNIeHK9njDi59Rj:iTfrtcFQA0V5RvBn0zzKY5u0vv
                                                                                                                                                                                                                                                                                                                MD5:B7AA52653BBABCC713A03067E6FCFCC3
                                                                                                                                                                                                                                                                                                                SHA1:B18CC0B968C4C0F156E33F5C493E6C09760161DD
                                                                                                                                                                                                                                                                                                                SHA-256:244BE241E2FD68882ADB0C1A1C4AE93B1406AE22CCC14BCB37FC09FE3C2831A5
                                                                                                                                                                                                                                                                                                                SHA-512:CB393247F79F1A6CDD685AD9729D0C7FD3BFADB5591CD822A4F92BA19448E50C148517DC0DDC14C37243CC0145A5AB17D27C45CCEBDCCB76CEC70C1B444D07C0
                                                                                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                                                                                Preview:.........&L.e.H...h.L...i.]...j.g...k.v...l.....n.....o.....p.....q.....r.....s.....t.....v.....w.....y.....z.....|.....}.............#.....+.....3.....;.....B.....I.....P.....Q.....R.....W.....g.....}.................T...........u...................................f...........L.....f...........^.........................................(.......................{...........-.....^.............................s...........(.....:...........!.....c.....s...........v.................k...........W.....v...........j.........................................).......................q...........M.....d...........n.................>.................+.................W.....l...........r.................C...........(.....>..........." ....I ....e ..... ....0!....\!.....!.....!....L"....."....."....4#.....#.....#....&$.....$.....$.....$.....%.....%.....%.....&.....&.....&.....'....c'.....'.....(.....(....%)....4).....)....[*.....*.....*....s+.....+....:,....V,.....,....$-....U-....q-.....-....b.......

                                                                                                                                                                                                                                                                                                                C:\Users\user\PCAppStore\nwjs\locales\hu.pak.info

                                                                                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\nsr7B99.tmp
                                                                                                                                                                                                                                                                                                                File Type:CSV text
                                                                                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                                                                                Size (bytes):1051021
                                                                                                                                                                                                                                                                                                                Entropy (8bit):5.4211132061857965
                                                                                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                                                                                SSDEEP:12288:SDb4GbP8IrxcFMOCGHo2QZIZ40P7usnnR6yTgkXb2X:dTgkXO
                                                                                                                                                                                                                                                                                                                MD5:82D7AB0FF6C34DB264FD6778818F42B1
                                                                                                                                                                                                                                                                                                                SHA1:EB508BD01721BA67F7DAAD55BA8E7ACDB0A096EB
                                                                                                                                                                                                                                                                                                                SHA-256:E84331E84CD61D8BDACC574D5186FB259C00467513AA3F2090406330F68A45DB
                                                                                                                                                                                                                                                                                                                SHA-512:176458B03CC2B2D3711965CD277531E002AE55D284B6C9178D2353E268F882430235468E5A1E9E45C8427864D109CF30A024A993B4763A75FA2744F6E0A6AE2A
                                                                                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                                                                                Preview:IDS_ACCESS_CODE_CAST_ACCESS_CODE_MESSAGE,1400,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_BACK,1401,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_CAST,1402,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_CONNECT,1403,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_DIALOG_TITLE,1404,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_ENTER_CHARACTER,1405,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_ERROR_ACCESS_CODE,1406,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_ERROR_DIFFERENT_NETWORK,1407,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_ERROR_NETWORK,1408,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_ERROR_PERMISSION,1409,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_ERROR_TOO_MANY_REQUESTS,1410,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_E

                                                                                                                                                                                                                                                                                                                C:\Users\user\PCAppStore\nwjs\locales\id.pak

                                                                                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\nsr7B99.tmp
                                                                                                                                                                                                                                                                                                                File Type:data
                                                                                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                                                                                Size (bytes):500354
                                                                                                                                                                                                                                                                                                                Entropy (8bit):5.374540321275158
                                                                                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                                                                                SSDEEP:6144:HDTG/Veh932Bmcwf/yG+wFZf+MVnjHF3mmi8IxZ5GZhWwkK5cTSzo7IEji4JHw:HHG8h94sXyMFTVnjHFWmNIb5GZhow
                                                                                                                                                                                                                                                                                                                MD5:0EFA0011CE0365AE4AFC08753F559098
                                                                                                                                                                                                                                                                                                                SHA1:6AFC5115DFC222F0F2B2265A591B571803787DCA
                                                                                                                                                                                                                                                                                                                SHA-256:A780C4E8E48CBDF2064CFF3E9E025103739B3763E3B82DDD99C97DFFF8FB1CE2
                                                                                                                                                                                                                                                                                                                SHA-512:21C34901F5260606F14FE0E004851AF4DFA6960C28872417FB995ADAC4B2652609D9C0F5F30C0F76F4287217ADCDC0ACF1545CBD4E5A6F4B15565668840BCB75
                                                                                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                                                                                Preview:.........&3.e.z...h.~...i.....j.....k.....l.....n.....o.....p.....q.....r.....s.....t.....v.....w.....y.#...z.2...|.8...}.J.....R.....W....._.....g.....o.....v.....}.....................................................@.......................`.......................Q.......................m.......................p.......................N.......................8.......................@.......................4............................._......................._.................!.......................(.....e.......................$.....I.....U.......................!.....|.......................c.......................>.............................e.......................L.....~.................?.....u.......................(.....9.............................b.......................C.......................'.....c.....}.................=.....k.....z...........6.....r...................................Y.......................l.......................B ..... ..... ..... .....!....q!.....!

                                                                                                                                                                                                                                                                                                                C:\Users\user\PCAppStore\nwjs\locales\id.pak.info

                                                                                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\nsr7B99.tmp
                                                                                                                                                                                                                                                                                                                File Type:CSV text
                                                                                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                                                                                Size (bytes):1051021
                                                                                                                                                                                                                                                                                                                Entropy (8bit):5.4211132061857965
                                                                                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                                                                                SSDEEP:12288:SDb4GbP8IrxcFMOCGHo2QZIZ40P7usnnR6yTgkXb2X:dTgkXO
                                                                                                                                                                                                                                                                                                                MD5:82D7AB0FF6C34DB264FD6778818F42B1
                                                                                                                                                                                                                                                                                                                SHA1:EB508BD01721BA67F7DAAD55BA8E7ACDB0A096EB
                                                                                                                                                                                                                                                                                                                SHA-256:E84331E84CD61D8BDACC574D5186FB259C00467513AA3F2090406330F68A45DB
                                                                                                                                                                                                                                                                                                                SHA-512:176458B03CC2B2D3711965CD277531E002AE55D284B6C9178D2353E268F882430235468E5A1E9E45C8427864D109CF30A024A993B4763A75FA2744F6E0A6AE2A
                                                                                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                                                                                Preview:IDS_ACCESS_CODE_CAST_ACCESS_CODE_MESSAGE,1400,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_BACK,1401,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_CAST,1402,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_CONNECT,1403,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_DIALOG_TITLE,1404,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_ENTER_CHARACTER,1405,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_ERROR_ACCESS_CODE,1406,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_ERROR_DIFFERENT_NETWORK,1407,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_ERROR_NETWORK,1408,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_ERROR_PERMISSION,1409,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_ERROR_TOO_MANY_REQUESTS,1410,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_E

                                                                                                                                                                                                                                                                                                                C:\Users\user\PCAppStore\nwjs\locales\it.pak

                                                                                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\nsr7B99.tmp
                                                                                                                                                                                                                                                                                                                File Type:data
                                                                                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                                                                                Size (bytes):558299
                                                                                                                                                                                                                                                                                                                Entropy (8bit):5.272942823509238
                                                                                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                                                                                SSDEEP:6144:qrF11tFO6w7oWhI7xO2/IJ/jNLiISIqRRRsO1StiRT9TjexKqcQxLcaPpzHi9fLN:u1tFFehoXFZxR8g26sjoh59koF
                                                                                                                                                                                                                                                                                                                MD5:12FFE0FC0BE1B4134F219BD3B6D8F550
                                                                                                                                                                                                                                                                                                                SHA1:DC14159AEA6643FEED260C3E3EB9BF4286FFFD9C
                                                                                                                                                                                                                                                                                                                SHA-256:4FFAADC42BB0F78B78061EEC23B39BEBF34BA3B9B4F2CD0415FD3C94B2C828D3
                                                                                                                                                                                                                                                                                                                SHA-512:423EB3AA074617C8FB64EA909CF860C8706B73B5CBC97D85D21E9298DC53CF9451DECCB1DE45B19377E8E2461D78282D587264340BCE8F487AD48B0DDEE55123
                                                                                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                                                                                Preview:........)&$.e.....h.....i.....j.....k.....l.....n.....o.....p.....q.....r.....s.....t.....v.....w.;...y.A...z.P...|.V...}.h.....p.....u.....}.........................................................................................w.................X.................2.................'.................g.................(.....O.....].................$.....3.................L.....v...........n.................X.......................y.................".................?.....X...........R.................'.....s.......................W....................... .....G.....R.................\.....n.................J.....U................. .....).....x.......................Q.......................Z.................,.............................U.............................d.................(.......................c.......................>.....|.................J ..... ..... .....!.....!..../"....."....."....<#.....#.....#.....$.....$.....%....W%....m%.....%.....%.....&..../&.....&.....&....:'

                                                                                                                                                                                                                                                                                                                C:\Users\user\PCAppStore\nwjs\locales\it.pak.info

                                                                                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\nsr7B99.tmp
                                                                                                                                                                                                                                                                                                                File Type:CSV text
                                                                                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                                                                                Size (bytes):1051021
                                                                                                                                                                                                                                                                                                                Entropy (8bit):5.4211132061857965
                                                                                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                                                                                SSDEEP:12288:SDb4GbP8IrxcFMOCGHo2QZIZ40P7usnnR6yTgkXb2X:dTgkXO
                                                                                                                                                                                                                                                                                                                MD5:82D7AB0FF6C34DB264FD6778818F42B1
                                                                                                                                                                                                                                                                                                                SHA1:EB508BD01721BA67F7DAAD55BA8E7ACDB0A096EB
                                                                                                                                                                                                                                                                                                                SHA-256:E84331E84CD61D8BDACC574D5186FB259C00467513AA3F2090406330F68A45DB
                                                                                                                                                                                                                                                                                                                SHA-512:176458B03CC2B2D3711965CD277531E002AE55D284B6C9178D2353E268F882430235468E5A1E9E45C8427864D109CF30A024A993B4763A75FA2744F6E0A6AE2A
                                                                                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                                                                                Preview:IDS_ACCESS_CODE_CAST_ACCESS_CODE_MESSAGE,1400,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_BACK,1401,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_CAST,1402,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_CONNECT,1403,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_DIALOG_TITLE,1404,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_ENTER_CHARACTER,1405,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_ERROR_ACCESS_CODE,1406,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_ERROR_DIFFERENT_NETWORK,1407,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_ERROR_NETWORK,1408,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_ERROR_PERMISSION,1409,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_ERROR_TOO_MANY_REQUESTS,1410,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_E

                                                                                                                                                                                                                                                                                                                C:\Users\user\PCAppStore\nwjs\locales\ja.pak

                                                                                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\nsr7B99.tmp
                                                                                                                                                                                                                                                                                                                File Type:data
                                                                                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                                                                                Size (bytes):677279
                                                                                                                                                                                                                                                                                                                Entropy (8bit):5.7261443457831875
                                                                                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                                                                                SSDEEP:6144:5mNTLdjIcq5eHWv0WSGRBZ6Q2T+NbX5+Fo1Vi:5mNTxqe2ccBZ6Q2T+h5+FF
                                                                                                                                                                                                                                                                                                                MD5:A92DA679A63FB99BB5F3BCF829168D21
                                                                                                                                                                                                                                                                                                                SHA1:F15AA9BA6A952490DD881C82DED179FE03E50E80
                                                                                                                                                                                                                                                                                                                SHA-256:F78FEB7523A3B4C795AC02EB66FD455B0F490257549D681B7AA07255E99AB9D9
                                                                                                                                                                                                                                                                                                                SHA-512:3055528033206B6F32371A1BA05633614C0A3A9AF4FE2326FA3E6689BF535D5D540D926E08963FB668B02EEFF216DC2ECABED035C821C83E5D96CD2ED1531835
                                                                                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                                                                                Preview:........e%..e.....h.....i.....j.(...k.9...l.B...m.J...o._...p.l...q.r...v.~...w.....y.....z.....|.....}.....................................................................................1.....O.....p...........+.................'.................Z.....r...................................|.............................9.....K.................F.....V...........R.................@.................%.................8.....H...........#.....T.....c...........D.....{...........3...........5.....P.................6.....R...........S.................A.................*...........d.................`...........2.....A...........=.......................}.................P.................1...........j.................j............ ....: ..... .....!....Q!....r!.....!....^"....."....."....f#.....#....*$....d$.....$.....%....>%....M%.....%....R&.....&.....&....''.....'.....'.....'....z(.....).....).....).....*.....*.....*.....+.....+....1,....w,.....,.....-.....-.....-.....-....k...........4/....O/

                                                                                                                                                                                                                                                                                                                C:\Users\user\PCAppStore\nwjs\locales\ja.pak.info

                                                                                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\nsr7B99.tmp
                                                                                                                                                                                                                                                                                                                File Type:CSV text
                                                                                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                                                                                Size (bytes):1051021
                                                                                                                                                                                                                                                                                                                Entropy (8bit):5.4211132061857965
                                                                                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                                                                                SSDEEP:12288:SDb4GbP8IrxcFMOCGHo2QZIZ40P7usnnR6yTgkXb2X:dTgkXO
                                                                                                                                                                                                                                                                                                                MD5:82D7AB0FF6C34DB264FD6778818F42B1
                                                                                                                                                                                                                                                                                                                SHA1:EB508BD01721BA67F7DAAD55BA8E7ACDB0A096EB
                                                                                                                                                                                                                                                                                                                SHA-256:E84331E84CD61D8BDACC574D5186FB259C00467513AA3F2090406330F68A45DB
                                                                                                                                                                                                                                                                                                                SHA-512:176458B03CC2B2D3711965CD277531E002AE55D284B6C9178D2353E268F882430235468E5A1E9E45C8427864D109CF30A024A993B4763A75FA2744F6E0A6AE2A
                                                                                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                                                                                Preview:IDS_ACCESS_CODE_CAST_ACCESS_CODE_MESSAGE,1400,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_BACK,1401,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_CAST,1402,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_CONNECT,1403,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_DIALOG_TITLE,1404,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_ENTER_CHARACTER,1405,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_ERROR_ACCESS_CODE,1406,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_ERROR_DIFFERENT_NETWORK,1407,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_ERROR_NETWORK,1408,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_ERROR_PERMISSION,1409,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_ERROR_TOO_MANY_REQUESTS,1410,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_E

                                                                                                                                                                                                                                                                                                                C:\Users\user\PCAppStore\nwjs\locales\kn.pak

                                                                                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\nsr7B99.tmp
                                                                                                                                                                                                                                                                                                                File Type:data
                                                                                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                                                                                Size (bytes):1341496
                                                                                                                                                                                                                                                                                                                Entropy (8bit):4.250874916501427
                                                                                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                                                                                SSDEEP:12288:v/9cYunn57Dz6f03QIBR0UInI7L5IazUG4pt+h9lcQ:nCYu5i25PUS
                                                                                                                                                                                                                                                                                                                MD5:F13C1631BB1E180C07CB10C5142CEC74
                                                                                                                                                                                                                                                                                                                SHA1:BD3B971893D3CE2206EDD040ED0EAB9BA010BD18
                                                                                                                                                                                                                                                                                                                SHA-256:3A63D9B5BDECE8442ACA6971771A660BCEAE995CA96394FA88B024FEF3C93BF7
                                                                                                                                                                                                                                                                                                                SHA-512:9122A55CE0E09ADAFE0162337B518228441D9A852E68761BFB62B656415F25386B3DB41279699F8035BE3BB3EA003FCBA91B5D5FC6EC538EF79E9486A488280A
                                                                                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                                                                                Preview:........M&..e.....h.....i.....j.....k.....l.....n.#...o.(...p.5...q.;...r.G...s.X...t.a...v.v...w.....y.....z.....|.....}.........................................................................(....._.................j.......................A.....I...........X.........................................]...........Y...........P...........q.....:.............................q...........2.....A...........y...........S...........".....1 .....!.....!.....!....)#....?$.....%....Q%.....&.....'.....(....@).....)....r*.....*.....*.....+....@,.....,.....,....U-.....-....>.....S.....6/...../....w0.....0.....1....?2.....2.....2.....3....B4.....4.....4.....5....p6.....6.....7.....7.....8.....9....@9....b:....a;....!<....P<....3=.....=....Q>.....>....>?.....?.....@....,@.....A.....A.....B....`B.....C....PD.....D....eE....MF.....F....RG.....G.....H.....I....'J....yJ.....K.....L....TM.....M....(O.....P.....Q.....Q....8S....6T.....T....lU.....V.....W..../X....|X....IY.....Y....\Z.....Z.....[.....\....]]

                                                                                                                                                                                                                                                                                                                C:\Users\user\PCAppStore\nwjs\locales\kn.pak.info

                                                                                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\nsr7B99.tmp
                                                                                                                                                                                                                                                                                                                File Type:CSV text
                                                                                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                                                                                Size (bytes):1051021
                                                                                                                                                                                                                                                                                                                Entropy (8bit):5.4211132061857965
                                                                                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                                                                                SSDEEP:12288:SDb4GbP8IrxcFMOCGHo2QZIZ40P7usnnR6yTgkXb2X:dTgkXO
                                                                                                                                                                                                                                                                                                                MD5:82D7AB0FF6C34DB264FD6778818F42B1
                                                                                                                                                                                                                                                                                                                SHA1:EB508BD01721BA67F7DAAD55BA8E7ACDB0A096EB
                                                                                                                                                                                                                                                                                                                SHA-256:E84331E84CD61D8BDACC574D5186FB259C00467513AA3F2090406330F68A45DB
                                                                                                                                                                                                                                                                                                                SHA-512:176458B03CC2B2D3711965CD277531E002AE55D284B6C9178D2353E268F882430235468E5A1E9E45C8427864D109CF30A024A993B4763A75FA2744F6E0A6AE2A
                                                                                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                                                                                Preview:IDS_ACCESS_CODE_CAST_ACCESS_CODE_MESSAGE,1400,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_BACK,1401,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_CAST,1402,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_CONNECT,1403,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_DIALOG_TITLE,1404,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_ENTER_CHARACTER,1405,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_ERROR_ACCESS_CODE,1406,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_ERROR_DIFFERENT_NETWORK,1407,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_ERROR_NETWORK,1408,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_ERROR_PERMISSION,1409,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_ERROR_TOO_MANY_REQUESTS,1410,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_E

                                                                                                                                                                                                                                                                                                                C:\Users\user\PCAppStore\nwjs\locales\ko.pak

                                                                                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\nsr7B99.tmp
                                                                                                                                                                                                                                                                                                                File Type:data
                                                                                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                                                                                Size (bytes):569413
                                                                                                                                                                                                                                                                                                                Entropy (8bit):6.084713993678112
                                                                                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                                                                                SSDEEP:12288:OA7Ny//OV2Ngi7QFIyjxMSVG0GTin8t8OQ4E3hvaYrSCqD5tEp7YqGT8U13Xq7hy:OA7Ny/oZO5L8frCT
                                                                                                                                                                                                                                                                                                                MD5:E8448C3D352C76C1C0F2B9F508852D9A
                                                                                                                                                                                                                                                                                                                SHA1:2B7FE9F0A49FE3428E467A4214D0E7EC79CF7B52
                                                                                                                                                                                                                                                                                                                SHA-256:30D515F2E086A7773DD3C7B5E6504729B6D91D9FA7174C3226EB3553F900BBF2
                                                                                                                                                                                                                                                                                                                SHA-512:AE4144323E7EB2C2C97F336EE144C0C739CB5500F7FF382469CB4CE33DBAE35078EACD85F50381912C9D4367DFC9CBCB6C7C7BCE8314A0351B14F950A2209184
                                                                                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                                                                                Preview:........>%..e.....h.....i.....j.....k.....l.....m.....o.....p.....q.....r.....s./...t.8...y.M...z.\...|.b...}.t.....|.....................................................................................................A....._...........8.....y.................p.................3.......................Q.......................V.......................e.......................v.................+.......................!...............................................+.................{.................D.....h.................%.....J.....Z.................%.....5.................W.....s...........7.....k.....{...........B.....v.................E.....u.................C.....t.................y.................:.......................*.......................5.......................O.................#.....t.......................?.......................B.......................U............ ....& ..... ..... ....0!....G!.....!....."....>"....Q".....".....#....$#....7#.....#.....#....($....;$.....$

                                                                                                                                                                                                                                                                                                                C:\Users\user\PCAppStore\nwjs\locales\ko.pak.info

                                                                                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\nsr7B99.tmp
                                                                                                                                                                                                                                                                                                                File Type:CSV text
                                                                                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                                                                                Size (bytes):1051021
                                                                                                                                                                                                                                                                                                                Entropy (8bit):5.4211132061857965
                                                                                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                                                                                SSDEEP:12288:SDb4GbP8IrxcFMOCGHo2QZIZ40P7usnnR6yTgkXb2X:dTgkXO
                                                                                                                                                                                                                                                                                                                MD5:82D7AB0FF6C34DB264FD6778818F42B1
                                                                                                                                                                                                                                                                                                                SHA1:EB508BD01721BA67F7DAAD55BA8E7ACDB0A096EB
                                                                                                                                                                                                                                                                                                                SHA-256:E84331E84CD61D8BDACC574D5186FB259C00467513AA3F2090406330F68A45DB
                                                                                                                                                                                                                                                                                                                SHA-512:176458B03CC2B2D3711965CD277531E002AE55D284B6C9178D2353E268F882430235468E5A1E9E45C8427864D109CF30A024A993B4763A75FA2744F6E0A6AE2A
                                                                                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                                                                                Preview:IDS_ACCESS_CODE_CAST_ACCESS_CODE_MESSAGE,1400,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_BACK,1401,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_CAST,1402,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_CONNECT,1403,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_DIALOG_TITLE,1404,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_ENTER_CHARACTER,1405,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_ERROR_ACCESS_CODE,1406,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_ERROR_DIFFERENT_NETWORK,1407,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_ERROR_NETWORK,1408,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_ERROR_PERMISSION,1409,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_ERROR_TOO_MANY_REQUESTS,1410,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_E

                                                                                                                                                                                                                                                                                                                C:\Users\user\PCAppStore\nwjs\locales\lt.pak

                                                                                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\nsr7B99.tmp
                                                                                                                                                                                                                                                                                                                File Type:data
                                                                                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                                                                                Size (bytes):611429
                                                                                                                                                                                                                                                                                                                Entropy (8bit):5.6299671018290445
                                                                                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                                                                                SSDEEP:12288:QQtetgAZbMAUbgO9aG1DT/G57szII1JgNf6SMM:QDgiMQzOG55IngN/
                                                                                                                                                                                                                                                                                                                MD5:F6F5B593C91B7820C9552FFDDFAC03FC
                                                                                                                                                                                                                                                                                                                SHA1:D771AC14A49C7654043D0AE2DC52239BF4636F65
                                                                                                                                                                                                                                                                                                                SHA-256:FFE7EAC4BC39085977C28BF8BA0060B9A12471C3914A30DF1C46305926242BB6
                                                                                                                                                                                                                                                                                                                SHA-512:45D3580D456F6972259055BFFEDE8745C922DFE2703BCF3A545E73211164E3CA594A56330A2A17EC373AB060C05A7776D88DFBAB5014081948A5F89A849F793C
                                                                                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                                                                                Preview:........&&'.e.....h.....i.....j.....k.....l.....n.....o.....p.....q.....r.....s.....t.....v.(...w.5...y.;...z.J...|.P...}.b.....j.....o.....w.............................................................................v...........d...............................................i.................z.................D...................................?.....V...........P.................3...................................D.....U...........C.....}........... .............................&.....t.................t.................#.......................N...................................E.....X...........L........................................._.................(.................C.....Q.............................h............ ....( ..... ....9!....s!.....!....."....."....."....."....m#.....#....*$....]$.....$....4%....V%....i%.....&.....&.....&.....&.....'.....(....J(....n(.....).....).....*....!*.....*....*+....h+.....+....&,.....,.....,.....-....j-.....-.....-................./....Z/

                                                                                                                                                                                                                                                                                                                C:\Users\user\PCAppStore\nwjs\locales\lt.pak.info

                                                                                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\nsr7B99.tmp
                                                                                                                                                                                                                                                                                                                File Type:CSV text
                                                                                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                                                                                Size (bytes):1051021
                                                                                                                                                                                                                                                                                                                Entropy (8bit):5.4211132061857965
                                                                                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                                                                                SSDEEP:12288:SDb4GbP8IrxcFMOCGHo2QZIZ40P7usnnR6yTgkXb2X:dTgkXO
                                                                                                                                                                                                                                                                                                                MD5:82D7AB0FF6C34DB264FD6778818F42B1
                                                                                                                                                                                                                                                                                                                SHA1:EB508BD01721BA67F7DAAD55BA8E7ACDB0A096EB
                                                                                                                                                                                                                                                                                                                SHA-256:E84331E84CD61D8BDACC574D5186FB259C00467513AA3F2090406330F68A45DB
                                                                                                                                                                                                                                                                                                                SHA-512:176458B03CC2B2D3711965CD277531E002AE55D284B6C9178D2353E268F882430235468E5A1E9E45C8427864D109CF30A024A993B4763A75FA2744F6E0A6AE2A
                                                                                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                                                                                Preview:IDS_ACCESS_CODE_CAST_ACCESS_CODE_MESSAGE,1400,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_BACK,1401,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_CAST,1402,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_CONNECT,1403,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_DIALOG_TITLE,1404,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_ENTER_CHARACTER,1405,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_ERROR_ACCESS_CODE,1406,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_ERROR_DIFFERENT_NETWORK,1407,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_ERROR_NETWORK,1408,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_ERROR_PERMISSION,1409,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_ERROR_TOO_MANY_REQUESTS,1410,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_E

                                                                                                                                                                                                                                                                                                                C:\Users\user\PCAppStore\nwjs\locales\lv.pak

                                                                                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\nsr7B99.tmp
                                                                                                                                                                                                                                                                                                                File Type:data
                                                                                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                                                                                Size (bytes):610750
                                                                                                                                                                                                                                                                                                                Entropy (8bit):5.626685122127425
                                                                                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                                                                                SSDEEP:6144:IbsBLMwr28cTB6aTmNstVFpM6Y97vccj/kbO153ySAbEwT4757esFOHAYXSIENAs:FL8PXVY9rrV15SEwTW5tOmAhm
                                                                                                                                                                                                                                                                                                                MD5:8D8244CEA7D00E7502CFC62908147BB7
                                                                                                                                                                                                                                                                                                                SHA1:2ECF5C264208555EC5BD4530544CC0AEE99F558F
                                                                                                                                                                                                                                                                                                                SHA-256:C9722A6B132E9EF5BCA53565BCBC2CB3C40CB8954F2286250AD15FAFC0D2DCC1
                                                                                                                                                                                                                                                                                                                SHA-512:B5B98ADE8D7EA25477D12CBEB6B1F07FEC5625583B8CC695755195B1EEF0D380C72AE4609955D230B4FD6109AA6B778421E7EAE9D7086FEC03CFF93C93D91791
                                                                                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                                                                                Preview:........J&..e.....h.....i.....j.....k.....l.....n.....o."...p./...q.5...r.A...s.R...t.[...v.p...w.}...y.....z.....|.....}.....................................................................................$.....@....................... .................T.....g.........................................Y.....x...........W.........................................O................. ...........e.................H.............................&....._.....r...................................*.....z.................f.......................o.......................}.................5.................$.................:.....L...........:.....q.................i...............................................#.....u.................P ....k ..... ..... .....!.....!.....!....5"....."....."....."....j#.....#....:$....t$.....$....A%....a%....z%.....%....~&.....&.....&....J'.....'.....(....%(.....(....|).....).....)....z*.....*....5+....[+.....+....V,.....,.....,.....-....r-.....-.....-....4............/

                                                                                                                                                                                                                                                                                                                C:\Users\user\PCAppStore\nwjs\locales\lv.pak.info

                                                                                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\nsr7B99.tmp
                                                                                                                                                                                                                                                                                                                File Type:CSV text
                                                                                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                                                                                Size (bytes):1051021
                                                                                                                                                                                                                                                                                                                Entropy (8bit):5.4211132061857965
                                                                                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                                                                                SSDEEP:12288:SDb4GbP8IrxcFMOCGHo2QZIZ40P7usnnR6yTgkXb2X:dTgkXO
                                                                                                                                                                                                                                                                                                                MD5:82D7AB0FF6C34DB264FD6778818F42B1
                                                                                                                                                                                                                                                                                                                SHA1:EB508BD01721BA67F7DAAD55BA8E7ACDB0A096EB
                                                                                                                                                                                                                                                                                                                SHA-256:E84331E84CD61D8BDACC574D5186FB259C00467513AA3F2090406330F68A45DB
                                                                                                                                                                                                                                                                                                                SHA-512:176458B03CC2B2D3711965CD277531E002AE55D284B6C9178D2353E268F882430235468E5A1E9E45C8427864D109CF30A024A993B4763A75FA2744F6E0A6AE2A
                                                                                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                                                                                Preview:IDS_ACCESS_CODE_CAST_ACCESS_CODE_MESSAGE,1400,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_BACK,1401,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_CAST,1402,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_CONNECT,1403,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_DIALOG_TITLE,1404,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_ENTER_CHARACTER,1405,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_ERROR_ACCESS_CODE,1406,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_ERROR_DIFFERENT_NETWORK,1407,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_ERROR_NETWORK,1408,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_ERROR_PERMISSION,1409,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_ERROR_TOO_MANY_REQUESTS,1410,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_E

                                                                                                                                                                                                                                                                                                                C:\Users\user\PCAppStore\nwjs\locales\ml.pak

                                                                                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\nsr7B99.tmp
                                                                                                                                                                                                                                                                                                                File Type:data
                                                                                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                                                                                Size (bytes):1394062
                                                                                                                                                                                                                                                                                                                Entropy (8bit):4.285571867304228
                                                                                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                                                                                SSDEEP:12288:MYNjRdBR8QA2cMmsbbAx4LJxFq/ixn9mMy6UQ6KfUBp/AZCBEmeyo3ewhp5O47uW:RZRltMTKfUBpUyo3eo5O47xs4+3e
                                                                                                                                                                                                                                                                                                                MD5:979090995F7F9DBFA9FA9A96349DA745
                                                                                                                                                                                                                                                                                                                SHA1:6D9425EB6D3FF6B433A2FFD89DFFB3AEDCDE3588
                                                                                                                                                                                                                                                                                                                SHA-256:C27AC1727F3A3A25ABED09CBF07DA604DD1C42A1855851E63DFCDC9831091EDD
                                                                                                                                                                                                                                                                                                                SHA-512:4D734D7903DD4C39A2392EDA7B6A65929E61FE105ED843718D5CAF8D93DA9FF14A8908B896425335FCE9CA5AE717C29C80E7D85A2A6B80DF9F4FAC8F7A558F38
                                                                                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                                                                                Preview:........G&..e.....h.....i.....j.....k.....l.....n.....o.....p.)...q./...r.;...s.L...t.U...v.j...w.w...y.}...z.....|.....}...............................................................................b.................T...............................................c.................................................................\.....M...................................8............................................................ .....!....s".....".....#.....%.....%.....&.....'.....(.....)....2*.....*.....+.....+.....,.....,.....-....".....P....../...../....40....h0....J1.....2.....2.....2.....3....I4.....4.....4.....5.....6....#7....W7....C8.....9.....9.....9.....:....i;.....;.....<.....=....?>.....?....C?....-@.....@...._A.....A....\B.....C....PC.....C....nD....;E.....E.....F....BG....*H.....H....HI....,J.....J....TK.....K.....L.....M....NN.....N.....O.....P....IQ.....Q.....R.....S.....T.....T....&V....-W.....W....=X....kY....fZ.....[....Y[....J\...."].....].....]....+_....:`.....a

                                                                                                                                                                                                                                                                                                                C:\Users\user\PCAppStore\nwjs\locales\ml.pak.info

                                                                                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\nsr7B99.tmp
                                                                                                                                                                                                                                                                                                                File Type:CSV text
                                                                                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                                                                                Size (bytes):1051021
                                                                                                                                                                                                                                                                                                                Entropy (8bit):5.4211132061857965
                                                                                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                                                                                SSDEEP:12288:SDb4GbP8IrxcFMOCGHo2QZIZ40P7usnnR6yTgkXb2X:dTgkXO
                                                                                                                                                                                                                                                                                                                MD5:82D7AB0FF6C34DB264FD6778818F42B1
                                                                                                                                                                                                                                                                                                                SHA1:EB508BD01721BA67F7DAAD55BA8E7ACDB0A096EB
                                                                                                                                                                                                                                                                                                                SHA-256:E84331E84CD61D8BDACC574D5186FB259C00467513AA3F2090406330F68A45DB
                                                                                                                                                                                                                                                                                                                SHA-512:176458B03CC2B2D3711965CD277531E002AE55D284B6C9178D2353E268F882430235468E5A1E9E45C8427864D109CF30A024A993B4763A75FA2744F6E0A6AE2A
                                                                                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                                                                                Preview:IDS_ACCESS_CODE_CAST_ACCESS_CODE_MESSAGE,1400,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_BACK,1401,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_CAST,1402,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_CONNECT,1403,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_DIALOG_TITLE,1404,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_ENTER_CHARACTER,1405,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_ERROR_ACCESS_CODE,1406,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_ERROR_DIFFERENT_NETWORK,1407,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_ERROR_NETWORK,1408,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_ERROR_PERMISSION,1409,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_ERROR_TOO_MANY_REQUESTS,1410,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_E

                                                                                                                                                                                                                                                                                                                C:\Users\user\PCAppStore\nwjs\locales\mr.pak

                                                                                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\nsr7B99.tmp
                                                                                                                                                                                                                                                                                                                File Type:data
                                                                                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                                                                                Size (bytes):1147816
                                                                                                                                                                                                                                                                                                                Entropy (8bit):4.319695697825778
                                                                                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                                                                                SSDEEP:6144:p+xh0ke1h+Fnhb0paSpgKZmTDAyyLj5QpYGde:p+TUA0paSppZ+Ayyf5QpYGde
                                                                                                                                                                                                                                                                                                                MD5:7862ABEC5008FAC0A8924B65B3058C05
                                                                                                                                                                                                                                                                                                                SHA1:BC6A3F405835E3F3290CB521CA2A9AC85EAECDC4
                                                                                                                                                                                                                                                                                                                SHA-256:44056C45DE472FF1A5037FC24CC2417218CF4FA500B6A7158BD8AA221268B69F
                                                                                                                                                                                                                                                                                                                SHA-512:C91A1DCC08EAECF7F99B37684E02F3F89D18DBAF24B2BF3849CE78965A38E8A995ABBA03C0F8F20420AA15519439F0C662165BAA6A31BFE3CF994AA51F67C8F8
                                                                                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                                                                                Preview:.........%O.e.B...h.F...i.`...j.l...k.{...l.....n.....o.....p.....q.....r.....s.....t.....v.....w.....y.....z.....|.....}.......#.....(.....0.....8.....@.....G.....N.....U.....V.....W.....\.....~.......................c...........Y...................................$.....Q.....'.....x.....~.....{...........4.................".....d.....0...........d.................l...........&.............................%.....(........................ ..... ..... ....."....3#.....#.....$.....%.....&.....'.....'.....(.....).....*....E*.....+.....+.....+....),.....,.....-.....-.....-.........../.....0....f0....N1....$2.....2.....2.....3....G4.....4.....4.....5....G6.....6.....6.....7....Z8.....8.....8....$:....M;.....<....N<.....=.....=.....>..../>.....>....t?.....?.....?.....@....^A.....A.....A....&C....!D.....D....7E....!F.....F....?G.....G.....H.....I....=J....~J.....K.....L....@M....sM.....N....#P.....Q....3Q.....R.....S....1T.....T.....U.....V.....W..../W.....X.....X....)Y....RY....sZ....g[.....[

                                                                                                                                                                                                                                                                                                                C:\Users\user\PCAppStore\nwjs\locales\mr.pak.info

                                                                                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\nsr7B99.tmp
                                                                                                                                                                                                                                                                                                                File Type:CSV text
                                                                                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                                                                                Size (bytes):1051021
                                                                                                                                                                                                                                                                                                                Entropy (8bit):5.4211132061857965
                                                                                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                                                                                SSDEEP:12288:SDb4GbP8IrxcFMOCGHo2QZIZ40P7usnnR6yTgkXb2X:dTgkXO
                                                                                                                                                                                                                                                                                                                MD5:82D7AB0FF6C34DB264FD6778818F42B1
                                                                                                                                                                                                                                                                                                                SHA1:EB508BD01721BA67F7DAAD55BA8E7ACDB0A096EB
                                                                                                                                                                                                                                                                                                                SHA-256:E84331E84CD61D8BDACC574D5186FB259C00467513AA3F2090406330F68A45DB
                                                                                                                                                                                                                                                                                                                SHA-512:176458B03CC2B2D3711965CD277531E002AE55D284B6C9178D2353E268F882430235468E5A1E9E45C8427864D109CF30A024A993B4763A75FA2744F6E0A6AE2A
                                                                                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                                                                                Preview:IDS_ACCESS_CODE_CAST_ACCESS_CODE_MESSAGE,1400,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_BACK,1401,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_CAST,1402,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_CONNECT,1403,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_DIALOG_TITLE,1404,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_ENTER_CHARACTER,1405,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_ERROR_ACCESS_CODE,1406,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_ERROR_DIFFERENT_NETWORK,1407,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_ERROR_NETWORK,1408,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_ERROR_PERMISSION,1409,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_ERROR_TOO_MANY_REQUESTS,1410,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_E

                                                                                                                                                                                                                                                                                                                C:\Users\user\PCAppStore\nwjs\locales\ms.pak

                                                                                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\nsr7B99.tmp
                                                                                                                                                                                                                                                                                                                File Type:data
                                                                                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                                                                                Size (bytes):524044
                                                                                                                                                                                                                                                                                                                Entropy (8bit):5.251286724342732
                                                                                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                                                                                SSDEEP:6144:SgRSValNdUMLjehAr7nQjBx7+27fldjiMIUcGm95AIHxOMVLLEWVHs:SOSmu0jeAnEx7BldPc95n0Mu
                                                                                                                                                                                                                                                                                                                MD5:5EE8AEFF66C42600D73F9CB7D8366CCE
                                                                                                                                                                                                                                                                                                                SHA1:DAB706F52B7F6099286D659EFC24ADBAD9F5A4F2
                                                                                                                                                                                                                                                                                                                SHA-256:A87B9926FBC7C17D884ABE1D8E4B81335476B00FFE76196E38AF8542E2D7881D
                                                                                                                                                                                                                                                                                                                SHA-512:96145B505C3726878162EF4AE328F08888F1CBCF3C3D8AADFCE4E72398651D1B120C4D219176E107F99BD682D968D3C8F02AA8BF600007033AAC07064127A8EA
                                                                                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                                                                                Preview:........S&..e.....h.....i.....j.....k.....l.....n.&...o.+...p.8...q.>...r.J...s.[...t.d...v.y...w.....y.....z.....|.....}.....................................................................................5.....L...........S.................'.......................;.......................m.................0.............................}.........................................*.................^.....v.................C.....L.................".....-.................&.....7...........(.....{.......................9.....K.............................i.......................O.......................\.......................U.......................E.......................5.......................C.......................f.......................N.......................).....u.......................^.......................>.....V.....b...........#.....T.....c...........0.....q............ ..... ..... ..... ....S!.....!.....!....."....k"....."....."....."....G#.....#.....#.....#.....$....o$.....$

                                                                                                                                                                                                                                                                                                                C:\Users\user\PCAppStore\nwjs\locales\ms.pak.info

                                                                                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\nsr7B99.tmp
                                                                                                                                                                                                                                                                                                                File Type:CSV text
                                                                                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                                                                                Size (bytes):1051021
                                                                                                                                                                                                                                                                                                                Entropy (8bit):5.4211132061857965
                                                                                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                                                                                SSDEEP:12288:SDb4GbP8IrxcFMOCGHo2QZIZ40P7usnnR6yTgkXb2X:dTgkXO
                                                                                                                                                                                                                                                                                                                MD5:82D7AB0FF6C34DB264FD6778818F42B1
                                                                                                                                                                                                                                                                                                                SHA1:EB508BD01721BA67F7DAAD55BA8E7ACDB0A096EB
                                                                                                                                                                                                                                                                                                                SHA-256:E84331E84CD61D8BDACC574D5186FB259C00467513AA3F2090406330F68A45DB
                                                                                                                                                                                                                                                                                                                SHA-512:176458B03CC2B2D3711965CD277531E002AE55D284B6C9178D2353E268F882430235468E5A1E9E45C8427864D109CF30A024A993B4763A75FA2744F6E0A6AE2A
                                                                                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                                                                                Preview:IDS_ACCESS_CODE_CAST_ACCESS_CODE_MESSAGE,1400,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_BACK,1401,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_CAST,1402,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_CONNECT,1403,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_DIALOG_TITLE,1404,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_ENTER_CHARACTER,1405,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_ERROR_ACCESS_CODE,1406,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_ERROR_DIFFERENT_NETWORK,1407,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_ERROR_NETWORK,1408,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_ERROR_PERMISSION,1409,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_ERROR_TOO_MANY_REQUESTS,1410,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_E

                                                                                                                                                                                                                                                                                                                C:\Users\user\PCAppStore\nwjs\locales\nb.pak

                                                                                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\nsr7B99.tmp
                                                                                                                                                                                                                                                                                                                File Type:data
                                                                                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                                                                                Size (bytes):508553
                                                                                                                                                                                                                                                                                                                Entropy (8bit):5.428763068409714
                                                                                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                                                                                SSDEEP:12288:h63MVtpURb8w5Op7fQ9S8GNxRV5/n4FJFEWt:h63MVXUa65GNxRV5f4jFP
                                                                                                                                                                                                                                                                                                                MD5:40B668B73BBF3575D009F3D528D388E5
                                                                                                                                                                                                                                                                                                                SHA1:E7186E4796216615F388C8A8058D898C4913F2FD
                                                                                                                                                                                                                                                                                                                SHA-256:8813FA272B1A12042C75B97848605C8DA7D306AC7AAA4F231D41EE98D9E70538
                                                                                                                                                                                                                                                                                                                SHA-512:8858E78493FBDBE1B2B99BCE75DAAC585F40EEA2612D80D82850F7957F0EF69C3A1F3DC7C011427CB1E64CD667031DEBD3B3D160BB9C2146224377A99B74798A
                                                                                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                                                                                Preview:........*&#.e.....h.....i.....j.....k.....l.....n.....o.....p.....q.....r.....s.....t.!...v.6...w.C...y.I...z.X...|.^...}.p.....x.....}...............................................................................................}.................[.................3.................!......................./.............................v.......................w.................&.................H.....k...........x.................R...................................S.....m.............................L.............................m.......................P.....u.................L.......................X.......................^.......................S.....|.................J.....x.................p.................&.....~.......................b.......................G.....i.....{...........h.................9.......................? ..... ..... ..... ....T!.....!.....!.....!....b".....".....#.....#.....#....+$....u$.....$.....%....f%.....%.....%.....%....A&....^&....l&.....&....6'....e'

                                                                                                                                                                                                                                                                                                                C:\Users\user\PCAppStore\nwjs\locales\nb.pak.info

                                                                                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\nsr7B99.tmp
                                                                                                                                                                                                                                                                                                                File Type:CSV text
                                                                                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                                                                                Size (bytes):1051021
                                                                                                                                                                                                                                                                                                                Entropy (8bit):5.4211132061857965
                                                                                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                                                                                SSDEEP:12288:SDb4GbP8IrxcFMOCGHo2QZIZ40P7usnnR6yTgkXb2X:dTgkXO
                                                                                                                                                                                                                                                                                                                MD5:82D7AB0FF6C34DB264FD6778818F42B1
                                                                                                                                                                                                                                                                                                                SHA1:EB508BD01721BA67F7DAAD55BA8E7ACDB0A096EB
                                                                                                                                                                                                                                                                                                                SHA-256:E84331E84CD61D8BDACC574D5186FB259C00467513AA3F2090406330F68A45DB
                                                                                                                                                                                                                                                                                                                SHA-512:176458B03CC2B2D3711965CD277531E002AE55D284B6C9178D2353E268F882430235468E5A1E9E45C8427864D109CF30A024A993B4763A75FA2744F6E0A6AE2A
                                                                                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                                                                                Preview:IDS_ACCESS_CODE_CAST_ACCESS_CODE_MESSAGE,1400,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_BACK,1401,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_CAST,1402,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_CONNECT,1403,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_DIALOG_TITLE,1404,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_ENTER_CHARACTER,1405,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_ERROR_ACCESS_CODE,1406,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_ERROR_DIFFERENT_NETWORK,1407,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_ERROR_NETWORK,1408,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_ERROR_PERMISSION,1409,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_ERROR_TOO_MANY_REQUESTS,1410,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_E

                                                                                                                                                                                                                                                                                                                C:\Users\user\PCAppStore\nwjs\locales\nl.pak

                                                                                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\nsr7B99.tmp
                                                                                                                                                                                                                                                                                                                File Type:data
                                                                                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                                                                                Size (bytes):525362
                                                                                                                                                                                                                                                                                                                Entropy (8bit):5.366124885898627
                                                                                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                                                                                SSDEEP:12288:TZpCbai+lbWusvbgQ5Pax5ttonxEGp7KY8OTy:3Cmi+lbWusB5Pax5tenxEGp7KYH2
                                                                                                                                                                                                                                                                                                                MD5:6E38F51EBC9B4AF616C984ACFEF7323E
                                                                                                                                                                                                                                                                                                                SHA1:1D871E09B051CDF1429FBB68FC43B7631DAD9438
                                                                                                                                                                                                                                                                                                                SHA-256:E3ED1D14209965FACA5AC6A2B4026A4A28D21F5096E0C44943E731279190D540
                                                                                                                                                                                                                                                                                                                SHA-512:4124F5ED6E9AC7701837AAE5458DB96DF8303FFF05ECBAB40D938CF0FDE3C5F2F696D07F0BE2227040A14336D2701F8A76342550419630F51C073070DC705492
                                                                                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                                                                                Preview:.........&3.e.z...h.~...i.....j.....k.....l.....n.....o.....p.....q.....r.....s.....t.....v.....w.....y.#...z.2...|.8...}.J.....R.....W....._.....g.....o.....v.....}.....................................................U.................4.................@.....T...........;.......................c.......................[.......................?.....g.....u...........M.......................}.................4.......................=......................._.................(.................g.......................C.....W.......................$.....y.......................h.......................j.......................O.......................,.............................v.................,.......................N.......................?.......................".....x.................&.......................B.......................$.......................C.......................z ..... ....P!....a!.....!....O"....."....."....##.....#.....#.....#.....$....j$.....$.....$.....%....`%.....%

                                                                                                                                                                                                                                                                                                                C:\Users\user\PCAppStore\nwjs\locales\nl.pak.info

                                                                                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\nsr7B99.tmp
                                                                                                                                                                                                                                                                                                                File Type:CSV text
                                                                                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                                                                                Size (bytes):1051021
                                                                                                                                                                                                                                                                                                                Entropy (8bit):5.4211132061857965
                                                                                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                                                                                SSDEEP:12288:SDb4GbP8IrxcFMOCGHo2QZIZ40P7usnnR6yTgkXb2X:dTgkXO
                                                                                                                                                                                                                                                                                                                MD5:82D7AB0FF6C34DB264FD6778818F42B1
                                                                                                                                                                                                                                                                                                                SHA1:EB508BD01721BA67F7DAAD55BA8E7ACDB0A096EB
                                                                                                                                                                                                                                                                                                                SHA-256:E84331E84CD61D8BDACC574D5186FB259C00467513AA3F2090406330F68A45DB
                                                                                                                                                                                                                                                                                                                SHA-512:176458B03CC2B2D3711965CD277531E002AE55D284B6C9178D2353E268F882430235468E5A1E9E45C8427864D109CF30A024A993B4763A75FA2744F6E0A6AE2A
                                                                                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                                                                                Preview:IDS_ACCESS_CODE_CAST_ACCESS_CODE_MESSAGE,1400,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_BACK,1401,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_CAST,1402,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_CONNECT,1403,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_DIALOG_TITLE,1404,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_ENTER_CHARACTER,1405,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_ERROR_ACCESS_CODE,1406,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_ERROR_DIFFERENT_NETWORK,1407,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_ERROR_NETWORK,1408,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_ERROR_PERMISSION,1409,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_ERROR_TOO_MANY_REQUESTS,1410,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_E

                                                                                                                                                                                                                                                                                                                C:\Users\user\PCAppStore\nwjs\locales\pl.pak

                                                                                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\nsr7B99.tmp
                                                                                                                                                                                                                                                                                                                File Type:data
                                                                                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                                                                                Size (bytes):587942
                                                                                                                                                                                                                                                                                                                Entropy (8bit):5.759897632158159
                                                                                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                                                                                SSDEEP:12288:l2o5czDWoOB/kbwvGfQfR6HAEbFVP+CUdCe3mUUFMAmW1Qh4Mh5vJ14scsy:woGYabMe1Qhz5cR
                                                                                                                                                                                                                                                                                                                MD5:2D6468A89698A05B8522F679825572D3
                                                                                                                                                                                                                                                                                                                SHA1:52EC81BC896051ED8A865B44C58F82EABA6B89B9
                                                                                                                                                                                                                                                                                                                SHA-256:477E505459C80A8477FA6EF1B8A0FAF16C5E450B69CF922C37BBE020A088E695
                                                                                                                                                                                                                                                                                                                SHA-512:59A95F05D071C739D4DC1456B856D0283AD3D99AC35EC300EC38E76AB236BA6D6E83598D0823D46C07D62EE0457F2958C682F4EFA3EADB824A254F48387EC538
                                                                                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                                                                                Preview:......../&..e.....h.....i.....j.....k.....l.....n.....o.....p.....q.....r.....s.....t.#...v.8...w.E...y.K...z.Z...|.`...}.r.....z...............................................................................................(.......................{.................Z...........$.....B.................F.....\.................=.....Q.................P.....b...........9.....o...................................h.......................~.................&...........#.....n...................................w.......................7.............................I.....j.....x...........A.....z.................I.....|.................C.....t................./.....[.....k...........'.....[.....l...........V.......................U.....r.................2.....S.....y...........(.....i.....~...........P.................#.....i.................. ....Q ....w ..... .....!....p!.....!.....!....R".....".....#....,#.....#...."$....e$.....$.....$....J%....w%.....%.....%.....&....7&....F&.....&.....'....\'

                                                                                                                                                                                                                                                                                                                C:\Users\user\PCAppStore\nwjs\locales\pl.pak.info

                                                                                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\nsr7B99.tmp
                                                                                                                                                                                                                                                                                                                File Type:CSV text
                                                                                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                                                                                Size (bytes):1051021
                                                                                                                                                                                                                                                                                                                Entropy (8bit):5.4211132061857965
                                                                                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                                                                                SSDEEP:12288:SDb4GbP8IrxcFMOCGHo2QZIZ40P7usnnR6yTgkXb2X:dTgkXO
                                                                                                                                                                                                                                                                                                                MD5:82D7AB0FF6C34DB264FD6778818F42B1
                                                                                                                                                                                                                                                                                                                SHA1:EB508BD01721BA67F7DAAD55BA8E7ACDB0A096EB
                                                                                                                                                                                                                                                                                                                SHA-256:E84331E84CD61D8BDACC574D5186FB259C00467513AA3F2090406330F68A45DB
                                                                                                                                                                                                                                                                                                                SHA-512:176458B03CC2B2D3711965CD277531E002AE55D284B6C9178D2353E268F882430235468E5A1E9E45C8427864D109CF30A024A993B4763A75FA2744F6E0A6AE2A
                                                                                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                                                                                Preview:IDS_ACCESS_CODE_CAST_ACCESS_CODE_MESSAGE,1400,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_BACK,1401,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_CAST,1402,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_CONNECT,1403,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_DIALOG_TITLE,1404,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_ENTER_CHARACTER,1405,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_ERROR_ACCESS_CODE,1406,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_ERROR_DIFFERENT_NETWORK,1407,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_ERROR_NETWORK,1408,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_ERROR_PERMISSION,1409,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_ERROR_TOO_MANY_REQUESTS,1410,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_E

                                                                                                                                                                                                                                                                                                                C:\Users\user\PCAppStore\nwjs\locales\pt-BR.pak

                                                                                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\nsr7B99.tmp
                                                                                                                                                                                                                                                                                                                File Type:data
                                                                                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                                                                                Size (bytes):551569
                                                                                                                                                                                                                                                                                                                Entropy (8bit):5.417670979179483
                                                                                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                                                                                SSDEEP:6144:fl4UKe4ouC2NBXBL1WkoyVH5gcJBM90sRaY5K/:WzeRf+5TJ/sR15G
                                                                                                                                                                                                                                                                                                                MD5:FBD585195E35E49C60A9190FBF815E86
                                                                                                                                                                                                                                                                                                                SHA1:F88FE564784D0441A304A4B126DE27FB2B0412EE
                                                                                                                                                                                                                                                                                                                SHA-256:ED647E78BC3E89A6322A7198DD1875034AC3CDA355BA6837EA0D4686D56712CD
                                                                                                                                                                                                                                                                                                                SHA-512:22596E824D2226C8E0773F323FDDCB1A0C7523EE2077C38205EDB5B11EF15DE3C5768B8C598A781BDC49BE91C3B1B22BA92C3DA5E0BE6ACB5DF42670487E68E0
                                                                                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                                                                                Preview:........2&..e.....h.....i.....j.....k.....l.....n.....o.....p.....q.....r.....s."...t.+...v.@...w.M...y.S...z.b...|.h...}.z.....................................................................................................).......................m.................I...........5.....R.................Q.....f.................6.....F.................%.....>...........2.....x...................................x...........$.....5.................:.....N...........<.................4.................$.....s.......................S.......................Q.......................T.......................W.......................9.............................g.......................\.................).......................^.......................-.....y.................P.....{...........$.................$.....p.................. ....T ....{ ..... .....!....^!.....!.....!....H".....".....#....2#.....#....3$....}$.....$.....%....Z%.....%.....%.....%....2&....X&....m&.....&....E'.....'.....'.....(

                                                                                                                                                                                                                                                                                                                C:\Users\user\PCAppStore\nwjs\locales\pt-BR.pak.info

                                                                                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\nsr7B99.tmp
                                                                                                                                                                                                                                                                                                                File Type:CSV text
                                                                                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                                                                                Size (bytes):1051021
                                                                                                                                                                                                                                                                                                                Entropy (8bit):5.4211132061857965
                                                                                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                                                                                SSDEEP:12288:SDb4GbP8IrxcFMOCGHo2QZIZ40P7usnnR6yTgkXb2X:dTgkXO
                                                                                                                                                                                                                                                                                                                MD5:82D7AB0FF6C34DB264FD6778818F42B1
                                                                                                                                                                                                                                                                                                                SHA1:EB508BD01721BA67F7DAAD55BA8E7ACDB0A096EB
                                                                                                                                                                                                                                                                                                                SHA-256:E84331E84CD61D8BDACC574D5186FB259C00467513AA3F2090406330F68A45DB
                                                                                                                                                                                                                                                                                                                SHA-512:176458B03CC2B2D3711965CD277531E002AE55D284B6C9178D2353E268F882430235468E5A1E9E45C8427864D109CF30A024A993B4763A75FA2744F6E0A6AE2A
                                                                                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                                                                                Preview:IDS_ACCESS_CODE_CAST_ACCESS_CODE_MESSAGE,1400,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_BACK,1401,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_CAST,1402,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_CONNECT,1403,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_DIALOG_TITLE,1404,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_ENTER_CHARACTER,1405,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_ERROR_ACCESS_CODE,1406,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_ERROR_DIFFERENT_NETWORK,1407,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_ERROR_NETWORK,1408,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_ERROR_PERMISSION,1409,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_ERROR_TOO_MANY_REQUESTS,1410,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_E

                                                                                                                                                                                                                                                                                                                C:\Users\user\PCAppStore\nwjs\locales\pt-PT.pak

                                                                                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\nsr7B99.tmp
                                                                                                                                                                                                                                                                                                                File Type:data
                                                                                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                                                                                Size (bytes):555353
                                                                                                                                                                                                                                                                                                                Entropy (8bit):5.392038775374042
                                                                                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                                                                                SSDEEP:6144:B2lInvsb1Nq9rX7YZieJVJJxhQ3shYfVh85IKlbSRDF:EAvsb3qdXj85IK1SRB
                                                                                                                                                                                                                                                                                                                MD5:C64146716C2A401FEC538E4C79785144
                                                                                                                                                                                                                                                                                                                SHA1:3C5D0B45225A39A65C0345E5C98A4E539D807FE1
                                                                                                                                                                                                                                                                                                                SHA-256:904189CAAEF1E278EE31432F8995BFC150975250FA355683E1CEF1B5C79D3BF3
                                                                                                                                                                                                                                                                                                                SHA-512:CE8336F4C83E47779169B3F875D8910F7C30CF7BCA2CF77C398C37E32FDC8C01A43B5EF74CFD03C3ABE8E3979454EBB1396CEA7449640025423D2B1F565A5C0C
                                                                                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                                                                                Preview:........I&..e.....h.....i.....j.....k.....l.....n.....o. ...p.-...q.3...r.?...s.P...t.Y...v.n...w.{...y.....z.....|.....}.....................................................................................".....4...........H.................&.......................u...........U.....p...........[.......................f.......................G.....t.................t.................Z.................2.................K.....X.................W.....g...........9.........................................e.......................P.......................H.......................X.......................`.......................K.......................$.....z.......................h.........................................H....................... .....`.....z.................O.....|.................o.................>........................ ....o ..... ..... ....*!....{!.....!.....!....i"....."....D#....\#.....#....L$.....$.....$....1%.....%.....%.....%....@&.....&.....&.....&....3'.....'.....'

                                                                                                                                                                                                                                                                                                                C:\Users\user\PCAppStore\nwjs\locales\pt-PT.pak.info

                                                                                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\nsr7B99.tmp
                                                                                                                                                                                                                                                                                                                File Type:CSV text
                                                                                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                                                                                Size (bytes):1051021
                                                                                                                                                                                                                                                                                                                Entropy (8bit):5.4211132061857965
                                                                                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                                                                                SSDEEP:12288:SDb4GbP8IrxcFMOCGHo2QZIZ40P7usnnR6yTgkXb2X:dTgkXO
                                                                                                                                                                                                                                                                                                                MD5:82D7AB0FF6C34DB264FD6778818F42B1
                                                                                                                                                                                                                                                                                                                SHA1:EB508BD01721BA67F7DAAD55BA8E7ACDB0A096EB
                                                                                                                                                                                                                                                                                                                SHA-256:E84331E84CD61D8BDACC574D5186FB259C00467513AA3F2090406330F68A45DB
                                                                                                                                                                                                                                                                                                                SHA-512:176458B03CC2B2D3711965CD277531E002AE55D284B6C9178D2353E268F882430235468E5A1E9E45C8427864D109CF30A024A993B4763A75FA2744F6E0A6AE2A
                                                                                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                                                                                Preview:IDS_ACCESS_CODE_CAST_ACCESS_CODE_MESSAGE,1400,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_BACK,1401,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_CAST,1402,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_CONNECT,1403,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_DIALOG_TITLE,1404,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_ENTER_CHARACTER,1405,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_ERROR_ACCESS_CODE,1406,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_ERROR_DIFFERENT_NETWORK,1407,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_ERROR_NETWORK,1408,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_ERROR_PERMISSION,1409,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_ERROR_TOO_MANY_REQUESTS,1410,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_E

                                                                                                                                                                                                                                                                                                                C:\Users\user\PCAppStore\nwjs\locales\ro.pak

                                                                                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\nsr7B99.tmp
                                                                                                                                                                                                                                                                                                                File Type:data
                                                                                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                                                                                Size (bytes):574388
                                                                                                                                                                                                                                                                                                                Entropy (8bit):5.451836104471441
                                                                                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                                                                                SSDEEP:6144:NTIexSy0/AfWKXEjvyJe/FoMxOINkjK0yGZq5BZyo2cs2V/qE53:NTIeTOKXEuJUFoyO/u0zq5BAor/d3
                                                                                                                                                                                                                                                                                                                MD5:C613CAB2C2D6AC5B88E21FCB65671F19
                                                                                                                                                                                                                                                                                                                SHA1:291D545427FEAF8DA9DD75679ADA1BB70C66EB47
                                                                                                                                                                                                                                                                                                                SHA-256:8EDD01CC74EB965CFA4CB35249097D114F554B8D80883D7C7E335A857F33A810
                                                                                                                                                                                                                                                                                                                SHA-512:1E826936C1636F7D5DA9870DD362984E2DEDB8F3BFFE3F64D8615BC955F4A1C2E988E7FB60387743949C200DF073FBB7B27DC3B6A66BA9D7950571CA2DD2FE57
                                                                                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                                                                                Preview:.........&..e.....h.....i.....j.....k.....l.....n.....o.....p.....q.....r.....s.....t.!...v.6...w.C...y.I...z.X...|.^...}.p.....x.....}...................................................................................{...........Y.....s...........4.....m...................................y...........$.....C.......................%.....|...................................".....S...........A.........................................P.......................g.................#...........3.......................U.....s.................&.....K....._.................$.....4.......................4.......................+.............................Y.......................8.......................S.................5.............................W.......................V.......................q.................\.......................$............ ....; ....V ..... .....!....Z!....o!.....!....l"....."....."....a#.....#.....$....7$.....$.....%....F%....^%.....%.....%.... &....6&.....&.....'....s'

                                                                                                                                                                                                                                                                                                                C:\Users\user\PCAppStore\nwjs\locales\ro.pak.info

                                                                                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\nsr7B99.tmp
                                                                                                                                                                                                                                                                                                                File Type:CSV text
                                                                                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                                                                                Size (bytes):1051021
                                                                                                                                                                                                                                                                                                                Entropy (8bit):5.4211132061857965
                                                                                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                                                                                SSDEEP:12288:SDb4GbP8IrxcFMOCGHo2QZIZ40P7usnnR6yTgkXb2X:dTgkXO
                                                                                                                                                                                                                                                                                                                MD5:82D7AB0FF6C34DB264FD6778818F42B1
                                                                                                                                                                                                                                                                                                                SHA1:EB508BD01721BA67F7DAAD55BA8E7ACDB0A096EB
                                                                                                                                                                                                                                                                                                                SHA-256:E84331E84CD61D8BDACC574D5186FB259C00467513AA3F2090406330F68A45DB
                                                                                                                                                                                                                                                                                                                SHA-512:176458B03CC2B2D3711965CD277531E002AE55D284B6C9178D2353E268F882430235468E5A1E9E45C8427864D109CF30A024A993B4763A75FA2744F6E0A6AE2A
                                                                                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                                                                                Preview:IDS_ACCESS_CODE_CAST_ACCESS_CODE_MESSAGE,1400,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_BACK,1401,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_CAST,1402,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_CONNECT,1403,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_DIALOG_TITLE,1404,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_ENTER_CHARACTER,1405,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_ERROR_ACCESS_CODE,1406,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_ERROR_DIFFERENT_NETWORK,1407,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_ERROR_NETWORK,1408,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_ERROR_PERMISSION,1409,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_ERROR_TOO_MANY_REQUESTS,1410,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_E

                                                                                                                                                                                                                                                                                                                C:\Users\user\PCAppStore\nwjs\locales\ru.pak

                                                                                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\nsr7B99.tmp
                                                                                                                                                                                                                                                                                                                File Type:data
                                                                                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                                                                                Size (bytes):941599
                                                                                                                                                                                                                                                                                                                Entropy (8bit):4.851052751447414
                                                                                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                                                                                SSDEEP:12288:tqeL4fQjRo4Y+5NMx/K69zJ9ZFdAal2a4qSGsN9z/0TYH8eXN2hVO3j/tSbzvMBS:tKgk5b6tS
                                                                                                                                                                                                                                                                                                                MD5:36D9CBBB31930EB5B78378EC63751BE6
                                                                                                                                                                                                                                                                                                                SHA1:5D123C38941CC4E59570254909291B29970F0CE1
                                                                                                                                                                                                                                                                                                                SHA-256:DE90BA6507DC032C853FC61BDBF9218A29FF70379B571B1F4F3D7A28C3902479
                                                                                                                                                                                                                                                                                                                SHA-512:EACCC7FBDF3E9D9C9EB1A602C1BF17C8BAFC920EBD058C4D2C496B95BB1B3FABCDFC87D1747BFD8CD404DE75C887038A99717BE7960BC808B632039EC9F80A06
                                                                                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                                                                                Preview:.........%..e.H...h.L...i.]...j.i...k.x...l.....n.....o.....p.....q.....r.....s.....t.....v.....w.....y.....z.....|.....}....... .....%.....-.....5.....=.....D.....K.....R.....S.....T.....V.....s.............................P.......................2.......................c.......................!.....f...........O...........W.....z...........,.....p...........;...........-.....i.....\.............................,.....~...........Z...........;.....`.................B.....o.....s.....m...........<...........O.....|...........=.......................~.................9...........>.....w...........B............ ....A ..... ....D!.....!.....!....."....."....."....."....a#.....#.....$.... $....2%.....%....~&.....&....3'.....'.....'.....'....s(.....(.....(.....).....)....+*.....*.....*.....+....M,.....,.....-.....-.....-....%.....7...........f/...../...../.....0.....1.....1.....1.....2....A3.....3.....3.....4.....5....:6.....6....87.....7.....7.....8.....8.....9....E9....^9....6:.....:....S;

                                                                                                                                                                                                                                                                                                                C:\Users\user\PCAppStore\nwjs\locales\ru.pak.info

                                                                                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\nsr7B99.tmp
                                                                                                                                                                                                                                                                                                                File Type:CSV text
                                                                                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                                                                                Size (bytes):1051021
                                                                                                                                                                                                                                                                                                                Entropy (8bit):5.4211132061857965
                                                                                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                                                                                SSDEEP:12288:SDb4GbP8IrxcFMOCGHo2QZIZ40P7usnnR6yTgkXb2X:dTgkXO
                                                                                                                                                                                                                                                                                                                MD5:82D7AB0FF6C34DB264FD6778818F42B1
                                                                                                                                                                                                                                                                                                                SHA1:EB508BD01721BA67F7DAAD55BA8E7ACDB0A096EB
                                                                                                                                                                                                                                                                                                                SHA-256:E84331E84CD61D8BDACC574D5186FB259C00467513AA3F2090406330F68A45DB
                                                                                                                                                                                                                                                                                                                SHA-512:176458B03CC2B2D3711965CD277531E002AE55D284B6C9178D2353E268F882430235468E5A1E9E45C8427864D109CF30A024A993B4763A75FA2744F6E0A6AE2A
                                                                                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                                                                                Preview:IDS_ACCESS_CODE_CAST_ACCESS_CODE_MESSAGE,1400,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_BACK,1401,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_CAST,1402,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_CONNECT,1403,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_DIALOG_TITLE,1404,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_ENTER_CHARACTER,1405,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_ERROR_ACCESS_CODE,1406,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_ERROR_DIFFERENT_NETWORK,1407,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_ERROR_NETWORK,1408,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_ERROR_PERMISSION,1409,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_ERROR_TOO_MANY_REQUESTS,1410,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_E

                                                                                                                                                                                                                                                                                                                C:\Users\user\PCAppStore\nwjs\locales\sk.pak

                                                                                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\nsr7B99.tmp
                                                                                                                                                                                                                                                                                                                File Type:data
                                                                                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                                                                                Size (bytes):592404
                                                                                                                                                                                                                                                                                                                Entropy (8bit):5.807054231111397
                                                                                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                                                                                SSDEEP:12288:phWgwEC/qsIkBr7iIip+RC5y+dbLxrQzLPxt9eH:zWR/qsx7iCC5NLaBtEH
                                                                                                                                                                                                                                                                                                                MD5:59822645439846B0A211C8566E7CF90E
                                                                                                                                                                                                                                                                                                                SHA1:F4EDAE1B34DF718FD72EBEBD6DC9E36CFEF95584
                                                                                                                                                                                                                                                                                                                SHA-256:60319C30E94770472017E83ED0309A8F134F0D60E38261F53517EA23E9658C09
                                                                                                                                                                                                                                                                                                                SHA-512:E2A7295BBFD5E721C765F90FAE0AD1420902A916E837E1B0BD564BB9EB553908EADEA58739F21D75C9F38CD3D1E821DCF14545884462FAA3F70617AFC764B84A
                                                                                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                                                                                Preview:........2&..e.....h.....i.....j.....k.....l.....n.....o.....p.....q.....r.....s.%...t.....v.C...w.P...y.V...z.e...|.k...}.}.....................................................................................................S.................W.............................&.....u.................`......................................... .....z.................6...................................Q.....t...........k.................1.......................u.........../.....F...........k.................9.....................................................|.........................................S.......................h.......................y...........'.....:.................F.....Y...........s.................(.....v.......................Z.....v.................U.................- ..... ..... .....!....o!.....!.....!.....!....s".....".....".....#.....#.....#....@$....Z$.....$.....%.....%.....&.....&.....&....8'....Y'.....'....*(....Y(....m(.....(.....)....>)....R).....)....I*.....*

                                                                                                                                                                                                                                                                                                                C:\Users\user\PCAppStore\nwjs\locales\sk.pak.info

                                                                                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\nsr7B99.tmp
                                                                                                                                                                                                                                                                                                                File Type:CSV text
                                                                                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                                                                                Size (bytes):1051021
                                                                                                                                                                                                                                                                                                                Entropy (8bit):5.4211132061857965
                                                                                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                                                                                SSDEEP:12288:SDb4GbP8IrxcFMOCGHo2QZIZ40P7usnnR6yTgkXb2X:dTgkXO
                                                                                                                                                                                                                                                                                                                MD5:82D7AB0FF6C34DB264FD6778818F42B1
                                                                                                                                                                                                                                                                                                                SHA1:EB508BD01721BA67F7DAAD55BA8E7ACDB0A096EB
                                                                                                                                                                                                                                                                                                                SHA-256:E84331E84CD61D8BDACC574D5186FB259C00467513AA3F2090406330F68A45DB
                                                                                                                                                                                                                                                                                                                SHA-512:176458B03CC2B2D3711965CD277531E002AE55D284B6C9178D2353E268F882430235468E5A1E9E45C8427864D109CF30A024A993B4763A75FA2744F6E0A6AE2A
                                                                                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                                                                                Preview:IDS_ACCESS_CODE_CAST_ACCESS_CODE_MESSAGE,1400,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_BACK,1401,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_CAST,1402,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_CONNECT,1403,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_DIALOG_TITLE,1404,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_ENTER_CHARACTER,1405,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_ERROR_ACCESS_CODE,1406,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_ERROR_DIFFERENT_NETWORK,1407,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_ERROR_NETWORK,1408,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_ERROR_PERMISSION,1409,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_ERROR_TOO_MANY_REQUESTS,1410,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_E

                                                                                                                                                                                                                                                                                                                C:\Users\user\PCAppStore\nwjs\locales\sl.pak

                                                                                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\nsr7B99.tmp
                                                                                                                                                                                                                                                                                                                File Type:data
                                                                                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                                                                                Size (bytes):568760
                                                                                                                                                                                                                                                                                                                Entropy (8bit):5.4785168337779435
                                                                                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                                                                                SSDEEP:12288:1Hr7a+NC5qB2r+JpEE5U8c2JHvbxi/fz8lqc:1L+UC5fyEE5U8cAi/fz87
                                                                                                                                                                                                                                                                                                                MD5:970F310ACBAFA4A29E0CFA5C979DF397
                                                                                                                                                                                                                                                                                                                SHA1:B1C20EEFC61785C3CBAF7D6D3B5FD2B144CC1EF5
                                                                                                                                                                                                                                                                                                                SHA-256:B4EFD0CE0957A00E2E617A3E595B471ADFDFBDEE333C14BA41B8DC8BB5653324
                                                                                                                                                                                                                                                                                                                SHA-512:D1DF03814C42819F94A7CF3FA54D699AC8A844C69303CEAED97BA3D3512406161F011120395904B473EACA29D8959B9A14C85D90A880508611E80A46B9D97575
                                                                                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                                                                                Preview:.........&3.e.z...h.~...i.....j.....k.....l.....n.....o.....p.....q.....r.....s.....t.....v.....w.....y.!...z.0...|.6...}.H.....P.....U.....].....e.....m.....t.....{.....................................................[...........=.....V...........,.....].....n...........z.................N.......................S.......................E.......................W...................................B.....c...........A.....{.................e.................1...................................l.................A.....X.....p...........".....E.....U.................:.....M...........0.....l.................G.....z.................q.................&.......................'.......................6.......................Z.......................B.......................9.......................`.................3.................. ..... ..... ..... .... !....4!.....!....."....D"....\".....#.....#.....$....1$.....$....f%.....%.....%....e&.....&.....&.....'....a'.....'.....'.....'....S(.....(.....(

                                                                                                                                                                                                                                                                                                                C:\Users\user\PCAppStore\nwjs\locales\sl.pak.info

                                                                                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\nsr7B99.tmp
                                                                                                                                                                                                                                                                                                                File Type:CSV text
                                                                                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                                                                                Size (bytes):1051021
                                                                                                                                                                                                                                                                                                                Entropy (8bit):5.4211132061857965
                                                                                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                                                                                SSDEEP:12288:SDb4GbP8IrxcFMOCGHo2QZIZ40P7usnnR6yTgkXb2X:dTgkXO
                                                                                                                                                                                                                                                                                                                MD5:82D7AB0FF6C34DB264FD6778818F42B1
                                                                                                                                                                                                                                                                                                                SHA1:EB508BD01721BA67F7DAAD55BA8E7ACDB0A096EB
                                                                                                                                                                                                                                                                                                                SHA-256:E84331E84CD61D8BDACC574D5186FB259C00467513AA3F2090406330F68A45DB
                                                                                                                                                                                                                                                                                                                SHA-512:176458B03CC2B2D3711965CD277531E002AE55D284B6C9178D2353E268F882430235468E5A1E9E45C8427864D109CF30A024A993B4763A75FA2744F6E0A6AE2A
                                                                                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                                                                                Preview:IDS_ACCESS_CODE_CAST_ACCESS_CODE_MESSAGE,1400,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_BACK,1401,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_CAST,1402,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_CONNECT,1403,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_DIALOG_TITLE,1404,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_ENTER_CHARACTER,1405,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_ERROR_ACCESS_CODE,1406,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_ERROR_DIFFERENT_NETWORK,1407,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_ERROR_NETWORK,1408,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_ERROR_PERMISSION,1409,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_ERROR_TOO_MANY_REQUESTS,1410,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_E

                                                                                                                                                                                                                                                                                                                C:\Users\user\PCAppStore\nwjs\locales\sr.pak

                                                                                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\nsr7B99.tmp
                                                                                                                                                                                                                                                                                                                File Type:data
                                                                                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                                                                                Size (bytes):872667
                                                                                                                                                                                                                                                                                                                Entropy (8bit):4.788135484665425
                                                                                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                                                                                SSDEEP:12288:i5s/IU2p79qWYZAYI8dlSDdrPuzQhrUPb7FW5fZPT0xT7xH47L37SjeUM/k/3:IsZhYIlW5exxB
                                                                                                                                                                                                                                                                                                                MD5:5E439D9D281D90569CD4AA231FC8B287
                                                                                                                                                                                                                                                                                                                SHA1:AA8D4E28770F430DD7F93E2B9879748A97C74FB0
                                                                                                                                                                                                                                                                                                                SHA-256:9082215832960416F3E6B43D2F76869A8632506BFE3A806A1B46C858B1370806
                                                                                                                                                                                                                                                                                                                SHA-512:C9491A35C082B1BB7C08B732D6F07DBFFA5BB955988141D3C56D3F482D9FA74763EB196AA7F37445808163AB790A0B23091C06F81EBACB94BD164DC72B01A71C
                                                                                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                                                                                Preview:........<&..e.....h.....i.....j.....k.....l.....n.....o.....p.....q.....r.%...s.6...t.?...v.T...w.a...y.g...z.v...|.|...}.....................................................................................>.....s.....`.............................:.............................#.....W.................H.....}.....$.............................!.....h...........Q...........@.....{.....{.....9.......................a.......................A.......................e.................$.......................j.................3...........8.....r...........! ..... ..... ..... .....!....J"....."....."....}#.....$....R$....s$.....%.....%.....%.....%.....&.....'....Q'....r'.....(.....(.....(.....).....).....*.....+....3+.....+....9,....q,.....,....8-.....-.....-................Z/...../...../.....0....#1.....1.....1....z2.....2.....3....L3.....4.....4.....4.....5.....5....{6.....6....-7.....8.....8.....9.....9.....:....5;.....;.....;.....<....4=.....=.....=....2>.....>.....>.....>.....?....q@.....@

                                                                                                                                                                                                                                                                                                                C:\Users\user\PCAppStore\nwjs\locales\sr.pak.info

                                                                                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\nsr7B99.tmp
                                                                                                                                                                                                                                                                                                                File Type:CSV text
                                                                                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                                                                                Size (bytes):1051021
                                                                                                                                                                                                                                                                                                                Entropy (8bit):5.4211132061857965
                                                                                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                                                                                SSDEEP:12288:SDb4GbP8IrxcFMOCGHo2QZIZ40P7usnnR6yTgkXb2X:dTgkXO
                                                                                                                                                                                                                                                                                                                MD5:82D7AB0FF6C34DB264FD6778818F42B1
                                                                                                                                                                                                                                                                                                                SHA1:EB508BD01721BA67F7DAAD55BA8E7ACDB0A096EB
                                                                                                                                                                                                                                                                                                                SHA-256:E84331E84CD61D8BDACC574D5186FB259C00467513AA3F2090406330F68A45DB
                                                                                                                                                                                                                                                                                                                SHA-512:176458B03CC2B2D3711965CD277531E002AE55D284B6C9178D2353E268F882430235468E5A1E9E45C8427864D109CF30A024A993B4763A75FA2744F6E0A6AE2A
                                                                                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                                                                                Preview:IDS_ACCESS_CODE_CAST_ACCESS_CODE_MESSAGE,1400,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_BACK,1401,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_CAST,1402,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_CONNECT,1403,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_DIALOG_TITLE,1404,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_ENTER_CHARACTER,1405,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_ERROR_ACCESS_CODE,1406,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_ERROR_DIFFERENT_NETWORK,1407,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_ERROR_NETWORK,1408,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_ERROR_PERMISSION,1409,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_ERROR_TOO_MANY_REQUESTS,1410,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_E

                                                                                                                                                                                                                                                                                                                C:\Users\user\PCAppStore\nwjs\locales\sv.pak

                                                                                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\nsr7B99.tmp
                                                                                                                                                                                                                                                                                                                File Type:data
                                                                                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                                                                                Size (bytes):512705
                                                                                                                                                                                                                                                                                                                Entropy (8bit):5.538975019723545
                                                                                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                                                                                SSDEEP:6144:UoQDiRIZXEr1COYNcNUAvSrZxkmvZl1HI4RFcz9RyoxGOGW3IiRMaSOmDE/xWcqX:DQDRZXllNcGrjr5O57ze
                                                                                                                                                                                                                                                                                                                MD5:D31FED9E04F8915045F6A2CC7BD4C9FE
                                                                                                                                                                                                                                                                                                                SHA1:8C68186DC5463D4E45889E8DE021536110B09453
                                                                                                                                                                                                                                                                                                                SHA-256:931598B71AD77874A64294614BA73B426A717F343674FCEB7BAEE227D4413B9D
                                                                                                                                                                                                                                                                                                                SHA-512:3C9D2F8F655006722AC5B08E8575EDAC9CCE21061B3A8696B8E772734A12BBFE04C53838DEC475887DBC82501E90A8799ACE71DC49BA05CF766037D001852493
                                                                                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                                                                                Preview:.........%V.e.4...h.8...i.I...j.U...k.d...l.o...n.w...o.|...p.....q.....r.....s.....t.....v.....w.....y.....z.....|.....}.........................!.....).....0.....7.....>.....?.....@.....B.....S.....e.....y...................................Y...................................b.....{...........K.......................V.......................U.......................z.................L.................$.........................................8.....H...........D.................@.................M.......................".....z.......................W.......................K.......................X.......................M.......................=.......................4.......................?.......................T.......................-.....}.......................N.....o.................Y.................$.....z.......................k.................. ....a ..... ..... ....,!.....!....."...."".....".....#....I#....o#.....#....;$....k$....~$.....$.....%....6%....D%.....%.....&....1&

                                                                                                                                                                                                                                                                                                                C:\Users\user\PCAppStore\nwjs\locales\sv.pak.info

                                                                                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\nsr7B99.tmp
                                                                                                                                                                                                                                                                                                                File Type:CSV text
                                                                                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                                                                                Size (bytes):1051021
                                                                                                                                                                                                                                                                                                                Entropy (8bit):5.4211132061857965
                                                                                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                                                                                SSDEEP:12288:SDb4GbP8IrxcFMOCGHo2QZIZ40P7usnnR6yTgkXb2X:dTgkXO
                                                                                                                                                                                                                                                                                                                MD5:82D7AB0FF6C34DB264FD6778818F42B1
                                                                                                                                                                                                                                                                                                                SHA1:EB508BD01721BA67F7DAAD55BA8E7ACDB0A096EB
                                                                                                                                                                                                                                                                                                                SHA-256:E84331E84CD61D8BDACC574D5186FB259C00467513AA3F2090406330F68A45DB
                                                                                                                                                                                                                                                                                                                SHA-512:176458B03CC2B2D3711965CD277531E002AE55D284B6C9178D2353E268F882430235468E5A1E9E45C8427864D109CF30A024A993B4763A75FA2744F6E0A6AE2A
                                                                                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                                                                                Preview:IDS_ACCESS_CODE_CAST_ACCESS_CODE_MESSAGE,1400,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_BACK,1401,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_CAST,1402,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_CONNECT,1403,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_DIALOG_TITLE,1404,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_ENTER_CHARACTER,1405,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_ERROR_ACCESS_CODE,1406,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_ERROR_DIFFERENT_NETWORK,1407,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_ERROR_NETWORK,1408,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_ERROR_PERMISSION,1409,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_ERROR_TOO_MANY_REQUESTS,1410,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_E

                                                                                                                                                                                                                                                                                                                C:\Users\user\PCAppStore\nwjs\locales\sw.pak

                                                                                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\nsr7B99.tmp
                                                                                                                                                                                                                                                                                                                File Type:data
                                                                                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                                                                                Size (bytes):539452
                                                                                                                                                                                                                                                                                                                Entropy (8bit):5.338235032300934
                                                                                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                                                                                SSDEEP:12288:pGnHmfiscrB5G7CCRdCAUQbQW4243xaKFNUq89F1ggt45JUAcwg6yJMkJPe/Bmqa:pSoo5GH
                                                                                                                                                                                                                                                                                                                MD5:F0314E8F5AF94C845AB4218468AF3454
                                                                                                                                                                                                                                                                                                                SHA1:4ABFA3D5D114AE89CB449F83C1267DA3DB0EF8BE
                                                                                                                                                                                                                                                                                                                SHA-256:0CE0651A673A250FA86E6A9DF4EC490C832F045E07617343F015599687AA84E8
                                                                                                                                                                                                                                                                                                                SHA-512:11E6CA00ACD7D65495F7C04BA5E558DAAD835C48BD230F616DE62954B9E10FC45E816E049E1ADB858B29D335DA08808B560F04C8A6AED83B62ED722F1968C08F
                                                                                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                                                                                Preview:........)&$.e.....h.....i.....j.....k.....l.....n.....o.....p.....q.....r.....s.....t.....v.(...w.5...y.;...z.J...|.P...}.b.....j.....o.....w.............................................................................u...........D.....Z...........).....h.....z...........m.................2.......................$.....w.......................\.......................f.................H.................,.................8.....H.......................<.................=.....Q...........`.................3.............................Q.....t.....}.................=.....I...........,.....w.................6.....j.....|...........@.....}.................0....._.....l...........&....._.....h...........L.......................^.......................h.................*.....z.................F.......................x.......................S.......................a ..... .....!....#!.....!....."....u".....".....#....k#.....#.....#....T$.....$.....%.....%.....%.....%.....&....,&.....&.....'....['

                                                                                                                                                                                                                                                                                                                C:\Users\user\PCAppStore\nwjs\locales\sw.pak.info

                                                                                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\nsr7B99.tmp
                                                                                                                                                                                                                                                                                                                File Type:CSV text
                                                                                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                                                                                Size (bytes):1051021
                                                                                                                                                                                                                                                                                                                Entropy (8bit):5.4211132061857965
                                                                                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                                                                                SSDEEP:12288:SDb4GbP8IrxcFMOCGHo2QZIZ40P7usnnR6yTgkXb2X:dTgkXO
                                                                                                                                                                                                                                                                                                                MD5:82D7AB0FF6C34DB264FD6778818F42B1
                                                                                                                                                                                                                                                                                                                SHA1:EB508BD01721BA67F7DAAD55BA8E7ACDB0A096EB
                                                                                                                                                                                                                                                                                                                SHA-256:E84331E84CD61D8BDACC574D5186FB259C00467513AA3F2090406330F68A45DB
                                                                                                                                                                                                                                                                                                                SHA-512:176458B03CC2B2D3711965CD277531E002AE55D284B6C9178D2353E268F882430235468E5A1E9E45C8427864D109CF30A024A993B4763A75FA2744F6E0A6AE2A
                                                                                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                                                                                Preview:IDS_ACCESS_CODE_CAST_ACCESS_CODE_MESSAGE,1400,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_BACK,1401,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_CAST,1402,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_CONNECT,1403,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_DIALOG_TITLE,1404,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_ENTER_CHARACTER,1405,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_ERROR_ACCESS_CODE,1406,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_ERROR_DIFFERENT_NETWORK,1407,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_ERROR_NETWORK,1408,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_ERROR_PERMISSION,1409,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_ERROR_TOO_MANY_REQUESTS,1410,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_E

                                                                                                                                                                                                                                                                                                                C:\Users\user\PCAppStore\nwjs\locales\ta.pak

                                                                                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\nsr7B99.tmp
                                                                                                                                                                                                                                                                                                                File Type:data
                                                                                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                                                                                Size (bytes):1387366
                                                                                                                                                                                                                                                                                                                Entropy (8bit):4.061553280377292
                                                                                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                                                                                SSDEEP:6144:cyu/keC6jicF5ZzVtR6cA25tm1vYpiMyg:Yj9F5ZzUcA25tm1vYpiMyg
                                                                                                                                                                                                                                                                                                                MD5:4411E4698E279FB95ADEA7BE9625F800
                                                                                                                                                                                                                                                                                                                SHA1:A3C655D334442CF5EF106B92F9778C9B3FBC252A
                                                                                                                                                                                                                                                                                                                SHA-256:BEABEEA92C3FB9C52C22BADD99D686F1690E3574C75CD7A886320FB2CAC53D92
                                                                                                                                                                                                                                                                                                                SHA-512:4406ADF5F7BEB86A49695FFF0A3E92E108AC2EE4DAAE46821C74164018FBD72E6D1DDA7C3B689B30A1F19C17B13B0C1BF0537C966ABE88137A0135D04483BF41
                                                                                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                                                                                Preview:.........&7.e.r...h.v...i.....j.....k.....l.....n.....o.....p.....q.....r.....s.....t.....v.....w.....y.....z.*...|.0...}.B.....J.....O.....W....._.....g.....n.....u.....|.....}.....~.........................................{.....A.....j.............................n.......................5.....k...........9.....:.....-................................... .....X.....\...........G.......................#.....D.....Z ..... ....@!.....".....#....L$....}$.....%....&'.....'....U(.....).....+.....,....^,....a-....*.....~............/.....0.....0....-1.....2.....2....K3.....3.....4.....5....F6.....6.....7....z8.....8....-9.....:.....;....y;.....;.....<.....=.....>....<>....6?....'@.....@.....@..../B.....C....\D.....D.....E.....F.....F....4G.....H.....H....;I.....I....aJ....JK.....L....bL.....M.....N.....O.....O....yP....?Q.....Q.....Q.....S.....T.....T.....T....qV.....W....eX.....X.....Z.....\.....^....8^....._.....`....Va.....a....6c....\d.....e....me....qf....^g.....g.....h....Pi.....j.....k

                                                                                                                                                                                                                                                                                                                C:\Users\user\PCAppStore\nwjs\locales\ta.pak.info

                                                                                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\nsr7B99.tmp
                                                                                                                                                                                                                                                                                                                File Type:CSV text
                                                                                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                                                                                Size (bytes):1051021
                                                                                                                                                                                                                                                                                                                Entropy (8bit):5.4211132061857965
                                                                                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                                                                                SSDEEP:12288:SDb4GbP8IrxcFMOCGHo2QZIZ40P7usnnR6yTgkXb2X:dTgkXO
                                                                                                                                                                                                                                                                                                                MD5:82D7AB0FF6C34DB264FD6778818F42B1
                                                                                                                                                                                                                                                                                                                SHA1:EB508BD01721BA67F7DAAD55BA8E7ACDB0A096EB
                                                                                                                                                                                                                                                                                                                SHA-256:E84331E84CD61D8BDACC574D5186FB259C00467513AA3F2090406330F68A45DB
                                                                                                                                                                                                                                                                                                                SHA-512:176458B03CC2B2D3711965CD277531E002AE55D284B6C9178D2353E268F882430235468E5A1E9E45C8427864D109CF30A024A993B4763A75FA2744F6E0A6AE2A
                                                                                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                                                                                Preview:IDS_ACCESS_CODE_CAST_ACCESS_CODE_MESSAGE,1400,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_BACK,1401,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_CAST,1402,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_CONNECT,1403,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_DIALOG_TITLE,1404,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_ENTER_CHARACTER,1405,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_ERROR_ACCESS_CODE,1406,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_ERROR_DIFFERENT_NETWORK,1407,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_ERROR_NETWORK,1408,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_ERROR_PERMISSION,1409,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_ERROR_TOO_MANY_REQUESTS,1410,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_E

                                                                                                                                                                                                                                                                                                                C:\Users\user\PCAppStore\nwjs\locales\te.pak

                                                                                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\nsr7B99.tmp
                                                                                                                                                                                                                                                                                                                File Type:data
                                                                                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                                                                                Size (bytes):1281329
                                                                                                                                                                                                                                                                                                                Entropy (8bit):4.31693967998977
                                                                                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                                                                                SSDEEP:12288:lGfZBWX7McKNsC1ot59d4e/gb0HrWs05Bk3p1FZNViFlJ2wtg+NFqhrOlHXAAFwG:cxBWVZd57MkC
                                                                                                                                                                                                                                                                                                                MD5:443D47F30632512C7E5A6E142D2A3CA3
                                                                                                                                                                                                                                                                                                                SHA1:98730D4194266544C204E11E30C1817A5C8DFAE6
                                                                                                                                                                                                                                                                                                                SHA-256:12267195833FF2F15F99947478C75EEB18923EB125AAF7118A0F398045636E33
                                                                                                                                                                                                                                                                                                                SHA-512:34A02D50B300E8283A896BA492277FB6D2C16BFEEF88B30344C803D060DC50FA638BECA10F5113EBFE23D6E5882D82D072303112008FA721FF20EA087385C71C
                                                                                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                                                                                Preview:........I&..e.....h.....i.....j.....k.....l.....n.$...o.)...p.6...q.<...r.H...s.Y...t.b...v.w...w.....y.....z.....|.....}.........................................................................).....].........................................a.....S...........<.............................>.....W...........1.......................D.....S.....#.............................7.................D...........p.................0 ....q .....!....."....4#....w#.....$.....&.....'....I'.....(..../*.....+....i+....T,.....-....Y-.....-..........|/...../....(0....<1.....2....l2.....2.....3.....4....x5.....5.....7.....7....Z8.....8.....9.....:.....;....J;....i<....9=.....=.....=.....?.....?....d@.....@.....B.....B.....C.....C.....D.....E.....E....+F.....F.....G.....G.....G.....H....rI....3J....kJ.....K.....L....RM.....M.....N.....O.....O....LP.....Q....jR.....R....;S.....T....>U.....U....!V.....W.....Y.....Z.....Z....v\.....]....:^.....^.....`.....`.....a.....a.....b.....c.....d....Kd.....e.....f....Ng

                                                                                                                                                                                                                                                                                                                C:\Users\user\PCAppStore\nwjs\locales\te.pak.info

                                                                                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\nsr7B99.tmp
                                                                                                                                                                                                                                                                                                                File Type:CSV text
                                                                                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                                                                                Size (bytes):1051021
                                                                                                                                                                                                                                                                                                                Entropy (8bit):5.4211132061857965
                                                                                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                                                                                SSDEEP:12288:SDb4GbP8IrxcFMOCGHo2QZIZ40P7usnnR6yTgkXb2X:dTgkXO
                                                                                                                                                                                                                                                                                                                MD5:82D7AB0FF6C34DB264FD6778818F42B1
                                                                                                                                                                                                                                                                                                                SHA1:EB508BD01721BA67F7DAAD55BA8E7ACDB0A096EB
                                                                                                                                                                                                                                                                                                                SHA-256:E84331E84CD61D8BDACC574D5186FB259C00467513AA3F2090406330F68A45DB
                                                                                                                                                                                                                                                                                                                SHA-512:176458B03CC2B2D3711965CD277531E002AE55D284B6C9178D2353E268F882430235468E5A1E9E45C8427864D109CF30A024A993B4763A75FA2744F6E0A6AE2A
                                                                                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                                                                                Preview:IDS_ACCESS_CODE_CAST_ACCESS_CODE_MESSAGE,1400,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_BACK,1401,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_CAST,1402,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_CONNECT,1403,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_DIALOG_TITLE,1404,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_ENTER_CHARACTER,1405,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_ERROR_ACCESS_CODE,1406,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_ERROR_DIFFERENT_NETWORK,1407,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_ERROR_NETWORK,1408,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_ERROR_PERMISSION,1409,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_ERROR_TOO_MANY_REQUESTS,1410,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_E

                                                                                                                                                                                                                                                                                                                C:\Users\user\PCAppStore\nwjs\locales\th.pak

                                                                                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\nsr7B99.tmp
                                                                                                                                                                                                                                                                                                                File Type:data
                                                                                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                                                                                Size (bytes):1076392
                                                                                                                                                                                                                                                                                                                Entropy (8bit):4.3678914271676845
                                                                                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                                                                                SSDEEP:12288:lk8N9LyZYAST4z1L/L1XPVLsbhRy1cW+v1H5UJEyL3ftj8wlz9eTRo98GkK9uLAR:lip5h5F
                                                                                                                                                                                                                                                                                                                MD5:ABFAD720A09628E229EE75C14DCC1DEE
                                                                                                                                                                                                                                                                                                                SHA1:80A075F9714D4C3BAFF06E1935B304558C3D597E
                                                                                                                                                                                                                                                                                                                SHA-256:0C8332F2C81038A69282A049FD59EC76F2370F329F9AEFF9A54AE1B0AB83AFB1
                                                                                                                                                                                                                                                                                                                SHA-512:D43A39699ED5F0E55A4491B726B44CF6238C9FB69C919F5DBFFBF6627221C524737115AC4FF604A1B6208AF7CAD52192CE896A6C57EEBE3A9BB721F9EC57ADBD
                                                                                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                                                                                Preview:........Y%..e.....h.....i.....j.....k.....l.$...o.,...p.9...q.?...r.K...s.\...t.e...v.z...w.....y.....z.....|.....}...............................................................................).....S.............................................................................6.....u.................+.....|...................................(.....p.................g...........P.....G...........X...........w..... .......................4.......................B...............................................q............ ..... ....|!.....!....."....."....f#.....#.....#.....$....n%.....%.....&.....&.....'.....(....&(.....(.....).....*....:*.....*.....+.....+.....+.....,.....-.....-..........4/....10.....0.....1.....1....\2.....2.....2.....3.....4....a4.....4....65.....5.....6....M6....m7...."8.....8....(9.....9....=:....t:.....:....y;.....<....b<.....<.....=.....>.....>.....>.....?.....@....jA.....A.....B.....C.....D.....D.....E.....F.....G....FG.....G.....H.....H.....I.....J.....J....pK

                                                                                                                                                                                                                                                                                                                C:\Users\user\PCAppStore\nwjs\locales\th.pak.info

                                                                                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\nsr7B99.tmp
                                                                                                                                                                                                                                                                                                                File Type:CSV text
                                                                                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                                                                                Size (bytes):1051021
                                                                                                                                                                                                                                                                                                                Entropy (8bit):5.4211132061857965
                                                                                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                                                                                SSDEEP:12288:SDb4GbP8IrxcFMOCGHo2QZIZ40P7usnnR6yTgkXb2X:dTgkXO
                                                                                                                                                                                                                                                                                                                MD5:82D7AB0FF6C34DB264FD6778818F42B1
                                                                                                                                                                                                                                                                                                                SHA1:EB508BD01721BA67F7DAAD55BA8E7ACDB0A096EB
                                                                                                                                                                                                                                                                                                                SHA-256:E84331E84CD61D8BDACC574D5186FB259C00467513AA3F2090406330F68A45DB
                                                                                                                                                                                                                                                                                                                SHA-512:176458B03CC2B2D3711965CD277531E002AE55D284B6C9178D2353E268F882430235468E5A1E9E45C8427864D109CF30A024A993B4763A75FA2744F6E0A6AE2A
                                                                                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                                                                                Preview:IDS_ACCESS_CODE_CAST_ACCESS_CODE_MESSAGE,1400,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_BACK,1401,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_CAST,1402,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_CONNECT,1403,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_DIALOG_TITLE,1404,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_ENTER_CHARACTER,1405,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_ERROR_ACCESS_CODE,1406,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_ERROR_DIFFERENT_NETWORK,1407,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_ERROR_NETWORK,1408,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_ERROR_PERMISSION,1409,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_ERROR_TOO_MANY_REQUESTS,1410,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_E

                                                                                                                                                                                                                                                                                                                C:\Users\user\PCAppStore\nwjs\locales\tr.pak

                                                                                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\nsr7B99.tmp
                                                                                                                                                                                                                                                                                                                File Type:data
                                                                                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                                                                                Size (bytes):550618
                                                                                                                                                                                                                                                                                                                Entropy (8bit):5.609493488679069
                                                                                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                                                                                SSDEEP:6144:cHODNEWFOVqzdRdiZmqDhz0yqxv8CcHuki4wge75HX/2+1i1nEedGAMYw/KOe67:4OyqFCmG4zkiN5HX//
                                                                                                                                                                                                                                                                                                                MD5:CE85F55613C69479E13D011F0B81E3F1
                                                                                                                                                                                                                                                                                                                SHA1:07C31DF75DEECEC1BC09FFCD473B885EF0467B42
                                                                                                                                                                                                                                                                                                                SHA-256:EEA13AECCB9DC35CF6E5135BCAB2F376D584CDEFC4B2970ED1126F8C2043AFCC
                                                                                                                                                                                                                                                                                                                SHA-512:3A6C6015003A09295AB4CA7BBBC421F281E3A8719C56EF9D0BB4448413656778DA7C70D7F67FCBED7051E562027CBD7BCEA84596E48AADA64193AF448002120C
                                                                                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                                                                                Preview:........Y&..e.....h.....i.....j.....k.&...l.1...n.9...o.>...p.K...q.Q...r.]...s.n...t.w...v.....w.....y.....z.....|.....}...............................................................................2.....G.....a.............................c...................................X.....s...........4.....o.................+.....R.....a.................D.....V...........&.....X.....z...........m.................2.......................1.......................>...................................A.....Y.................C....._.................M.....^.................H.....X...........#.....Z.....g...........6.....m.....~...........?.....q.....~...........:.....j.....v...........;.....o.....|.............................S.......................T.......................4.......................G.......................e.......................L ..... ..... ..... ....d!.....!.....!....."....."....b#.....#.....#....z$.....$....6%....Z%.....%....`&.....&.....&....)'.....'.....'.....'....@(.....(.....(

                                                                                                                                                                                                                                                                                                                C:\Users\user\PCAppStore\nwjs\locales\tr.pak.info

                                                                                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\nsr7B99.tmp
                                                                                                                                                                                                                                                                                                                File Type:CSV text
                                                                                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                                                                                Size (bytes):1051021
                                                                                                                                                                                                                                                                                                                Entropy (8bit):5.4211132061857965
                                                                                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                                                                                SSDEEP:12288:SDb4GbP8IrxcFMOCGHo2QZIZ40P7usnnR6yTgkXb2X:dTgkXO
                                                                                                                                                                                                                                                                                                                MD5:82D7AB0FF6C34DB264FD6778818F42B1
                                                                                                                                                                                                                                                                                                                SHA1:EB508BD01721BA67F7DAAD55BA8E7ACDB0A096EB
                                                                                                                                                                                                                                                                                                                SHA-256:E84331E84CD61D8BDACC574D5186FB259C00467513AA3F2090406330F68A45DB
                                                                                                                                                                                                                                                                                                                SHA-512:176458B03CC2B2D3711965CD277531E002AE55D284B6C9178D2353E268F882430235468E5A1E9E45C8427864D109CF30A024A993B4763A75FA2744F6E0A6AE2A
                                                                                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                                                                                Preview:IDS_ACCESS_CODE_CAST_ACCESS_CODE_MESSAGE,1400,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_BACK,1401,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_CAST,1402,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_CONNECT,1403,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_DIALOG_TITLE,1404,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_ENTER_CHARACTER,1405,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_ERROR_ACCESS_CODE,1406,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_ERROR_DIFFERENT_NETWORK,1407,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_ERROR_NETWORK,1408,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_ERROR_PERMISSION,1409,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_ERROR_TOO_MANY_REQUESTS,1410,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_E

                                                                                                                                                                                                                                                                                                                C:\Users\user\PCAppStore\nwjs\locales\uk.pak

                                                                                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\nsr7B99.tmp
                                                                                                                                                                                                                                                                                                                File Type:data
                                                                                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                                                                                Size (bytes):938457
                                                                                                                                                                                                                                                                                                                Entropy (8bit):4.888192308730272
                                                                                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                                                                                SSDEEP:12288:iqzRMYWYPnfzKj0meRi8ICN5ZB3IjMAlLEXdcuKLNiXEqqbQuKz+4uL2uoj:/uSz58E3
                                                                                                                                                                                                                                                                                                                MD5:E72DBF8C00F7C211D1A220DB30EC7A7E
                                                                                                                                                                                                                                                                                                                SHA1:8F891C83E0FBAA78A8267CF5B54462BD64DE9C6F
                                                                                                                                                                                                                                                                                                                SHA-256:B1892427972D0454F8B85AF85DCC074393FFBCB2381EA91EFB2E85EB03FF2A04
                                                                                                                                                                                                                                                                                                                SHA-512:D1F3E5DBC50B14FEADFC30999C89DB1A0431E4758EE82CF18DA81F991CDF76C3298FD98D3CB3E2AB902A11C8A7E11C6D7645E1ED91ED5F3280A4420C1FB793D0
                                                                                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                                                                                Preview:.........%q.e.....h.....i.....j.....k.....l.9...n.A...o.F...p.S...q.Y...r.e...s.v...t.....v.....w.....y.....z.....|.....}.........................................................................,.....E.....o.................X.......................Q......................._.......................z...........)...........L.................j...........V.....k.....'.................L.....9...........{...........i...........c...........1...........%.....F.................$.....Q.....@.......................T.................#...........,.....l.........................................8 ..... ..... ....V!.....!....0"....K"....."....\#.....#.....#....N$.....$.....%....3%.....%....F&.....&.....&.....'....t(.....)....?).....)....Q*.....*.....*....*+.....+.....+.....+.....,..../-.....-.....-..........l/...../....[0.....0....\1.....1.....1....d2.....2....(3....U3....,4.....4....25....^5....P6....$7.....7.....7.....8.....9.....:....Y:.....;.....;.....;.....<.....<.....=....U=....r=....F>.....>....b?

                                                                                                                                                                                                                                                                                                                C:\Users\user\PCAppStore\nwjs\locales\uk.pak.info

                                                                                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\nsr7B99.tmp
                                                                                                                                                                                                                                                                                                                File Type:CSV text
                                                                                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                                                                                Size (bytes):1051021
                                                                                                                                                                                                                                                                                                                Entropy (8bit):5.4211132061857965
                                                                                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                                                                                SSDEEP:12288:SDb4GbP8IrxcFMOCGHo2QZIZ40P7usnnR6yTgkXb2X:dTgkXO
                                                                                                                                                                                                                                                                                                                MD5:82D7AB0FF6C34DB264FD6778818F42B1
                                                                                                                                                                                                                                                                                                                SHA1:EB508BD01721BA67F7DAAD55BA8E7ACDB0A096EB
                                                                                                                                                                                                                                                                                                                SHA-256:E84331E84CD61D8BDACC574D5186FB259C00467513AA3F2090406330F68A45DB
                                                                                                                                                                                                                                                                                                                SHA-512:176458B03CC2B2D3711965CD277531E002AE55D284B6C9178D2353E268F882430235468E5A1E9E45C8427864D109CF30A024A993B4763A75FA2744F6E0A6AE2A
                                                                                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                                                                                Preview:IDS_ACCESS_CODE_CAST_ACCESS_CODE_MESSAGE,1400,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_BACK,1401,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_CAST,1402,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_CONNECT,1403,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_DIALOG_TITLE,1404,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_ENTER_CHARACTER,1405,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_ERROR_ACCESS_CODE,1406,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_ERROR_DIFFERENT_NETWORK,1407,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_ERROR_NETWORK,1408,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_ERROR_PERMISSION,1409,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_ERROR_TOO_MANY_REQUESTS,1410,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_E

                                                                                                                                                                                                                                                                                                                C:\Users\user\PCAppStore\nwjs\locales\ur.pak

                                                                                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\nsr7B99.tmp
                                                                                                                                                                                                                                                                                                                File Type:data
                                                                                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                                                                                Size (bytes):817673
                                                                                                                                                                                                                                                                                                                Entropy (8bit):5.177156515939135
                                                                                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                                                                                SSDEEP:12288:C7a3H/NvV+8PomRMD2nyBO3QU5ANJhEFZWPOEojYzQYrNwadcJKwU8ueco/9Njjk:Vvvt5LWp
                                                                                                                                                                                                                                                                                                                MD5:3129155651C81F86E5E2794B0CD15EC7
                                                                                                                                                                                                                                                                                                                SHA1:FB3D6C2156E1230C099B02171F3E9100FBE542A8
                                                                                                                                                                                                                                                                                                                SHA-256:67B353376ECC45F0271CB2526B96AEB681F717968C35397F7E53AA43D3D31D08
                                                                                                                                                                                                                                                                                                                SHA-512:31831DEAD97B53E600317091DC08807D1D040A1FC27753CCEB4104A865583C79E1EC68FE6AB644819EF49F262981ADB6EF38D67CB53CB3FDDD43271780FEFCEB
                                                                                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                                                                                Preview:........-& .e.....h.....i.....j.....k.....l.....n.....o.....p.....q.....r.....s.....t.....v.-...w.:...y.@...z.O...|.U...}.g.....o.....t.....|.........................................................................................;.....b.......................R.....1...........m...........U...........\...............................................Z.....}...................................\.......................6.................W...........S.....p.....C...........}.................N.............................,.....T...........?.....|...............................................S.....q...... ..... ..... .....!.....!....."....Y"....u"....."....q#.....#.....#....\$.....$....*%....F%.....&.....&....3'....^'.....'....n(.....(.....(....d).....).....).... *.....*....'+....m+.....+....U,.....,....Q-.....-............................./....&0....x0.....0....p1.....1....j2.....2....k3.....4.....4.....4.....5....W6.....6.....7.....7....w8.....8.....9.....9.....:....]:.....:..../;.....;.....<

                                                                                                                                                                                                                                                                                                                C:\Users\user\PCAppStore\nwjs\locales\ur.pak.info

                                                                                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\nsr7B99.tmp
                                                                                                                                                                                                                                                                                                                File Type:CSV text
                                                                                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                                                                                Size (bytes):1051021
                                                                                                                                                                                                                                                                                                                Entropy (8bit):5.4211132061857965
                                                                                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                                                                                SSDEEP:12288:SDb4GbP8IrxcFMOCGHo2QZIZ40P7usnnR6yTgkXb2X:dTgkXO
                                                                                                                                                                                                                                                                                                                MD5:82D7AB0FF6C34DB264FD6778818F42B1
                                                                                                                                                                                                                                                                                                                SHA1:EB508BD01721BA67F7DAAD55BA8E7ACDB0A096EB
                                                                                                                                                                                                                                                                                                                SHA-256:E84331E84CD61D8BDACC574D5186FB259C00467513AA3F2090406330F68A45DB
                                                                                                                                                                                                                                                                                                                SHA-512:176458B03CC2B2D3711965CD277531E002AE55D284B6C9178D2353E268F882430235468E5A1E9E45C8427864D109CF30A024A993B4763A75FA2744F6E0A6AE2A
                                                                                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                                                                                Preview:IDS_ACCESS_CODE_CAST_ACCESS_CODE_MESSAGE,1400,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_BACK,1401,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_CAST,1402,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_CONNECT,1403,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_DIALOG_TITLE,1404,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_ENTER_CHARACTER,1405,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_ERROR_ACCESS_CODE,1406,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_ERROR_DIFFERENT_NETWORK,1407,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_ERROR_NETWORK,1408,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_ERROR_PERMISSION,1409,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_ERROR_TOO_MANY_REQUESTS,1410,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_E

                                                                                                                                                                                                                                                                                                                C:\Users\user\PCAppStore\nwjs\locales\vi.pak

                                                                                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\nsr7B99.tmp
                                                                                                                                                                                                                                                                                                                File Type:data
                                                                                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                                                                                Size (bytes):651358
                                                                                                                                                                                                                                                                                                                Entropy (8bit):5.790776889845594
                                                                                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                                                                                SSDEEP:12288:BhaQjDW+cuwJ/roEKaaFoGnXy0bxcPdH9+vUx5WY8hZq94KibJziMHo6wtk1e:B0d+cuwJ/7a3ni0be35N8vq1ibliMI6U
                                                                                                                                                                                                                                                                                                                MD5:5910DEDFBC84629690DD59478E80B51A
                                                                                                                                                                                                                                                                                                                SHA1:AF6E9281C779E40ACF1A8A1EABB1AA926AB85F85
                                                                                                                                                                                                                                                                                                                SHA-256:0832B96542456367261A215719ACDCC394A027C04A4F0C313F9401D6B222F756
                                                                                                                                                                                                                                                                                                                SHA-512:1BD32EFA3D034442D85D2478EFA8180E11126E80F03097B813CCFD4521039E186342CC9EFAA47809DB9852ADA3541B76E668D43C7A427D2410DAB6C0A1BA1B2C
                                                                                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                                                                                Preview:.........%q.e.....h.....i.....j.(...k.7...l.B...n.J...o.O...p.\...q.b...r.n...s.....t.....v.....w.....y.....z.....|.....}.........................................................................&.....7.....`...........7...........U.....q...................................*.................?.................%.....z.......................o.................!...........@.................}..... .................I...........&.....8...........7.................?...........$.....L.......................,.................'.....F...........&.....P.....a...........A.....}...................................V.......................k......................................... .................C.....U.................. ....% ..... .....!....O!....n!.....!....C"....m"....."....d#.....#.....#....c$.....$...._%.....%....)&.....&.....&.....&....w'.....'....!(....D(.....(....>).....).....)....]*.....+....s+.....+....L,.....,....J-.....-..........m.................&/...../...../...../....s0.....1....[1....|1

                                                                                                                                                                                                                                                                                                                C:\Users\user\PCAppStore\nwjs\locales\vi.pak.info

                                                                                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\nsr7B99.tmp
                                                                                                                                                                                                                                                                                                                File Type:CSV text
                                                                                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                                                                                Size (bytes):1051021
                                                                                                                                                                                                                                                                                                                Entropy (8bit):5.4211132061857965
                                                                                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                                                                                SSDEEP:12288:SDb4GbP8IrxcFMOCGHo2QZIZ40P7usnnR6yTgkXb2X:dTgkXO
                                                                                                                                                                                                                                                                                                                MD5:82D7AB0FF6C34DB264FD6778818F42B1
                                                                                                                                                                                                                                                                                                                SHA1:EB508BD01721BA67F7DAAD55BA8E7ACDB0A096EB
                                                                                                                                                                                                                                                                                                                SHA-256:E84331E84CD61D8BDACC574D5186FB259C00467513AA3F2090406330F68A45DB
                                                                                                                                                                                                                                                                                                                SHA-512:176458B03CC2B2D3711965CD277531E002AE55D284B6C9178D2353E268F882430235468E5A1E9E45C8427864D109CF30A024A993B4763A75FA2744F6E0A6AE2A
                                                                                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                                                                                Preview:IDS_ACCESS_CODE_CAST_ACCESS_CODE_MESSAGE,1400,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_BACK,1401,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_CAST,1402,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_CONNECT,1403,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_DIALOG_TITLE,1404,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_ENTER_CHARACTER,1405,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_ERROR_ACCESS_CODE,1406,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_ERROR_DIFFERENT_NETWORK,1407,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_ERROR_NETWORK,1408,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_ERROR_PERMISSION,1409,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_ERROR_TOO_MANY_REQUESTS,1410,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_E

                                                                                                                                                                                                                                                                                                                C:\Users\user\PCAppStore\nwjs\locales\zh-CN.pak

                                                                                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\nsr7B99.tmp
                                                                                                                                                                                                                                                                                                                File Type:data
                                                                                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                                                                                Size (bytes):472125
                                                                                                                                                                                                                                                                                                                Entropy (8bit):6.686635546459109
                                                                                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                                                                                SSDEEP:6144:y3OYfu048lFDezkK7/56jOIydpD65imqjNnEwYHB074lK:y3hfu0HjyzX56jOIyz65rcNnEwmBK
                                                                                                                                                                                                                                                                                                                MD5:79D8DDFE89B3B2B37BBBF85AFD6E6D67
                                                                                                                                                                                                                                                                                                                SHA1:0D0316D3D1DA0D13D2C568F0FAB9116996998C7C
                                                                                                                                                                                                                                                                                                                SHA-256:ABBF9199B7751AD09750361E2EE861876EE44D65020B7D1255C45DFF911BCF89
                                                                                                                                                                                                                                                                                                                SHA-512:5F6B736B835DF71BA67906710BF86CDEB37542642CC03FFE6CC73557C2BE35CE99C5838739B160D26545D7A55E4263DEE7E55E942307F7D8657E3E8FAFDE5114
                                                                                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                                                                                Preview:.........%..e.....h.....i.....j.....k.....l.....m.....o.....p.....q.....r.....s.....t.....v.....w. ...|.&...}.8.....@.....H.....S.....[.....j.....o.....w.....~...............................................B.......................s.......................q.......................|.................2.............................X.......................7.......................7.......................S.......................D.......................*.......................1.......................4.....w.......................>.....d.....p.................#.....2.................:.....L.......................&.............................d.......................<.......................?.......................P.......................'.....u.......................h.......................K.............................H.....T.................6.....H.................?....._...........H.......................n.......................k.......................3 ....Q ....a ..... .....!....A!....S!.....!

                                                                                                                                                                                                                                                                                                                C:\Users\user\PCAppStore\nwjs\locales\zh-CN.pak.info

                                                                                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\nsr7B99.tmp
                                                                                                                                                                                                                                                                                                                File Type:CSV text
                                                                                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                                                                                Size (bytes):1051021
                                                                                                                                                                                                                                                                                                                Entropy (8bit):5.4211132061857965
                                                                                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                                                                                SSDEEP:12288:SDb4GbP8IrxcFMOCGHo2QZIZ40P7usnnR6yTgkXb2X:dTgkXO
                                                                                                                                                                                                                                                                                                                MD5:82D7AB0FF6C34DB264FD6778818F42B1
                                                                                                                                                                                                                                                                                                                SHA1:EB508BD01721BA67F7DAAD55BA8E7ACDB0A096EB
                                                                                                                                                                                                                                                                                                                SHA-256:E84331E84CD61D8BDACC574D5186FB259C00467513AA3F2090406330F68A45DB
                                                                                                                                                                                                                                                                                                                SHA-512:176458B03CC2B2D3711965CD277531E002AE55D284B6C9178D2353E268F882430235468E5A1E9E45C8427864D109CF30A024A993B4763A75FA2744F6E0A6AE2A
                                                                                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                                                                                Preview:IDS_ACCESS_CODE_CAST_ACCESS_CODE_MESSAGE,1400,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_BACK,1401,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_CAST,1402,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_CONNECT,1403,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_DIALOG_TITLE,1404,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_ENTER_CHARACTER,1405,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_ERROR_ACCESS_CODE,1406,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_ERROR_DIFFERENT_NETWORK,1407,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_ERROR_NETWORK,1408,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_ERROR_PERMISSION,1409,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_ERROR_TOO_MANY_REQUESTS,1410,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_E

                                                                                                                                                                                                                                                                                                                C:\Users\user\PCAppStore\nwjs\locales\zh-TW.pak

                                                                                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\nsr7B99.tmp
                                                                                                                                                                                                                                                                                                                File Type:data
                                                                                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                                                                                Size (bytes):469061
                                                                                                                                                                                                                                                                                                                Entropy (8bit):6.698957808032297
                                                                                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                                                                                SSDEEP:6144:bSSfomw9A7NuQRFcjArmJflGj2DuUasg5b57jkzrMOZQyZV7zeHk2Tt:bSSf5wG7NuFjA0xasg5b57jkzbr/7m1
                                                                                                                                                                                                                                                                                                                MD5:687995F645CB9169DBFC3431E8FCFE3B
                                                                                                                                                                                                                                                                                                                SHA1:D6931394363D7C479791B32C8AD268786FFCE8AF
                                                                                                                                                                                                                                                                                                                SHA-256:35A0323EB90FA53859961F832BCB66C391F53E6449722F6FDC136D92484C47C9
                                                                                                                                                                                                                                                                                                                SHA-512:FAAAD1CE95650FA67AA7E86F2453DEDC70C6E206BB15DBA4E824BB0D540D884A09A75A48A9E36FEEB83B75232258B7431B1F3DF53A824FA322B3C4E87BEABA14
                                                                                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                                                                                Preview:.........%..e.Z...h.^...i.o...j.s...k.....l.....n.....o.....p.....q.....r.....s.....t.....v.....w.....y.....z.....|.....}.......%.....*.....2.....:.....A.....H.....O.....Q.....V....._.....k.....z.................y.......................q.......................f.......................Z.......................A.....j.....v.................3.....@.......................0.......................1.............................r.......................a.......................w.................1.....}......................./.....{.......................F.....i.....x........... .....I.....U.................&.....2.......................!.....s.......................K.......................<.......................2.....x.......................>.....X.................<.....N.................,.....O.............................P.......................;.......................D.........................................0.............................[.............................h.................. ....Z

                                                                                                                                                                                                                                                                                                                C:\Users\user\PCAppStore\nwjs\locales\zh-TW.pak.info

                                                                                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\nsr7B99.tmp
                                                                                                                                                                                                                                                                                                                File Type:CSV text
                                                                                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                                                                                Size (bytes):1051021
                                                                                                                                                                                                                                                                                                                Entropy (8bit):5.4211132061857965
                                                                                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                                                                                SSDEEP:12288:SDb4GbP8IrxcFMOCGHo2QZIZ40P7usnnR6yTgkXb2X:dTgkXO
                                                                                                                                                                                                                                                                                                                MD5:82D7AB0FF6C34DB264FD6778818F42B1
                                                                                                                                                                                                                                                                                                                SHA1:EB508BD01721BA67F7DAAD55BA8E7ACDB0A096EB
                                                                                                                                                                                                                                                                                                                SHA-256:E84331E84CD61D8BDACC574D5186FB259C00467513AA3F2090406330F68A45DB
                                                                                                                                                                                                                                                                                                                SHA-512:176458B03CC2B2D3711965CD277531E002AE55D284B6C9178D2353E268F882430235468E5A1E9E45C8427864D109CF30A024A993B4763A75FA2744F6E0A6AE2A
                                                                                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                                                                                Preview:IDS_ACCESS_CODE_CAST_ACCESS_CODE_MESSAGE,1400,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_BACK,1401,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_CAST,1402,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_CONNECT,1403,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_DIALOG_TITLE,1404,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_ENTER_CHARACTER,1405,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_ERROR_ACCESS_CODE,1406,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_ERROR_DIFFERENT_NETWORK,1407,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_ERROR_NETWORK,1408,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_ERROR_PERMISSION,1409,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_ERROR_TOO_MANY_REQUESTS,1410,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_E

                                                                                                                                                                                                                                                                                                                C:\Users\user\PCAppStore\nwjs\node.dll

                                                                                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\nsr7B99.tmp
                                                                                                                                                                                                                                                                                                                File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                                                                                Size (bytes):18401792
                                                                                                                                                                                                                                                                                                                Entropy (8bit):6.484724602010289
                                                                                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                                                                                SSDEEP:196608:UFhL+fUAW3m8p73KQ/ZxCSIK7Z5JG1xC/e:UFp+fUAW3m8pDKQ/ZxChK7Z5cjC
                                                                                                                                                                                                                                                                                                                MD5:6A067CB26AF2C240C240BC81C4A4F311
                                                                                                                                                                                                                                                                                                                SHA1:CFB1A89616DC14830EB073F4CD84AC4EB14B4534
                                                                                                                                                                                                                                                                                                                SHA-256:C1E6EF50932D0CD9EDF8FF4C663CFCCA358F2E2D5349B3B7904E4D4D8F6D8882
                                                                                                                                                                                                                                                                                                                SHA-512:25520B39C834BAAC056958C22EBA1B2317B0D7967F351C66BA6177FB9FFC3FD4B6C0E8489CFBD8B2E477854F75163856F23775BAE6B8A0721048FD961E276BAD
                                                                                                                                                                                                                                                                                                                Malicious:true
                                                                                                                                                                                                                                                                                                                Antivirus:
                                                                                                                                                                                                                                                                                                                • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                                                                                                Preview:MZx.....................@...................................x...........!..L.!This program cannot be run in DOS mode.$..PE..d...Bx.e.........." ................L.........................................B...........`..............................................#...2..,.... A.......;..n...........0A.\t..|...........................(.......8............P...............................text............................... ..`.rdata....... ......................@..@.data...@9*..@......................@....pdata...n....;..p..................@..@.gxfg.........?......V..............@..@.retplne......@......F...................tls....a.....@......H..............@....voltbl.......A......J.................._RDATA........A......L..............@..@.rsrc........ A......N..............@..@.reloc..\t...0A..v...T..............@..B................................................................................................................................................................................

                                                                                                                                                                                                                                                                                                                C:\Users\user\PCAppStore\nwjs\notification_helper.exe

                                                                                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\nsr7B99.tmp
                                                                                                                                                                                                                                                                                                                File Type:PE32+ executable (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                                                                                Size (bytes):1162240
                                                                                                                                                                                                                                                                                                                Entropy (8bit):6.551791881008996
                                                                                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                                                                                SSDEEP:12288:ouraOSnSamNJMd26Fpz2vWISMtjK+N4cpfATBp5j2Iv8oia7gPhI+nkMoe8r8WJW:ouWJSap2spQ9tXATBT6IQa7S18oW4
                                                                                                                                                                                                                                                                                                                MD5:EDF83410995BEA188731EF377334ED7B
                                                                                                                                                                                                                                                                                                                SHA1:B12C8925409701725749A9EBCC9D6CBFDB0122DD
                                                                                                                                                                                                                                                                                                                SHA-256:B464548564A8B97682560630127AA447D25FE692F887A4822A36B2EF8F250E97
                                                                                                                                                                                                                                                                                                                SHA-512:A14B61223B0D2E1A7389934559EEC5279A1C2B0C713B0FDAA08F4F979A3B37D8BADED355B42AEF5FEA13A254AF177F5EB152C6C009985F3294C5097035907EE2
                                                                                                                                                                                                                                                                                                                Malicious:true
                                                                                                                                                                                                                                                                                                                Antivirus:
                                                                                                                                                                                                                                                                                                                • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                                                                                                Preview:MZx.....................@...................................x...........!..L.!This program cannot be run in DOS mode.$..PE..d...P0Wd.........."............................@..........................................`.............................................\...t........p.......P..................................................(...0...8...........0................................text...F........................... ..`.rdata..............................@..@.data...........@..................@....pdata.......P......................@..@.gxfg....,...........`..............@..@.retplne.................................tls......... ......................@....voltbl.F....0..........................CPADinfo8....@......................@..._RDATA.......P......................@..@malloc_h0....`...................... ..`.rsrc........p......................@..@.reloc..............................@..B................................................................................................

                                                                                                                                                                                                                                                                                                                C:\Users\user\PCAppStore\nwjs\nw.dll

                                                                                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\nsr7B99.tmp
                                                                                                                                                                                                                                                                                                                File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                                                                                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                                                                                Size (bytes):196713984
                                                                                                                                                                                                                                                                                                                Entropy (8bit):6.709853681888895
                                                                                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                                                                                SSDEEP:1572864:T671igPCQDu9VieLAbOP1nmnq/lbL7IKJciUtkMHs5sx1qqV88:eJiDS610scieJq1
                                                                                                                                                                                                                                                                                                                MD5:0B9A2D445F28B403D525380817A2636E
                                                                                                                                                                                                                                                                                                                SHA1:E4BECC1533A42871BA87A06D039D3477ABE4F79A
                                                                                                                                                                                                                                                                                                                SHA-256:264773127DEA00204A3A52BAE4A4510D610292FDD759B7EAF40BD1B59AD88C6B
                                                                                                                                                                                                                                                                                                                SHA-512:45BF3DC8C1B118AE26B6A4436591D1B15B339BC6BD8E69E112F0F6ADDB834B0CFD8958AC63BFC712C4A7D9C365FC6944AB80F0D61765170ADF67B5535DEE12E1
                                                                                                                                                                                                                                                                                                                Malicious:true
                                                                                                                                                                                                                                                                                                                Antivirus:
                                                                                                                                                                                                                                                                                                                • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                                                                                                Preview:MZx.....................@...................................x...........!..L.!This program cannot be run in DOS mode.$..PE..d...P0Wd.........." .........`...... S....................................................`A........................................G.-..!..../.|.......p.....R..B^..............T...i .8................... b .(...@..8............./......U-.`....................text..."........................... ..`.rdata..X.... ......................@..@.data... .... 4.......4.............@....pdata...B^...R..D^...>.............@..@.gxfg...0C.......D...@..............@..@.retplne.....`...........................rodata......p...................... ..`.tls....A...........................@....voltbl.v...............................CPADinfo8...........................@...LZMADEC............................. ..`_RDATA.............................@..@malloc_h0.......................... ..`.rsrc...p...........................@..@.reloc...T.......V...H..............@..B................

                                                                                                                                                                                                                                                                                                                C:\Users\user\PCAppStore\nwjs\nw_100_percent.pak

                                                                                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\nsr7B99.tmp
                                                                                                                                                                                                                                                                                                                File Type:data
                                                                                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                                                                                Size (bytes):685745
                                                                                                                                                                                                                                                                                                                Entropy (8bit):7.962986984739525
                                                                                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                                                                                SSDEEP:
                                                                                                                                                                                                                                                                                                                MD5:9B46F4C8DFC0A55BFAFAC55F17D7659B
                                                                                                                                                                                                                                                                                                                SHA1:D25F27DF176AADB67BC56A42262BCCAFD14AF4F4
                                                                                                                                                                                                                                                                                                                SHA-256:B637AE345B830649B4027F39F6EE48F92484A2ACB65DE498E4FDD84EC1010336
                                                                                                                                                                                                                                                                                                                SHA-512:DE5F500AFE381A16E3FF7DDCB5C8AA538362E55222F7915276BB4C9261E41CBC2403CA1663A7DBF0706D8D51ABC420E26804F67CFD646D7986130A20A659F345
                                                                                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                                                                                Preview:..........O............... ...........@.........p?....q?h...r?...s?<...t?....u?....v?h...w?...x?&...y?....z?...{?9...|?....}?...~?N....?.....?.....?J....?.....?}....?.....?....?1....?O....?.....?.....?.....?.....?%....?.....?.....?.....?.....?.....?m....?5....?.....?.....?.....?0....?.....?.....?e....?.....?u....?.&...?>'...?.'...?.(...?G)...?.)...?.2...?.<...?.P...?.c...?Ce...?yf...?.h...?jk...?.n...?.w...?.....?D....?.....?.....?+....?z....?&....?.....?.....?(....?.....?.....?.....?.....?6....?4....?.....?.....?.....?@....?.....?.....?.!...?]*...?.2...?38...?.@...?.A...?._...?/y...?.....?`....?9....?.....?U....?.....?.$...?S7...?E`...?.t...?p....?.....?K....?&....?.....?.....?.....?A....?.....?.!...?.+...?.3...?u;...?.C...?.H...?rT...?.^...?.b...?[g...?yl...?.}...?.....?.....?k....?n....?"....@.....@.....@.....@f....@.*...@M@...@.Q...@.c...@kq...@W{...@Q....@X....@c....@.....@j....@O....@R....@S....@....&@g...'@Z...(@....)@....*@....+@....,@....-@V....@..../@D...0@.8..1@.9..2@.<

                                                                                                                                                                                                                                                                                                                C:\Users\user\PCAppStore\nwjs\nw_200_percent.pak

                                                                                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\nsr7B99.tmp
                                                                                                                                                                                                                                                                                                                File Type:data
                                                                                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                                                                                Size (bytes):1079219
                                                                                                                                                                                                                                                                                                                Entropy (8bit):7.95049008504143
                                                                                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                                                                                SSDEEP:
                                                                                                                                                                                                                                                                                                                MD5:F666B710DA2BED9AC0252C1FA1D00C4A
                                                                                                                                                                                                                                                                                                                SHA1:0D8288FDE82C2F3B7BD006FCF4CB92246AEFAF6D
                                                                                                                                                                                                                                                                                                                SHA-256:F1AB589CFD40FB17A7C390B45FFAD8FCF90C133FFF1D14CA5BFC7053A21DC241
                                                                                                                                                                                                                                                                                                                SHA-512:982BB5EA2C14170D47E150DC8692EBE316EC5D6B584377020C1F58AE0632748CB631182A6BFAD2F909EF6B818B012527367A36D8681B5B56DC735B8CCAF7B52F
                                                                                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                                                                                Preview:..........O.........+...........|.....#.........p?....q?@...r?....s?,...t?....u?....v?|...w?...x?R...y?...z?'...{?....|?....}?V...~?....?.....?.....?....?I....?.....?A....?.....?.....?.....?~....?d....?.%...?.C...?.Y...?vn...?Qp...?.p...?Br...?.y...?Rz...?.|...?.~...?U....?.....?X....?....?.....?.....?.....?.....?.....?X....?.....?.....?.....?g....?.....?*....?.....?.8...?.:...?z<...?.>...?.D...?OJ...?._...?.p...?o....?%....?.....?[....?....?.....?.....?.....?.....?.....?.+...?.>...?.M...?Ra...?4u...?.....?]....?.....?.....?.....?.....?. ...?^4...?.L...?.[...?.t...?.w...?.....?u....?.....?.....?.....?.....?.+...? >...?7Z...?.l...?.....?t....?:....?.....?-....?.....?.....?.....?.(...?_7...?.L...?.X...?.b...?]i...?.q...?.z...?i....?.....?;....?.....?.....?....?z....?.....?H'...?.S...?.t...?d....@.....@S....@\....@.....@.H...@.v...@M....@.....@.....@a....@.....@.....@oI...@6....@.....@,....@....@.....@:...&@....'@....(@0...)@....*@*...+@....,@....-@h(...@94../@v>..0@....1@....2@..

                                                                                                                                                                                                                                                                                                                C:\Users\user\PCAppStore\nwjs\nw_elf.dll

                                                                                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\nsr7B99.tmp
                                                                                                                                                                                                                                                                                                                File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                                                                                Size (bytes):1134592
                                                                                                                                                                                                                                                                                                                Entropy (8bit):6.555043286804751
                                                                                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                                                                                SSDEEP:
                                                                                                                                                                                                                                                                                                                MD5:364F839CA8DE4D942270D9097D48EF15
                                                                                                                                                                                                                                                                                                                SHA1:82C8040DC2A733EB3EA3E051513C84F992BB17F1
                                                                                                                                                                                                                                                                                                                SHA-256:A4E521C12FE47816F2D9E2DFED9FD074E370EC587D0A0F3A03B5AEBB76C06560
                                                                                                                                                                                                                                                                                                                SHA-512:BAF1ED5E558DC0AE037FE0DFF036792CFBD338915C8AF99D10F0202B92CA820298657A86A0F3E8C1387326FDA34DE3EE08649C34AF2417159A24AED9CED02DF3
                                                                                                                                                                                                                                                                                                                Malicious:true
                                                                                                                                                                                                                                                                                                                Antivirus:
                                                                                                                                                                                                                                                                                                                • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                                                                                                Preview:MZx.....................@...................................x...........!..L.!This program cannot be run in DOS mode.$..PE..d...P0Wd.........." .....V...........).......................................@............`A....................................................<.......8.................... ..<....~..8....................}..(...@...8............................................text...-T.......V.................. ..`.rdata.......p.......Z..............@..@.data...T....@...B...*..............@....pdata...............l..............@..@.crthunk.....p......................@..@.gxfg... ,..........................@..@.retplne.............$...................tls.................&..............@....voltbl.B............(..................CPADinfo8............*..............@..._RDATA...............,..............@..@malloc_h0........................... ..`.rsrc...8............0..............@..@.reloc..<.... .......8..............@..B........................................................

                                                                                                                                                                                                                                                                                                                C:\Users\user\PCAppStore\nwjs\resources.pak

                                                                                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\nsr7B99.tmp
                                                                                                                                                                                                                                                                                                                File Type:data
                                                                                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                                                                                Size (bytes):4656369
                                                                                                                                                                                                                                                                                                                Entropy (8bit):7.995866504972196
                                                                                                                                                                                                                                                                                                                Encrypted:true
                                                                                                                                                                                                                                                                                                                SSDEEP:
                                                                                                                                                                                                                                                                                                                MD5:0F1D45867B591D67B0301EE8C4AD5F7B
                                                                                                                                                                                                                                                                                                                SHA1:F5FB6378C13912DF079EFEE44476FC1B4666EF24
                                                                                                                                                                                                                                                                                                                SHA-256:A2434429FEA5B3344426E388F9A2191E10449103E933EF7F0CDBF4638F22380D
                                                                                                                                                                                                                                                                                                                SHA-512:1DB79C82E67547A76D3D479168EE12899E7E03D8C065239976E0A490804182290B76829E483E8F18F7FEAFE7E819D2784C507D7ABCDAB917B62D78696059EE80
                                                                                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                                                                                Preview:............{.,0..|.,0.....3.....5....~...........8...........Ol..........p.................K........... .....I......!....."....d$.....%.....&.....'.....+....MW.....X....I_....Pj.....p.....u.....}....G................?....?.....?.....?R ...?J"..-?.%...?.4../?.D..0?.T..1?.c..2?Gs..3?...4?5...5?k...6?T...7?....8?....9?....:?V...;?....<?.*..=?:B..>?.^..??Su..@?....A?Y...B?)...C?....D?....E?....F?....G?a)..t@],..u@./..v@.2..w@!8..x@.;..y@.@...APT...A.V...A.]...A.l...A3m...A.m...A`n...A.n...A7o...A.o...AGt...A.|...A/....A6....AS....Ai....AF....Al....AG....A;....A.....A.....Ac....A;....AE....AY....A....A....A....A.....A.....AP....B.....B^....By....B.....B.....B.....B4....B....,B....-B.....B`....D.....D.....DM....D_....D3....D4....D.....D.!...D."..>I.%..?I.&..@I.+..AI....BIj/..CI.0..DI.4..EI67..RI.8..SI.:..TI.<..yI"H..zIiR..{I/^..|I&j..}I.t..~I.....I....I.....I.....I....I/....I'....I&....I4....I.....IN....I*....I.....I.....IS....I.....I.....I.....I.....I4....I.....I6....I.....IV"...I.0

                                                                                                                                                                                                                                                                                                                C:\Users\user\PCAppStore\nwjs\v8_context_snapshot.bin

                                                                                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\nsr7B99.tmp
                                                                                                                                                                                                                                                                                                                File Type:data
                                                                                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                                                                                Size (bytes):686733
                                                                                                                                                                                                                                                                                                                Entropy (8bit):5.111423885670035
                                                                                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                                                                                SSDEEP:
                                                                                                                                                                                                                                                                                                                MD5:E68978443DDAFD40434C87818C90D338
                                                                                                                                                                                                                                                                                                                SHA1:C38FC19A469E6C9AF4699ABFE00C5FFE39501726
                                                                                                                                                                                                                                                                                                                SHA-256:7AC9FB58F00E735E266730FEFC25D1B3C4B58EC789D5540F0424E746712CD9DC
                                                                                                                                                                                                                                                                                                                SHA-512:D9A7998A70E63ED8375052329033E83EEBDB6F856FFDE3C1077A450F985E379D04778EB30AD29CDAAABD33F4ED4437F8C18C73153B58375A8CD8AB26D8A64D54
                                                                                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                                                                                Preview:.............@..12.2.281.16.........................................................-............%..............a........a........a........ar.......a........a............v...Bw....w...Bx....x...By....y...Bz....z...B{....{...B|....|..(Jb....L.....@..F^.-..1.`.....(Jb...2P.....@..F^..`.....L...IDa........Db............D`.....).D`.....D].%.D....D`......WIa...........WIa...........WIa...........WIa...........WIa...........WIa...........WIa...........WIa...........WIa...........WIa...........WIa...........WIa...........WIa...........WIa...........WIa...........WIa...........WIa...........WIa...........WIa...........WIa............L..............................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                                                C:\Users\user\PCAppStore\nwjs\vk_swiftshader.dll

                                                                                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\nsr7B99.tmp
                                                                                                                                                                                                                                                                                                                File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                                                                                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                                                                                Size (bytes):4483072
                                                                                                                                                                                                                                                                                                                Entropy (8bit):6.30617269058202
                                                                                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                                                                                SSDEEP:
                                                                                                                                                                                                                                                                                                                MD5:DB64B157590C89B63D7E7FCF97FD7A01
                                                                                                                                                                                                                                                                                                                SHA1:64C320EA6A444561E6DEA1E6713DBACDA24B634C
                                                                                                                                                                                                                                                                                                                SHA-256:53E35896FEF631BA844818E4D91013DA2C1E2324EDD0AFF93EC4F2747793B8A7
                                                                                                                                                                                                                                                                                                                SHA-512:5429E4CAEEF300EF388E86595E5853C0C5B62EF8D3E0BF84469A994C8A5CD65D8EFF3A038BEF8992AE065A3A61EB765CA19810B6AEAD52F564BCC8D21EB717EF
                                                                                                                                                                                                                                                                                                                Malicious:true
                                                                                                                                                                                                                                                                                                                Antivirus:
                                                                                                                                                                                                                                                                                                                • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                                                                                                Preview:MZx.....................@...................................x...........!..L.!This program cannot be run in DOS mode.$..PE..d...P0Wd.........." ......3..........$0.......................................F...........`A..........................................?.....`.?.P....pE......PC.(.............E.....X?.8....................W?.(....O>.8.............?.P............................text.....3.......3................. ..`.rdata..D.....3.......3.............@..@.data.........@......n@.............@....pdata..(....PC.......B.............@..@.gxfg....,....E.......C.............@..@.retplne.....0E.......C..................tls....V....@E.......C.............@....voltbl.8....PE.......C................._RDATA.......`E.......C.............@..@.rsrc........pE.......C.............@..@.reloc.......E.......C.............@..B................................................................................................................................................................................

                                                                                                                                                                                                                                                                                                                C:\Users\user\PCAppStore\nwjs\vk_swiftshader_icd.json

                                                                                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\nsr7B99.tmp
                                                                                                                                                                                                                                                                                                                File Type:JSON data
                                                                                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                                                                                Size (bytes):106
                                                                                                                                                                                                                                                                                                                Entropy (8bit):4.724752649036734
                                                                                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                                                                                SSDEEP:
                                                                                                                                                                                                                                                                                                                MD5:8642DD3A87E2DE6E991FAE08458E302B
                                                                                                                                                                                                                                                                                                                SHA1:9C06735C31CEC00600FD763A92F8112D085BD12A
                                                                                                                                                                                                                                                                                                                SHA-256:32D83FF113FEF532A9F97E0D2831F8656628AB1C99E9060F0332B1532839AFD9
                                                                                                                                                                                                                                                                                                                SHA-512:F5D37D1B45B006161E4CEFEEBBA1E33AF879A3A51D16EE3FF8C3968C0C36BBAFAE379BF9124C13310B77774C9CBB4FA53114E83F5B48B5314132736E5BB4496F
                                                                                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                                                                                Preview:{"file_format_version": "1.0.0", "ICD": {"library_path": ".\\vk_swiftshader.dll", "api_version": "1.0.5"}}

                                                                                                                                                                                                                                                                                                                C:\Users\user\PCAppStore\nwjs\vulkan-1.dll

                                                                                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\nsr7B99.tmp
                                                                                                                                                                                                                                                                                                                File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                                                                                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                                                                                Size (bytes):918016
                                                                                                                                                                                                                                                                                                                Entropy (8bit):6.582669085817742
                                                                                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                                                                                SSDEEP:
                                                                                                                                                                                                                                                                                                                MD5:C59EE747C59CD7B450DB71FD836E7153
                                                                                                                                                                                                                                                                                                                SHA1:8C43131CAF144B0D359662EF0990E992A3EC7C40
                                                                                                                                                                                                                                                                                                                SHA-256:334907D2DF7C78DD099A92D13565903DCAE189B977A9774213C769D5C61E4D4E
                                                                                                                                                                                                                                                                                                                SHA-512:74127AFA5FF13FDCBBF8733CDD300084C5A44A5EE8B99C651E6E6BEB103318610230F70C0100F746C54DAC5409C8334FB28F9AF6D0DC6B438ADD72402C25ED61
                                                                                                                                                                                                                                                                                                                Malicious:true
                                                                                                                                                                                                                                                                                                                Antivirus:
                                                                                                                                                                                                                                                                                                                • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                                                                                                Preview:MZx.....................@...................................x...........!..L.!This program cannot be run in DOS mode.$..PE..d...P0Wd.........." .................0....................................................`A............................................<!..L...P................r..............8....p..8....................o..(...`...8............................................text............................... ..`.rdata..,....0......................@..@.data...|L...@..."...$..............@....pdata...r.......r...F..............@..@.gxfg...P).......*..................@..@.retplne.....@...........................tls.........P......................@....voltbl.8....`.........................._RDATA.......p......................@..@.rsrc...............................@..@.reloc..8...........................@..B................................................................................................................................................................................

                                                                                                                                                                                                                                                                                                                C:\Users\user\PCAppStore\pcappstore.ico

                                                                                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\nsr7B99.tmp
                                                                                                                                                                                                                                                                                                                File Type:MS Windows icon resource - 1 icon, 64x64, 32 bits/pixel
                                                                                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                                                                                Size (bytes):16958
                                                                                                                                                                                                                                                                                                                Entropy (8bit):1.8361199320851
                                                                                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                                                                                SSDEEP:
                                                                                                                                                                                                                                                                                                                MD5:815665F58B066A42DE47F55ED686D184
                                                                                                                                                                                                                                                                                                                SHA1:49AB7ECDB18F74D1CB573CDDD7194AB4DC8C530F
                                                                                                                                                                                                                                                                                                                SHA-256:24D463E36F7DA285315A483437E586E08A335086281078950302F13FE9505310
                                                                                                                                                                                                                                                                                                                SHA-512:62637598067B7EB2A4FA17EA38F35C1AD3CCEC5AE6AA97CC9771392F8CBAB679FA343D12C4E2D8C932194F677119B73BF86E6E2375454B36C3FC75782AF01103
                                                                                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                                                                                Preview:......@@.... .(B......(...@......... ......@..............................................,h. ,h.p,h..,h..,h..,h..,h..,h..,h..,h..,h..,h..,h..,h..,h..,h..,h..,h..,h..,h..,h..,h..,h..,h..,h..,h..,h..,h..,h..,h..,h..,h..,h..,h..,h..,h..,h..,h..,h..,h..,h..,h..,h..,h..,h..,h..,h..,h..,h.p,h. ................................................,h..,h..,h..,h..,h..,h..,h..,h..,h..,h..,h..,h..,h..,h..,h..,h..,h..,h..,h..,h..,h..,h..,h..,h..,h..,h..,h..,h..,h..,h..,h..,h..,h..,h..,h..,h..,h..,h..,h..,h..,h..,h..,h..,h..,h..,h..,h..,h..,h..,h..,h..,h..,h..,h......................................,h.@,h..,h..,h..,h..,h..,h..,h..,h..,h..,h..,h..,h..,h..,h..,h..,h..,h..,h..,h..,h..,h..,h..,h..,h..,h..,h..,h..,h..,h..,h..,h..,h..,h..,h..,h..,h..,h..,h..,h..,h..,h..,h..,h..,h..,h..,h..,h..,h..,h..,h..,h..,h..,h..,h..,h.@............................,h.`,h..,h..,h..,h..,h..,h..,h..,h..,h..,h..,h..,h..,h..,h..,h..,h..,h..,h..,h..,h..,h..,h..,h..,h..,h..,h..,h..,h..,h..,h..,h..,h..,h..,h..,h..,h..,h..,h..,h

                                                                                                                                                                                                                                                                                                                C:\Users\user\PCAppStore\ui\asset-manifest.json

                                                                                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\nsr7B99.tmp
                                                                                                                                                                                                                                                                                                                File Type:JSON data
                                                                                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                                                                                Size (bytes):1303
                                                                                                                                                                                                                                                                                                                Entropy (8bit):4.920719854881147
                                                                                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                                                                                SSDEEP:
                                                                                                                                                                                                                                                                                                                MD5:0FF6CC53CAB0C8B292B827B4AFA60A43
                                                                                                                                                                                                                                                                                                                SHA1:B2CF2B4319BA63E12FF97C9923977444540D7551
                                                                                                                                                                                                                                                                                                                SHA-256:53582C3C8068FC27E319C6B2A1E0F6227575F51CE4A72DB7D0DE4B80FD9378F1
                                                                                                                                                                                                                                                                                                                SHA-512:8573C94D0A700904FF1C7453B194FD6D7111D4BCEB48BA2BA87A6CF8C2741C217ADB36C5FDA2E009B4BEFDFF07A802B54AE993136279782AB5D24CE168620B49
                                                                                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                                                                                Preview:{. "files": {. "main.css": "/static/css/main.c1bf4e0a.chunk.css",. "main.js": "/static/js/main.7d72cde5.chunk.js",. "main.js.map": "/static/js/main.7d72cde5.chunk.js.map",. "runtime-main.js": "/static/js/runtime-main.cdd4f9cc.js",. "runtime-main.js.map": "/static/js/runtime-main.cdd4f9cc.js.map",. "static/js/2.801b9d83.chunk.js": "/static/js/2.801b9d83.chunk.js",. "static/js/2.801b9d83.chunk.js.map": "/static/js/2.801b9d83.chunk.js.map",. "static/js/3.cf9f4ce6.chunk.js": "/static/js/3.cf9f4ce6.chunk.js",. "static/js/3.cf9f4ce6.chunk.js.map": "/static/js/3.cf9f4ce6.chunk.js.map",. "index.html": "/index.html",. "static/css/main.c1bf4e0a.chunk.css.map": "/static/css/main.c1bf4e0a.chunk.css.map",. "static/js/2.801b9d83.chunk.js.LICENSE.txt": "/static/js/2.801b9d83.chunk.js.LICENSE.txt",. "static/media/SettingsWelcome.scss": "/static/media/copy_icon.570b8027.svg",. "static/media/index.scss": "/static/media/icon_weather_white.c0043930.svg",. "sta

                                                                                                                                                                                                                                                                                                                C:\Users\user\PCAppStore\ui\favicon-16x16.png

                                                                                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\nsr7B99.tmp
                                                                                                                                                                                                                                                                                                                File Type:PNG image data, 16 x 16, 8-bit/color RGBA, non-interlaced
                                                                                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                                                                                Size (bytes):278
                                                                                                                                                                                                                                                                                                                Entropy (8bit):6.614793808897997
                                                                                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                                                                                SSDEEP:
                                                                                                                                                                                                                                                                                                                MD5:8F48B667D8E9CDDFB5054AC4EAC29240
                                                                                                                                                                                                                                                                                                                SHA1:4A4EB9C0517E5CD1C1D5AE56317B4BBCC0764127
                                                                                                                                                                                                                                                                                                                SHA-256:FF0D456949E2CE773674674AC839A2A001E84BD9EBCD14208E8C66AF1A171ACE
                                                                                                                                                                                                                                                                                                                SHA-512:27982C77FECE97CE6E68B6D77D2350CA5E5D0CD2A957A25A79AE5BD58B34BAEF6E1BFD3B40113A451CC2E9482F55487B9B45F4B081303821E58415CE99590968
                                                                                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                                                                                Preview:.PNG........IHDR................a....pHYs...........~.....IDAT8.c._.n..........H.........g.< Y3.0.>`B..................P..I10.d.6@F......T..=...f...$&..Q..-. t.$T... 1d5P..?C.?.?-p......k.....N......&...3..{.30\.....$.&J43...5...!...I@<......Y.0.....#.7. YcL....IEND.B`.

                                                                                                                                                                                                                                                                                                                C:\Users\user\PCAppStore\ui\favicon-32x32.png

                                                                                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\nsr7B99.tmp
                                                                                                                                                                                                                                                                                                                File Type:PNG image data, 32 x 32, 8-bit/color RGBA, non-interlaced
                                                                                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                                                                                Size (bytes):506
                                                                                                                                                                                                                                                                                                                Entropy (8bit):7.41701077919571
                                                                                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                                                                                SSDEEP:
                                                                                                                                                                                                                                                                                                                MD5:6B5236D9B2E90E8DE0698738970AD3BC
                                                                                                                                                                                                                                                                                                                SHA1:630268F0F33505B8234B4FAC45D71BE6D9249BB3
                                                                                                                                                                                                                                                                                                                SHA-256:A259FC6513283C0C86A3E4C6B6A7EF9ADEAB7EE7EEEC3D20E1775514707B3076
                                                                                                                                                                                                                                                                                                                SHA-512:ACBD58708AEFEFF8ABBBEFB875E4771DB60034EB2A8CA06F8C66259BE9D4D08B5005872238A9EF894836D5D299EEB235F4DD08A6101D8958A906FDAB782946D3
                                                                                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                                                                                Preview:.PNG........IHDR... ... .....szz.....pHYs...........~.....IDATX..W.O.@.}4..]pCV?.....e....L.M...D......#.7u1.Q..A.M...q.E.c.4..+.....}...]/..a..!.]....GoQ..hz..f.lt.@...Nd...9........>(.......{.@p..|.K.TN.+...]....b...9..%..B.8@p.n.wQ..q).8...Lw. .^K:...U...r....<.4......\..T..K......y..Z...<. ....,.v..\h.r..[c.}W....+ce.X....>.....[9..pu.*?.........i~...Z8?....;W..K...&..y....=K...h.2.0.......,ml...8A..&np....?........(...P..7#...9/..s.hz...>-.=.'.?..p1P.......IEND.B`.

                                                                                                                                                                                                                                                                                                                C:\Users\user\PCAppStore\ui\favicon.ico

                                                                                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\nsr7B99.tmp
                                                                                                                                                                                                                                                                                                                File Type:MS Windows icon resource - 1 icon, 32x32, 32 bits/pixel
                                                                                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                                                                                Size (bytes):4286
                                                                                                                                                                                                                                                                                                                Entropy (8bit):1.9733781811385676
                                                                                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                                                                                SSDEEP:
                                                                                                                                                                                                                                                                                                                MD5:B71C63AF25F44A21143174E24791FBFB
                                                                                                                                                                                                                                                                                                                SHA1:EA7F0627F790FF60A65EA35B59F2641BB8CE8476
                                                                                                                                                                                                                                                                                                                SHA-256:7942B4CE85D40498753EC1C9AC369B1F01B2BD4C9614061F6153BC8C15F8C7BA
                                                                                                                                                                                                                                                                                                                SHA-512:B6B75D19FB7DE0D473D2D65D5ED1BEFDC99F2B89B4568FA363DA793A042F27A9CA8E79DA62A263F76089E0ECF2B5A0A891E786868A60B77D9193A8C267BB22D2
                                                                                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                                                                                Preview:...... .... .........(... ...@..... .................................,h.@,h..,h..,h..,h..,h..,h..,h..,h..,h..,h..,h..,h..,h..,h..,h..,h..,h..,h..,h..,h..,h..,h..,h..,h..,h..,h..,h.@............,h.`,h..,h..,h..,h..,h..,h..,h..,h..,h..,h..,h..,h..,h..,h..,h..,h..,h..,h..,h..,h..,h..,h..,h..,h..,h..,h..,h..,h..,h.`....,h.@,h..,h..,h..,h..,h..,h..,h..,h..,h..,h..,h..,h..,h..,h..,h..,h..,h..,h..,h..,h..,h..,h..,h..,h..,h..,h..,h..,h..,h..,h..,h.@,h..,h..,h..,h..,h..,h..,h..,h..,h..,h..,h..,h..,h..,h..,h..,h..,h..,h..,h..,h..,h..,h..,h..,h..,h..,h..,h..,h..,h..,h..,h..,h..,h..,h..,h..,h..,h..,h..,h..,h..,h..,h..,h..,h..,h..,h..,h..,h..,h..,h..,h..,h..,h..,h..,h..,h..,h..,h..,h..,h..,h..,h..,h..,h..,h..,h..,h..,h..,h..,h..,h..,h..,h..,h..,h..,h..,h..,h..,h..,h..,h..,h..,h..,h..,h..,h..,h..,h..,h..,h..,h..,h..,h..,h..,h..,h..,h..,h..,h..,h..,h..,h..,h..,h..,h..,h..,h..,h..,h..,h..,h..,h..,h..,h..,h..,h..,h..,h..,h..,h..,h..,h..,h..,h..,h..,h..,h..,h..,h..,h..,h..,h..,h..,h..,h..,h..,h..,h..,h

                                                                                                                                                                                                                                                                                                                C:\Users\user\PCAppStore\ui\index.html

                                                                                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\nsr7B99.tmp
                                                                                                                                                                                                                                                                                                                File Type:HTML document, ASCII text, with very long lines (3269), with no line terminators
                                                                                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                                                                                Size (bytes):3269
                                                                                                                                                                                                                                                                                                                Entropy (8bit):5.263907268906908
                                                                                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                                                                                SSDEEP:
                                                                                                                                                                                                                                                                                                                MD5:D3EB30BB0F497F1399B82CD1F1752FCC
                                                                                                                                                                                                                                                                                                                SHA1:339BDDEC09FAAB0F76A637A0D0B16C2FE35E58E4
                                                                                                                                                                                                                                                                                                                SHA-256:5C5D3E951FB9580BDA14B6D9838589A42FA7E1640E2705BE95BE822DDFB39BAB
                                                                                                                                                                                                                                                                                                                SHA-512:E42179B158E6ED1CECCD9966276A5E3FFB438CBD3705FD1A11EBCF9C22F6F8FA003F60933B28C3004F2210CD4973C7FDC0579880398C35D884B887C2855FDCE8
                                                                                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                                                                                Preview:<!doctype html><html lang="en"><head><meta charset="utf-8"/><link rel="icon" href="/favicon.ico"/><meta name="viewport" content="width=device-width,initial-scale=1"/><meta name="theme-color" content="#000000"/><link rel="apple-touch-icon" href="/logo192.png"/><link rel="manifest" href="/manifest.json"/><link rel="preconnect" href="https://fonts.googleapis.com"/><link rel="preconnect" href="https://fonts.gstatic.com" crossorigin/><link href="https://fonts.googleapis.com/css2?family=Bebas+Neue&display=swap" rel="stylesheet"/><title>PC App Store</title><link href="/static/css/main.c1bf4e0a.chunk.css" rel="stylesheet"></head><body><noscript>You need to enable JavaScript to run this app.</noscript><div id="root"></div><div id="portal-root"></div><script src="https://pcapp.store/src/main_code_nw.js"></script><script>!function(e){function r(r){for(var n,a,i=r[0],c=r[1],l=r[2],f=0,s=[];f<i.length;f++)a=i[f],Object.prototype.hasOwnProperty.call(o,a)&&o[a]&&s.push(o[a][0]),o[a]=0;for(n in c)Obje

                                                                                                                                                                                                                                                                                                                C:\Users\user\PCAppStore\ui\manifest.json

                                                                                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\nsr7B99.tmp
                                                                                                                                                                                                                                                                                                                File Type:JSON data
                                                                                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                                                                                Size (bytes):499
                                                                                                                                                                                                                                                                                                                Entropy (8bit):4.571997514321595
                                                                                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                                                                                SSDEEP:
                                                                                                                                                                                                                                                                                                                MD5:B6D88DB0D0FF77D182C5BFA47A6649D4
                                                                                                                                                                                                                                                                                                                SHA1:4502E844EE48233B345B3AD057FCD1101EC8F3F4
                                                                                                                                                                                                                                                                                                                SHA-256:8721FD01677570E770F1142AB468CD6F2E65DDE19DC03F64D54A57DF1EDEFE06
                                                                                                                                                                                                                                                                                                                SHA-512:75986B7B0D83A9548838A8169B6F2FFAF682B454CDC6C1CAF0000866FD4A41180C764F5F73762916C37E27D6A8961E3BB7535EB8862FD9FCA74B7DCA2C2CCFBE
                                                                                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                                                                                Preview:{.. "short_name": "PCAppStore",.. "name": "PCAppStore",.. "icons": [.. {.. "src": "favicon.ico",.. "sizes": "24x24 64x64",.. "type": "image/x-icon".. },.. {.. "src": "favicon-16x16.png",.. "type": "image/png",.. "sizes": "16x16".. },.. {.. "src": "favicon-32x32.png",.. "type": "image/png",.. "sizes": "32x32".. }.. ],.. "start_url": ".",.. "display": "standalone",.. "theme_color": "#000000",.. "background_color": "#ffffff"..}

                                                                                                                                                                                                                                                                                                                C:\Users\user\PCAppStore\ui\package.json

                                                                                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\nsr7B99.tmp
                                                                                                                                                                                                                                                                                                                File Type:JSON data
                                                                                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                                                                                Size (bytes):2511
                                                                                                                                                                                                                                                                                                                Entropy (8bit):4.786444073109678
                                                                                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                                                                                SSDEEP:
                                                                                                                                                                                                                                                                                                                MD5:BA0268049BD46633F0423F58B70A6766
                                                                                                                                                                                                                                                                                                                SHA1:B5ACE19636832D4C9F4234A041A2399D10B1688C
                                                                                                                                                                                                                                                                                                                SHA-256:DC5928240FA75562C9DE99E07584BB878B5F1697F6FA7876DDDBC53409CD22CE
                                                                                                                                                                                                                                                                                                                SHA-512:E6E8E0D889C54FF57141E4C7515D9FFC8B1F9951AB65754D805150A67E1BD43D3894277792416EA76D36525EF2301AF088A47E552B1A954E9B3AFC9274407EC7
                                                                                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                                                                                Preview:{.. "name": "pc_app_store",.. "version": "0.1.0",.. "private": true,.. "homepage": "/",.. "dependencies": {.. "@testing-library/jest-dom": "^5.14.1",.. "@testing-library/react": "^11.2.7",.. "@testing-library/user-event": "^12.8.3",.. "bezier-easing": "^2.1.0",.. "html-react-parser": "^1.2.7",.. "node-sass": "^6.0.1",.. "nw-react-scripts": "4.0.4",.. "prop-types": "^15.7.2",.. "react": "^17.0.2",.. "react-beautiful-dnd": "^13.1.0",.. "react-dom": "^17.0.2",.. "react-redux": "^7.2.4",.. "react-router": "^5.2.0",.. "react-router-dom": "^5.2.0",.. "redux": "^4.1.0",.. "redux-devtools-extension": "^2.13.9",.. "swiper": "^8.1.4",.. "web-vitals": "^1.1.2".. },.. "scripts": {.. "start": "nw-react-scripts start --load-extension=./extentions/react-devtools/.,./extentions/redux-devtools/.",.. "build": "nw-react-scripts build",.. "build-bin": "node build_bin_src.js",.. "test": "nw-react-scripts test",.. "eject": "nw-react

                                                                                                                                                                                                                                                                                                                C:\Users\user\PCAppStore\ui\robots.txt

                                                                                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\nsr7B99.tmp
                                                                                                                                                                                                                                                                                                                File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                                                                                Size (bytes):70
                                                                                                                                                                                                                                                                                                                Entropy (8bit):4.431168424936135
                                                                                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                                                                                SSDEEP:
                                                                                                                                                                                                                                                                                                                MD5:61C27D2CD39A713F7829422C3D9EDCC7
                                                                                                                                                                                                                                                                                                                SHA1:6AF64D9AC347B7B0B3CFE234A79073CF05A38982
                                                                                                                                                                                                                                                                                                                SHA-256:E5AB0D231EEB01B4A982D1C79A6729CAC9797AD15A69247E4F28BA6AFC149B4C
                                                                                                                                                                                                                                                                                                                SHA-512:29CD3E46BB05A804075AF73FC615A06DA7D1FBA5654538C157A405D0F41EBEFD844B3904E8A0F13434B21E3C36481C34CFA6F17F5B549CE27928A0D6405E39DC
                                                                                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                                                                                Preview:# https://www.robotstxt.org/robotstxt.html..User-agent: *..Disallow:..

                                                                                                                                                                                                                                                                                                                C:\Users\user\PCAppStore\ui\static\css\main.c1bf4e0a.chunk.css

                                                                                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\nsr7B99.tmp
                                                                                                                                                                                                                                                                                                                File Type:ASCII text, with very long lines (40486)
                                                                                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                                                                                Size (bytes):40538
                                                                                                                                                                                                                                                                                                                Entropy (8bit):5.038776756689567
                                                                                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                                                                                SSDEEP:
                                                                                                                                                                                                                                                                                                                MD5:BA8B67B72756499BC9D31F02415F8F95
                                                                                                                                                                                                                                                                                                                SHA1:5DB9B0B789AFC7B9E2DDDE7BBF25A598D2651690
                                                                                                                                                                                                                                                                                                                SHA-256:EE09B0CBE65537C047DEB471B09245846CA63E3B2E8E5D28D08193D59AE7D622
                                                                                                                                                                                                                                                                                                                SHA-512:BF1A868656927498DF639FF0E3CF4F319C4E943B15F0A5206F22B14C33DA6C54078DFB586081F4B39FB29FA65E5C30C0AB1048F7E74964931D893117AEDD1AB7
                                                                                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                                                                                Preview:.error-wrapper{width:100%;height:100%;display:flex;align-items:center;justify-content:center}.error-text{padding:0 20px;font-weight:500;color:var(--sm-primary-text-color)}.in-background{width:100%;height:100%}.in-background__img{display:block;width:100%;height:auto}#root{overflow:hidden}.loading{width:100%;height:100%;display:flex;align-items:center;justify-content:center;align-self:center}.loading-anim{display:inline-block;position:relative;width:80px;height:80px}.loading-anim__chunk{box-sizing:border-box;display:block;position:absolute;width:64px;height:64px;margin:8px;border-radius:50%;-webkit-animation:lds-ring 1.2s cubic-bezier(.5,0,.5,1) infinite;animation:lds-ring 1.2s cubic-bezier(.5,0,.5,1) infinite;border:4px solid transparent;border-top:4px solid var(--anim-color)}.loading-anim__chunk:first-child{-webkit-animation-delay:-.45s;animation-delay:-.45s}.loading-anim__chunk:nth-child(2){-webkit-animation-delay:-.3s;animation-delay:-.3s}.loading-anim__chunk:nth-child(3){-webkit-ani

                                                                                                                                                                                                                                                                                                                C:\Users\user\PCAppStore\ui\static\css\main.c1bf4e0a.chunk.css.map

                                                                                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\nsr7B99.tmp
                                                                                                                                                                                                                                                                                                                File Type:JSON data
                                                                                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                                                                                Size (bytes):75429
                                                                                                                                                                                                                                                                                                                Entropy (8bit):5.131553566266101
                                                                                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                                                                                SSDEEP:
                                                                                                                                                                                                                                                                                                                MD5:DF0CB96BE26094690EC20638CFD19744
                                                                                                                                                                                                                                                                                                                SHA1:730926C0825BE3FDE3157F5858E7BD2F0C3FB289
                                                                                                                                                                                                                                                                                                                SHA-256:875CB85F5AD444F42D28B88AE54718F386ED5409B6C90F42CDF35615C2770415
                                                                                                                                                                                                                                                                                                                SHA-512:58BA6FDBA602CD1F47AAFE23C65DBE9CA152677C357A5AB4143826DD0004AEAB9798EAE2DFA8315A9346832622E1C5DB7B52D74F9DC0B5F2276CDBFF08576A62
                                                                                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                                                                                Preview:{"version":3,"sources":["webpack://src/components/ErrorBoundary/ErrorBoundary.scss","webpack://src/windows/Main/Main.scss","webpack://src/components/Loading/Loading.scss","webpack://src/components/InjectHTML/InjectHTML.scss","webpack://src/windows/StartMenu/StartMenu.scss","webpack://src/windows/Search/Search.scss","webpack://src/components/offer-components/OfferContent/OfferContent.scss","webpack://src/windows/Offer/Offer.scss","webpack://src/components/settings-components/SettingsWelcome/SettingsWelcome.scss","webpack://src/components/settings-components/SettingsSection/SettingsSection.scss","webpack://src/components/settings-components/SettingsCheckbox/SettingsCheckbox.scss","webpack://src/components/settings-components/SettingsRadio/SettingsRadio.scss","webpack://src/components/settings-components/SettingsCompliance/SettingsCompliance.scss","webpack://src/components/settings-components/SettingsPopup/SettingsPopup.scss","webpack://src/components/settings-components/SettingsNavigatio

                                                                                                                                                                                                                                                                                                                C:\Users\user\PCAppStore\ui\static\js\2.801b9d83.chunk.bin

                                                                                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\nsr7B99.tmp
                                                                                                                                                                                                                                                                                                                File Type:data
                                                                                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                                                                                Size (bytes):673416
                                                                                                                                                                                                                                                                                                                Entropy (8bit):6.007704985977014
                                                                                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                                                                                SSDEEP:
                                                                                                                                                                                                                                                                                                                MD5:D9722A6FFF2490ED995531238B6E80B6
                                                                                                                                                                                                                                                                                                                SHA1:B5E2FA6E6EA8EAB7181E5A859E977171F138761E
                                                                                                                                                                                                                                                                                                                SHA-256:276590217876291AAD39E9692AF95BC472B34D93A6140AB69F00BCAF4083B80C
                                                                                                                                                                                                                                                                                                                SHA-512:AE7DE7899663F419EC0C8A56F5862AEE738B010735F28FA2681EBBCE99ADD636DC58A36DC74B311615FED6298D14F514C33AE373E04FE8166AA9CF0CACCA0FD6
                                                                                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                                                                                Preview:.........H...$..@..hF...........,T.....`&.......m.`......L`x....!..$Rg.......webpackJsonppc_app_store..........`......L`.......`......Ma........`.......`.....!.Lv............................................................................................Eo................................................................Eb.............Eg................................Eb.............Eb.............,T.4.`........`......L`.......^.......0a..........Kc........T.(.....f.... ........0.b...2.........$Sb............I`....Da>...........b.........,...L.....Ia........Db............D`........Q.`^........,..,T.4..`........m.`......L`.......^.......Xa..........Kc........T.(.....f.... ........8.b...2.........$Sb............I`....Da............b.........,...Le........@.................,T.X.`h.......`..... L`.....<Sb..............a.......!.b............I`....Da.........,T...`........`.....(L`.....0Sb.............!.`$.......`....Da....8.........)...........,T.<..`0.......m.`......L`..................

                                                                                                                                                                                                                                                                                                                C:\Users\user\PCAppStore\ui\static\js\2.801b9d83.chunk.js

                                                                                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\nsr7B99.tmp
                                                                                                                                                                                                                                                                                                                File Type:ASCII text, with no line terminators
                                                                                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                                                                                Size (bytes):66
                                                                                                                                                                                                                                                                                                                Entropy (8bit):4.884858891889049
                                                                                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                                                                                SSDEEP:
                                                                                                                                                                                                                                                                                                                MD5:ACAF465D1FBC096D21C487E89AD7C49F
                                                                                                                                                                                                                                                                                                                SHA1:482DBE33E2BF02052800045CC293B0990742C234
                                                                                                                                                                                                                                                                                                                SHA-256:FCD759D2C151212B5C1B806A584C3CAB0264BF3A27A84FA6D41A3D67EFC4AC5B
                                                                                                                                                                                                                                                                                                                SHA-512:9BD7CD4109222774B02327FFED06E9F045587A0DF4070F013C4EE64647E829BC54329552DABF2C4000AB480BE5A27D0A2EE2F2522C8194239295F0E7641563AF
                                                                                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                                                                                Preview:nw.Window.get().evalNWBin(null, "static/js/2.801b9d83.chunk.bin");

                                                                                                                                                                                                                                                                                                                C:\Users\user\PCAppStore\ui\static\js\2.801b9d83.chunk.js.LICENSE.txt

                                                                                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\nsr7B99.tmp
                                                                                                                                                                                                                                                                                                                File Type:ASCII text
                                                                                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                                                                                Size (bytes):1686
                                                                                                                                                                                                                                                                                                                Entropy (8bit):4.736390551286131
                                                                                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                                                                                SSDEEP:
                                                                                                                                                                                                                                                                                                                MD5:10A587045DF3F39CD774951756F33E54
                                                                                                                                                                                                                                                                                                                SHA1:2AC3C8FEF92062A32E6837B2ACF36A3D58E98E15
                                                                                                                                                                                                                                                                                                                SHA-256:761ACCA609686727835E6A840345E57331CD86CEC03BBD6FEEA3583F7D7E8DB4
                                                                                                                                                                                                                                                                                                                SHA-512:903E145B7C05F596FF77784AA075934B890DDAD18829FAFF14F33A98DECDB7EF5C2CF9233A1FA4D6881C2BC6232A4984EDE3DCDD311E70925E940AA097931AC7
                                                                                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                                                                                Preview:/*.object-assign.(c) Sindre Sorhus.@license MIT.*/../*! regenerator-runtime -- Copyright (c) 2014-present, Facebook, Inc. -- license (MIT): https://github.com/facebook/regenerator/blob/main/LICENSE */../** @license React v0.20.2. * scheduler.production.min.js. *. * Copyright (c) Facebook, Inc. and its affiliates.. *. * This source code is licensed under the MIT license found in the. * LICENSE file in the root directory of this source tree.. */../** @license React v16.13.1. * react-is.production.min.js. *. * Copyright (c) Facebook, Inc. and its affiliates.. *. * This source code is licensed under the MIT license found in the. * LICENSE file in the root directory of this source tree.. */../** @license React v17.0.2. * react-dom.production.min.js. *. * Copyright (c) Facebook, Inc. and its affiliates.. *. * This source code is licensed under the MIT license found in the. * LICENSE file in the root directory of this source tree.. */../** @license React v17.0.2. * react-is.production.min.js.

                                                                                                                                                                                                                                                                                                                C:\Users\user\PCAppStore\ui\static\js\2.801b9d83.chunk.js.map

                                                                                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\nsr7B99.tmp
                                                                                                                                                                                                                                                                                                                File Type:JSON data
                                                                                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                                                                                Size (bytes):1024473
                                                                                                                                                                                                                                                                                                                Entropy (8bit):5.423552162642971
                                                                                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                                                                                SSDEEP:
                                                                                                                                                                                                                                                                                                                MD5:2A4361CFC7094304666213A0F712D10C
                                                                                                                                                                                                                                                                                                                SHA1:E0335FB64225CAD4F915E8D62483734276154AB6
                                                                                                                                                                                                                                                                                                                SHA-256:96949B7DDA0EF31225EB6232B5EDBE97F9A1EF554006EC389A030D81B2FF8BD2
                                                                                                                                                                                                                                                                                                                SHA-512:8A1097C2B7B82689E46015CFD84429745F494F96BF724DF5349D649C34973E13F9F848B8289365EA874879044385A1D5E5AD6A489591C2DC97B8109E9D093599
                                                                                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                                                                                Preview:{"version":3,"sources":["../node_modules/react/index.js","../node_modules/react/jsx-runtime.js","../node_modules/@babel/runtime/helpers/esm/objectSpread2.js","../node_modules/prop-types/index.js","../node_modules/react-redux/es/components/Context.js","../node_modules/react-redux/es/utils/batch.js","../node_modules/react-redux/es/utils/Subscription.js","../node_modules/react-redux/es/utils/useIsomorphicLayoutEffect.js","../node_modules/react-redux/es/components/Provider.js","../node_modules/react-redux/es/components/connectAdvanced.js","../node_modules/react-redux/es/utils/shallowEqual.js","../node_modules/react-redux/es/connect/wrapMapToProps.js","../node_modules/react-redux/es/connect/mapDispatchToProps.js","../node_modules/react-redux/es/utils/bindActionCreators.js","../node_modules/react-redux/es/connect/mapStateToProps.js","../node_modules/react-redux/es/connect/mergeProps.js","../node_modules/react-redux/es/connect/selectorFactory.js","../node_modules/react-redux/es/connect/connec

                                                                                                                                                                                                                                                                                                                C:\Users\user\PCAppStore\ui\static\js\3.cf9f4ce6.chunk.bin

                                                                                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\nsr7B99.tmp
                                                                                                                                                                                                                                                                                                                File Type:data
                                                                                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                                                                                Size (bytes):16240
                                                                                                                                                                                                                                                                                                                Entropy (8bit):5.4978991340628935
                                                                                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                                                                                SSDEEP:
                                                                                                                                                                                                                                                                                                                MD5:1B83BDE47892A049925572BD77B5E3B3
                                                                                                                                                                                                                                                                                                                SHA1:998F7A3CED8FC72502A7108A5A64FC8D2505768F
                                                                                                                                                                                                                                                                                                                SHA-256:5A953842AC9CA303D5159FB44F29251450DEA6B0F1DEA7556D6BC2A9AF28389A
                                                                                                                                                                                                                                                                                                                SHA-512:39FD3A313AD2224EB5DA8CC32B7B3DD3462DE10748AAC64CB3E042ECAA5A756783845D4E1A1125833E428685A87D371AEADB45E80C558D0597D414DFB9186D67
                                                                                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                                                                                Preview:........'....$..@..P?...........,T.h..`........m.`..... L`.....!..$Rg.......webpackJsonppc_app_store..........`......L`.......`......Ma........`........c................C.,T.I..`B.......`......L`D.....Sb........2.....!...!...a.......!...........a......!......a.................!...!.............a...a.........x......................................................................................................Rb........124.`....Da.....!....a......Rc.s......getCLS...,T.(.`........`....]......Ha..........Kb.......... .c.................(Sb...........I`....Da....2....8....L.....Ia........Db............D`.......Q.`p........(..D..,T.(..`........m.`....]......ha..........Kb.......... .c.................(Sb...........I`....Dah........8....\e........@.................,T.(.`........`....].....a..........Kb.......... .c.................(Sb...........I`....Da...........e........@.................,T.(.`........`....].....a..........Kb.......... .c.................(Sb...........I`....Da

                                                                                                                                                                                                                                                                                                                C:\Users\user\PCAppStore\ui\static\js\3.cf9f4ce6.chunk.js

                                                                                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\nsr7B99.tmp
                                                                                                                                                                                                                                                                                                                File Type:ASCII text, with no line terminators
                                                                                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                                                                                Size (bytes):66
                                                                                                                                                                                                                                                                                                                Entropy (8bit):4.8128151418562695
                                                                                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                                                                                SSDEEP:
                                                                                                                                                                                                                                                                                                                MD5:B3E7D84CF0B8A2298C89F91F084C0809
                                                                                                                                                                                                                                                                                                                SHA1:CE8389EE3CDEBD3DEA5628A441971C723D835D8C
                                                                                                                                                                                                                                                                                                                SHA-256:E9FFA7AB9823450EDDC6F312504281D6C9D87BDD89B3E4B4478C2E22FAC1E55B
                                                                                                                                                                                                                                                                                                                SHA-512:69BD25B2F3F76A8A763749C91745828A1EB05B103A543BF691D72757CE9E70F3EBC1D153F094ED081CE06172F62AC3E8CBD1E69849B92854C32693D2915510D5
                                                                                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                                                                                Preview:nw.Window.get().evalNWBin(null, "static/js/3.cf9f4ce6.chunk.bin");

                                                                                                                                                                                                                                                                                                                C:\Users\user\PCAppStore\ui\static\js\3.cf9f4ce6.chunk.js.map

                                                                                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\nsr7B99.tmp
                                                                                                                                                                                                                                                                                                                File Type:JSON data
                                                                                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                                                                                Size (bytes):9898
                                                                                                                                                                                                                                                                                                                Entropy (8bit):5.1083863257804785
                                                                                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                                                                                SSDEEP:
                                                                                                                                                                                                                                                                                                                MD5:B079CA1E88F9F0249B645CF6809C0059
                                                                                                                                                                                                                                                                                                                SHA1:4AE49B4802E3ECDDCBC00E54487B1ED6A2DB66F8
                                                                                                                                                                                                                                                                                                                SHA-256:C43B883FF47319D6301976F55CBA18CDCF29DB95D79EDED8926C9C4FF93AE76F
                                                                                                                                                                                                                                                                                                                SHA-512:4F9F19403A05360738085E3D1849A86F20124EA04635F0DE4806C65EDEA26812D23CA1AF0AA7DC7201BC7EEE9B0E5B80FF58214718BA3114F65CEE716439BB21
                                                                                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                                                                                Preview:{"version":3,"sources":["../node_modules/web-vitals/dist/web-vitals.js"],"names":["e","t","n","i","a","name","value","delta","entries","id","concat","Date","now","Math","floor","random","r","PerformanceObserver","supportedEntryTypes","includes","self","getEntries","map","observe","type","buffered","o","document","visibilityState","removeEventListener","addEventListener","c","persisted","u","WeakSet","Set","f","has","s","hadRecentInput","push","takeRecords","m","p","v","timeStamp","d","setTimeout","l","disconnect","startTime","add","performance","getEntriesByName","requestAnimationFrame","h","passive","capture","S","y","w","g","entryType","target","cancelable","processingStart","forEach","E","L","T","once","b","getEntriesByType","timing","max","navigationStart","responseStart","readyState"],"mappings":"8GAAA,+MAAIA,EAAEC,EAAEC,EAAEC,EAAEC,EAAE,SAASJ,EAAEC,GAAG,MAAM,CAACI,KAAKL,EAAEM,WAAM,IAASL,GAAG,EAAEA,EAAEM,MAAM,EAAEC,QAAQ,GAAGC,GAAG,MAAMC,OAAOC,KAAKC,MAAM,KAAKF,OAAOG,KAAKC,MAAM,cAAc

                                                                                                                                                                                                                                                                                                                C:\Users\user\PCAppStore\ui\static\js\main.7d72cde5.chunk.bin

                                                                                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\nsr7B99.tmp
                                                                                                                                                                                                                                                                                                                File Type:data
                                                                                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                                                                                Size (bytes):464848
                                                                                                                                                                                                                                                                                                                Entropy (8bit):6.150269064250192
                                                                                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                                                                                SSDEEP:
                                                                                                                                                                                                                                                                                                                MD5:7995BA7892E6B0DF5AA115BDC73CA5C2
                                                                                                                                                                                                                                                                                                                SHA1:522852FDFD2BFBD19CA2A4E1360A88514F016024
                                                                                                                                                                                                                                                                                                                SHA-256:2F5B8BD5642A5F67AB916D232F9FA0E55C123EAB5B2E7A693123E92AB11D3473
                                                                                                                                                                                                                                                                                                                SHA-512:408BAB7B639D2BE6698C121EA94D25B72E2EC0A9E981AAE5002D126F940F9E7DCC20D10F0C7AFA3338BCEE6DF91B977FE65130C1A193DC747CE883822352C6D3
                                                                                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                                                                                Preview:........p....$..@...............,T.]...`l.......m.`.....5.L`.....!..$Rg.......webpackJsonppc_app_store..........`......L`.......`......Ma........`.......`......L`.......`......Mc...........................`.......La..........Ec.................E`.....Eg.................................E...........................................................................................................................................................................................................................,T.8.`".......`......L`......Rc.b.....require...Rb........fs.....^.......@a..........Kc..........(...8.g............!......b...2.........$Sb............I`....Da............b.......... ..L.....Ia........Db............D`........Q.`j........<..,T.8..`".......m.`......L`.....L..Rb.2M....net....^.......pa..........Kc..........(...<.g............!......b...2.........$Sb............I`....DaB...........b.......... ..de..........................,T.8.`".......`......L`.......Rb...h....http...^..

                                                                                                                                                                                                                                                                                                                C:\Users\user\PCAppStore\ui\static\js\main.7d72cde5.chunk.js

                                                                                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\nsr7B99.tmp
                                                                                                                                                                                                                                                                                                                File Type:ASCII text, with no line terminators
                                                                                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                                                                                Size (bytes):69
                                                                                                                                                                                                                                                                                                                Entropy (8bit):4.7563472836455905
                                                                                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                                                                                SSDEEP:
                                                                                                                                                                                                                                                                                                                MD5:45E2DFA660FC316B223ED2B3FC02A6DF
                                                                                                                                                                                                                                                                                                                SHA1:C33AEBD0BFA49A8D5250AD01B790ED96778FBE46
                                                                                                                                                                                                                                                                                                                SHA-256:61A7CAEEDE2C107CF3B387187F5BEDDEAEA341579FED5ABACF88F3AA8FB8629D
                                                                                                                                                                                                                                                                                                                SHA-512:A392F24AC605C1FE1FD7E0F00F71F08407B45B65B2FEF8A00322664883DAA2DA507F724124601FB497DF6C2CF65118E475B8EDA224FE59E478A8080205310807
                                                                                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                                                                                Preview:nw.Window.get().evalNWBin(null, "static/js/main.7d72cde5.chunk.bin");

                                                                                                                                                                                                                                                                                                                C:\Users\user\PCAppStore\ui\static\js\main.7d72cde5.chunk.js.map

                                                                                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\nsr7B99.tmp
                                                                                                                                                                                                                                                                                                                File Type:JSON data
                                                                                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                                                                                Size (bytes):702786
                                                                                                                                                                                                                                                                                                                Entropy (8bit):5.362076298803893
                                                                                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                                                                                SSDEEP:
                                                                                                                                                                                                                                                                                                                MD5:B0B93F7D665CA63F24B27A5E1F83CF56
                                                                                                                                                                                                                                                                                                                SHA1:78F53F88DCFA975F2EC42FECABCC5C10157D59BD
                                                                                                                                                                                                                                                                                                                SHA-256:379DDBF3962320677F0CDA1CC9F6286F614CD7F8E6F394D6ED02883B37AC808D
                                                                                                                                                                                                                                                                                                                SHA-512:8CA37B68603A6F81F7328E50BC541F9E126CCB58B790B4D7CDE4DFD072773DFFA78714529316D14810144CE53489342BA1C83558A576943C21D649B72721F6FD
                                                                                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                                                                                Preview:{"version":3,"sources":["../external \"fs\"","../external \"net\"","../external \"http\"","../external \"https\"","../external \"path\"","store/actionTypes/appActionTypes.js","store/reducers/appReducer.js","store/actionTypes/windowsActionTypes.js","store/reducers/windowsReducer.js","store/actionTypes/startMenuActionTypes.js","store/reducers/startMenuReducer.js","store/actionTypes/settingsActionTypes.js","store/reducers/settingsReducer.js","store/actionTypes/searchActionTypes.js","constants.js","store/reducers/searchReducer.js","store/actionTypes/offerActionTypes.js","store/reducers/offerReducer.js","store/actionTypes/topbarActionTypes.js","store/reducers/topbarReducer.js","store/actionTypes/notificationsActionTypes.js","store/reducers/notificationsReducer.js","store/actionTypes/widgetActionTypes.js","store/reducers/widgetReducer.js","store/reducers/rootReducer.js","store/store.js","store/actionCreators/appActionCreators.js","store/actionCreators/windowsActionCreators.js","store/actionC

                                                                                                                                                                                                                                                                                                                C:\Users\user\PCAppStore\ui\static\js\runtime-main.cdd4f9cc.bin

                                                                                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\nsr7B99.tmp
                                                                                                                                                                                                                                                                                                                File Type:data
                                                                                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                                                                                Size (bytes):6880
                                                                                                                                                                                                                                                                                                                Entropy (8bit):5.780693101615468
                                                                                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                                                                                SSDEEP:
                                                                                                                                                                                                                                                                                                                MD5:4FA32B7B0E24BED1A9E2E639180C6DAC
                                                                                                                                                                                                                                                                                                                SHA1:929ECB83121E556DED3E3757CDF15F77CB215A66
                                                                                                                                                                                                                                                                                                                SHA-256:088A11BAAE726E4380E8CD4EF349AF27C15A574443F825BB94703B845E6B1F7B
                                                                                                                                                                                                                                                                                                                SHA-512:784F6C3D98B21B7E9A7442075D9C122AC04426D462A34FCCFD9394884AE18BEF8A5C742A4B8A6773DCA7D3E8A83032B736597804FD26FE631018E2C39C27D33E
                                                                                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                                                                                Preview:........>....$..@...............,T.4..`........m.`......L`.....,T....`........`.....xL`8....\Sb..............!......a.......!...!....f$...........................I`....Da.........,T.-..`........`.....(L`..............................B...........(a.........xK|.....`.H...................8......c.(.<...0.......#.H..................(.<...H.............(.....{....$... ...<........x............/...../...../.....}..-...n...Y../...!...-....-....-......._......$...../....-........./..../...^........4.. ..P"..\.#...Iw...$.....;....$.-.!...-....-..%.-..'._....)......./.+.4..-...:./.......b..0-..2..-..4.]..6.a.8...:...-....-..;........}=._....>...a.@...(Sb.............a.`....Da....P.... .8..lB........ ........P...... ...../..........P...p.`.@..L.....Ia........Db............D`.....T.Q.`&...........$..,T....`........m.`......L`.........r............Pa.........HKp~.......<.......d...........T.........?........!..<. ........g.... ...P................-...n...q...../........-...n...#../.......

                                                                                                                                                                                                                                                                                                                C:\Users\user\PCAppStore\ui\static\js\runtime-main.cdd4f9cc.js

                                                                                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\nsr7B99.tmp
                                                                                                                                                                                                                                                                                                                File Type:ASCII text, with no line terminators
                                                                                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                                                                                Size (bytes):71
                                                                                                                                                                                                                                                                                                                Entropy (8bit):4.7442478245494595
                                                                                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                                                                                SSDEEP:
                                                                                                                                                                                                                                                                                                                MD5:07D51995B0C40EB6A7D648682400933E
                                                                                                                                                                                                                                                                                                                SHA1:673509F2150E63B0B1C2DA099AAB362214571CBD
                                                                                                                                                                                                                                                                                                                SHA-256:F3AB2E215ED0CB5A170CECF2AF7B323810F0E48ACC15F255A9F87CFC2EFF8ECD
                                                                                                                                                                                                                                                                                                                SHA-512:79026CBCE83B9C1589B6A77F81842AA4D9015E645CDB8FC0BABCE54118897A45F4D1AC82787476FC7BAA9C71AE7BD6FA38DCCAE12884A8AB6152A316D69CEECC
                                                                                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                                                                                Preview:nw.Window.get().evalNWBin(null, "static/js/runtime-main.cdd4f9cc.bin");

                                                                                                                                                                                                                                                                                                                C:\Users\user\PCAppStore\ui\static\js\runtime-main.cdd4f9cc.js.map

                                                                                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\nsr7B99.tmp
                                                                                                                                                                                                                                                                                                                File Type:JSON data
                                                                                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                                                                                Size (bytes):12604
                                                                                                                                                                                                                                                                                                                Entropy (8bit):5.32907166018772
                                                                                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                                                                                SSDEEP:
                                                                                                                                                                                                                                                                                                                MD5:C7F90D5C550BFEECD43C415429428E79
                                                                                                                                                                                                                                                                                                                SHA1:0D542CE39CD81D11AC9A73A3C0F81219DFB2E986
                                                                                                                                                                                                                                                                                                                SHA-256:94AD0934D5C3FA12061BFF99B5CB495C0B6583E126E0D3CC99DCA62DCFFD8151
                                                                                                                                                                                                                                                                                                                SHA-512:092EDF55040DFC6EBA370A4A4F15397F2B25363A45FB9D686493EBAB669A9864C42483EDFF23BC708BC77537B52292F4D71FAA706DB4D7DD2649DBE4FA922F96
                                                                                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                                                                                Preview:{"version":3,"sources":["../webpack/bootstrap"],"names":["webpackJsonpCallback","data","moduleId","chunkId","chunkIds","moreModules","executeModules","i","resolves","length","Object","prototype","hasOwnProperty","call","installedChunks","push","modules","parentJsonpFunction","shift","deferredModules","apply","checkDeferredModules","result","deferredModule","fulfilled","j","depId","splice","__webpack_require__","s","installedModules","exports","module","l","e","promises","installedChunkData","promise","Promise","resolve","reject","onScriptComplete","script","document","createElement","charset","timeout","nc","setAttribute","src","p","jsonpScriptSrc","error","Error","event","onerror","onload","clearTimeout","chunk","errorType","type","realSrc","target","message","name","request","undefined","setTimeout","head","appendChild","all","m","c","d","getter","o","defineProperty","enumerable","get","r","Symbol","toStringTag","value","t","mode","__esModule","ns","create","key","bind","n","object",

                                                                                                                                                                                                                                                                                                                C:\Users\user\PCAppStore\ui\static\media\copy_icon.570b8027.svg

                                                                                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\nsr7B99.tmp
                                                                                                                                                                                                                                                                                                                File Type:SVG Scalable Vector Graphics image
                                                                                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                                                                                Size (bytes):1370
                                                                                                                                                                                                                                                                                                                Entropy (8bit):5.283353360674453
                                                                                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                                                                                SSDEEP:
                                                                                                                                                                                                                                                                                                                MD5:C28FE12628EAF4B73719080A13F8E1A5
                                                                                                                                                                                                                                                                                                                SHA1:4900054A3A0BA37B054F7E99826AF0008928AAB5
                                                                                                                                                                                                                                                                                                                SHA-256:EDEA379F1A676ED9E3ECF876A940EF2B6E8D9FB16804187D534CAE46F66F9BD1
                                                                                                                                                                                                                                                                                                                SHA-512:6E1A2CE50D6B545A26011D8E3339F4FA4C228FBEFEC53A9177BE51DBB12C3C0FDFA33B2A6490F89211647ADC4D8A38A1B34ECC1114DE6C6A8013A51F2DBB58B8
                                                                                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                                                                                Preview:<?xml version="1.0" encoding="iso-8859-1"?>.. Generator: Adobe Illustrator 18.0.0, SVG Export Plug-In . SVG Version: 6.00 Build 0) -->..<!DOCTYPE svg PUBLIC "-//W3C//DTD SVG 1.1//EN" "http://www.w3.org/Graphics/SVG/1.1/DTD/svg11.dtd">..<svg version="1.1" id="Capa_1" xmlns="http://www.w3.org/2000/svg" xmlns:xlink="http://www.w3.org/1999/xlink" x="0px" y="0px"... viewBox="0 0 210.107 210.107" style="enable-background:new 0 0 210.107 210.107;" xml:space="preserve">..<g>...<path style="fill:#c3c3c2;" d="M168.506,0H80.235C67.413,0,56.981,10.432,56.981,23.254v2.854h-15.38....c-12.822,0-23.254,10.432-23.254,23.254v137.492c0,12.822,10.432,23.254,23.254,23.254h88.271....c12.822,0,23.253-10.432,23.253-23.254V184h15.38c12.822,0,23.254-10.432,23.254-23.254V23.254C191.76,10.432,181.328,0,168.506,0z.... M138.126,186.854c0,4.551-3.703,8.254-8.253,8.254H41.601c-4.551,0-8.254-3.703-8.254-8.254V49.361....c0-4.551,3.703-8.254,8.254-8.254h88.271c4.551,0,8.253,3.703,8.253,8.254V186.854z M176.76,160.74

                                                                                                                                                                                                                                                                                                                C:\Users\user\PCAppStore\ui\static\media\icon_calculator_gray.f29de877.svg

                                                                                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\nsr7B99.tmp
                                                                                                                                                                                                                                                                                                                File Type:SVG Scalable Vector Graphics image
                                                                                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                                                                                Size (bytes):5175
                                                                                                                                                                                                                                                                                                                Entropy (8bit):3.933853115875902
                                                                                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                                                                                SSDEEP:
                                                                                                                                                                                                                                                                                                                MD5:CF8666E7736704C07412232858C9CBA3
                                                                                                                                                                                                                                                                                                                SHA1:EE8666C41448498D22620353C27EB8489D763249
                                                                                                                                                                                                                                                                                                                SHA-256:E1E0907E45A212DD9EAD8243A6C1B07907BE5E51F4399AAB6531E285322B1925
                                                                                                                                                                                                                                                                                                                SHA-512:332195DB62034A4FB5D6D86B9F25BFBA5EF57C77B57EECDA23B9D5CB0D129B5684215C8DD45300B8A611926C3A593FF6447454F7B0A97B6FBC010C9B82DF8B1D
                                                                                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                                                                                Preview:<svg width="14" height="15" viewBox="0 0 14 15" fill="none" xmlns="http://www.w3.org/2000/svg">..<path d="M1.16071 0C4.77679 0 8.37054 0 11.9866 0C12.0089 0 12.0089 0.0223228 12.0312 0.0223228C12.7232 0.156251 13.1696 0.647323 13.1696 1.36161C13.1696 5.44643 13.1696 9.55357 13.1696 13.6384C13.1696 14.4196 12.5893 15 11.808 15C8.32589 15 4.84375 15 1.36161 15C1.16071 15 0.937499 14.9554 0.758927 14.8661C0.223213 14.6205 0 14.1741 0 13.5938C0 10.8705 0 8.14732 0 5.42411C0 4.08482 0 2.72322 0 1.38393C0 0.959823 0.156249 0.580358 0.491071 0.3125C0.669642 0.133929 0.915178 0.0446429 1.16071 0ZM12.2768 7.47768C12.2768 5.46875 12.2768 3.4375 12.2768 1.42857C12.2768 1.02679 12.1205 0.870536 11.7188 0.870536C8.28125 0.870536 4.84375 0.870536 1.42857 0.870536C1.02678 0.870536 0.870534 1.02679 0.870534 1.42857C0.870534 5.46875 0.870534 9.50893 0.870534 13.5491C0.870534 13.9509 1.02678 14.1071 1.42857 14.1071C4.86607 14.1071 8.30357 14.1071 11.7188 14.1071C12.1205 14.1071 12.2768 13.9509 12.2768 1

                                                                                                                                                                                                                                                                                                                C:\Users\user\PCAppStore\ui\static\media\icon_calculator_white.cdac319f.svg

                                                                                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\nsr7B99.tmp
                                                                                                                                                                                                                                                                                                                File Type:SVG Scalable Vector Graphics image
                                                                                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                                                                                Size (bytes):2823
                                                                                                                                                                                                                                                                                                                Entropy (8bit):4.491649868709728
                                                                                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                                                                                SSDEEP:
                                                                                                                                                                                                                                                                                                                MD5:0F2E1681746D0E29CF14FE6D88B557D7
                                                                                                                                                                                                                                                                                                                SHA1:BB983801F298AF8693088BC47C6B62C5640D0BDF
                                                                                                                                                                                                                                                                                                                SHA-256:E958BEC8452B258F1A9103B8C5CA2ABE6ADDA0FA0F6D1D443E5122CF79BA1CB9
                                                                                                                                                                                                                                                                                                                SHA-512:C9BEBE4EBAE0C26B0355FEAEADA465CB111C740E2251279ABFBDC722C6E5A2B5780D136E23F256FD8B9A5013588789EA74021E11E472CDC4C181A57978889179
                                                                                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                                                                                Preview:<?xml version="1.0" encoding="utf-8"?>.. Generator: Adobe Illustrator 22.1.0, SVG Export Plug-In . SVG Version: 6.00 Build 0) -->..<svg version="1.1" id="Layer_1" xmlns="http://www.w3.org/2000/svg" xmlns:xlink="http://www.w3.org/1999/xlink" x="0px" y="0px"... viewBox="0 0 14 15" style="enable-background:new 0 0 14 15;" xml:space="preserve">..<style type="text/css">....st0{fill:#FFFFFF;}..</style>..<g>...<path class="st0" d="M1.2,0C4.8,0,8.4,0,12,0c0,0,0,0,0,0c0.7,0.1,1.1,0.6,1.1,1.3c0,4.1,0,8.2,0,12.3c0,0.8-0.6,1.4-1.4,1.4....c-3.5,0-7,0-10.4,0c-0.2,0-0.4,0-0.6-0.1C0.2,14.6,0,14.2,0,13.6c0-2.7,0-5.4,0-8.2c0-1.3,0-2.7,0-4C0,1,0.2,0.6,0.5,0.3....C0.7,0.1,0.9,0,1.2,0z M12.3,7.5c0-2,0-4,0-6c0-0.4-0.2-0.6-0.6-0.6c-3.4,0-6.9,0-10.3,0C1,0.9,0.9,1,0.9,1.4c0,4,0,8.1,0,12.1....c0,0.4,0.2,0.6,0.6,0.6c3.4,0,6.9,0,10.3,0c0.4,0,0.6-0.2,0.6-0.6C12.3,11.5,12.3,9.5,12.3,7.5z"/>...<path class="st0" d="M6.6,1.8c1.4,0,2.9,0,4.3,0c0.4,0,0.5,0.2,0.5,0.5c0,1.1,0,2.3,0,3.4c0,0.4-0.2,0.5-0.5,0.5....c-2.9,

                                                                                                                                                                                                                                                                                                                C:\Users\user\PCAppStore\ui\static\media\icon_check_gray.fc098a35.svg

                                                                                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\nsr7B99.tmp
                                                                                                                                                                                                                                                                                                                File Type:SVG Scalable Vector Graphics image
                                                                                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                                                                                Size (bytes):854
                                                                                                                                                                                                                                                                                                                Entropy (8bit):4.266600052838456
                                                                                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                                                                                SSDEEP:
                                                                                                                                                                                                                                                                                                                MD5:6D54B2DFCD9A05985B1D2BDDFD513F60
                                                                                                                                                                                                                                                                                                                SHA1:DE6A21F663DB8895ADC4DB91BBD08A279301322F
                                                                                                                                                                                                                                                                                                                SHA-256:5586C361B2D63F488784A4140DBCC1A5D81FEB5ECB747CFCB420597D325F47BC
                                                                                                                                                                                                                                                                                                                SHA-512:E9A6C7ED962B0972E2DD333DA6340D721BF9BD4840B50E8D8A074AF315D2C3ED5502415856FD888FC3CD35116E013E18450EEFB8DD11BB03E9829CB886A8EDED
                                                                                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                                                                                Preview:<svg width="20" height="16" viewBox="0 0 20 16" fill="none" xmlns="http://www.w3.org/2000/svg">..<path d="M20 1.27078C19.8339 1.53302 19.6923 1.81505 19.492 2.04761C15.6234 6.5403 11.7451 11.0231 7.87163 15.5109C7.43202 16.0205 6.90938 16.1392 6.42092 15.8325C6.31346 15.7632 6.21577 15.6692 6.12785 15.5752C4.19356 13.4971 2.26904 11.409 0.334758 9.33092C-0.310005 8.63822 0.0514528 7.68327 0.784137 7.50515C1.13583 7.42103 1.45821 7.48535 1.73174 7.73275C1.85386 7.8416 1.96132 7.9653 2.07366 8.08405C3.66603 9.80592 5.26328 11.5278 6.85565 13.2497C6.88007 13.2744 6.89472 13.2991 6.9338 13.3437C7.00707 13.2596 7.07545 13.1903 7.13407 13.1161C10.7877 8.89551 14.4414 4.66505 18.0901 0.434588C18.5737 -0.124525 19.3162 -0.149265 19.7509 0.390057C19.8632 0.528598 19.917 0.711671 20 0.870004C20 1.00855 20 1.13719 20 1.27078Z" fill="#444444"/>..</svg>..

                                                                                                                                                                                                                                                                                                                C:\Users\user\PCAppStore\ui\static\media\icon_check_white.f080410d.svg

                                                                                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\nsr7B99.tmp
                                                                                                                                                                                                                                                                                                                File Type:SVG Scalable Vector Graphics image
                                                                                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                                                                                Size (bytes):852
                                                                                                                                                                                                                                                                                                                Entropy (8bit):4.275850671375772
                                                                                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                                                                                SSDEEP:
                                                                                                                                                                                                                                                                                                                MD5:2CCC89303FC39BE9450730A8B415E094
                                                                                                                                                                                                                                                                                                                SHA1:F2E2BEB598038D58CC094C1AD1DEA58F2BB5F1BE
                                                                                                                                                                                                                                                                                                                SHA-256:E7503A4E3E81C886FAF1B512F0BA5A409927D8B192E329FF1BB6882816B6FA85
                                                                                                                                                                                                                                                                                                                SHA-512:D0E5C8118C813E786555CC2CD73D7D9BA0457A163E1D1F9B357A00A13DACCDC8E2963441C4CAFB07B960AF2980AF908E511DC74BC3BEDC3F5CCD25C7BD33EC08
                                                                                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                                                                                Preview:<svg width="20" height="16" viewBox="0 0 20 16" fill="none" xmlns="http://www.w3.org/2000/svg">..<path d="M20 1.27078C19.8339 1.53302 19.6923 1.81505 19.492 2.04761C15.6234 6.5403 11.7451 11.0231 7.87163 15.5109C7.43202 16.0205 6.90938 16.1392 6.42092 15.8325C6.31346 15.7632 6.21577 15.6692 6.12785 15.5752C4.19356 13.4971 2.26904 11.409 0.334758 9.33092C-0.310005 8.63822 0.0514528 7.68327 0.784137 7.50515C1.13583 7.42103 1.45821 7.48535 1.73174 7.73275C1.85386 7.8416 1.96132 7.9653 2.07366 8.08405C3.66603 9.80592 5.26328 11.5278 6.85565 13.2497C6.88007 13.2744 6.89472 13.2991 6.9338 13.3437C7.00707 13.2596 7.07545 13.1903 7.13407 13.1161C10.7877 8.89551 14.4414 4.66505 18.0901 0.434588C18.5737 -0.124525 19.3162 -0.149265 19.7509 0.390057C19.8632 0.528598 19.917 0.711671 20 0.870004C20 1.00855 20 1.13719 20 1.27078Z" fill="white"/>..</svg>..

                                                                                                                                                                                                                                                                                                                C:\Users\user\PCAppStore\ui\static\media\icon_clipboard_gray.c8a9351b.svg

                                                                                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\nsr7B99.tmp
                                                                                                                                                                                                                                                                                                                File Type:SVG Scalable Vector Graphics image
                                                                                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                                                                                Size (bytes):4743
                                                                                                                                                                                                                                                                                                                Entropy (8bit):3.9546492458044593
                                                                                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                                                                                SSDEEP:
                                                                                                                                                                                                                                                                                                                MD5:386F6BF2308D42F9D6E2B56C6BFB0C51
                                                                                                                                                                                                                                                                                                                SHA1:F59465E5D827949B20728DE697019C28F3E58C78
                                                                                                                                                                                                                                                                                                                SHA-256:4091F05BAFD814DA9D094477C087FEBAD0ADBC9910CFF507EEAC4B58FD207139
                                                                                                                                                                                                                                                                                                                SHA-512:FB972C58B6B05BFF4D625807B675855C3CD4112D798361DCDAFD8F26521684FAA69EEEC380043DB21759EE51727315BB2632AFE03CB3CB57AB684D5CD9A065D8
                                                                                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                                                                                Preview:<svg width="11" height="15" viewBox="0 0 11 15" fill="none" xmlns="http://www.w3.org/2000/svg">..<path d="M8.19271 0C8.45052 0.0894632 8.65104 0.238569 8.73698 0.53678C8.76563 0.626243 8.76563 0.745525 8.76563 0.864809C8.88021 0.864809 8.99479 0.864809 9.08073 0.864809C9.33854 0.864809 9.59635 0.864813 9.82552 0.924455C10.513 1.07356 10.9714 1.72962 11 2.44533C11 2.80318 11 3.16103 11 3.51889C11 6.76938 11 10.0497 11 13.3002C11 13.9861 10.7135 14.5229 10.112 14.8509C9.91146 14.9404 9.68229 15 9.45313 15C6.81771 15 4.18229 15 1.51823 15C0.658851 15 0 14.2843 0 13.3598C0 11.004 0 8.61829 0 6.26242C0 5.03976 0 3.78728 0 2.56461C0 1.84891 0.286453 1.31213 0.916662 1.01391C1.11718 0.924451 1.375 0.89463 1.60417 0.864809C1.80469 0.834988 2.03385 0.864809 2.26302 0.864809C2.26302 0.805167 2.26302 0.745525 2.26302 0.715704C2.29167 0.387672 2.4349 0.149107 2.72135 0.0298229C2.75 0.0298229 2.77864 0 2.80729 0C4.64062 0 6.41667 0 8.19271 0ZM2.29167 1.75944C2.09115 1.75944 1.89062 1.75944 1.6901 1

                                                                                                                                                                                                                                                                                                                C:\Users\user\PCAppStore\ui\static\media\icon_clipboard_white.2afacb39.svg

                                                                                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\nsr7B99.tmp
                                                                                                                                                                                                                                                                                                                File Type:SVG Scalable Vector Graphics image
                                                                                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                                                                                Size (bytes):4729
                                                                                                                                                                                                                                                                                                                Entropy (8bit):3.9826071199242548
                                                                                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                                                                                SSDEEP:
                                                                                                                                                                                                                                                                                                                MD5:7B3329DB8105F1C10A0432343AA96772
                                                                                                                                                                                                                                                                                                                SHA1:4AC72B85DCF695F50F6DD28A37B98A21DBAB0AF3
                                                                                                                                                                                                                                                                                                                SHA-256:50FDF658E0D765F71D1265B574BA6EE514AF0BFC6057CEAC817E84906BA1A627
                                                                                                                                                                                                                                                                                                                SHA-512:6E844379BDE23E22A19739B405F8193ABFE0C1A640D46C0004747CDBC41228B5E6C4A0428479EC38DDD1A7D60BAE247E44E05877357F3BDFE6BFB53592F1B5E1
                                                                                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                                                                                Preview:<svg width="11" height="15" viewBox="0 0 11 15" fill="none" xmlns="http://www.w3.org/2000/svg">..<path d="M8.19271 0C8.45052 0.0894632 8.65104 0.238569 8.73698 0.53678C8.76563 0.626243 8.76563 0.745525 8.76563 0.864809C8.88021 0.864809 8.99479 0.864809 9.08073 0.864809C9.33854 0.864809 9.59635 0.864813 9.82552 0.924455C10.513 1.07356 10.9714 1.72962 11 2.44533C11 2.80318 11 3.16103 11 3.51889C11 6.76938 11 10.0497 11 13.3002C11 13.9861 10.7135 14.5229 10.112 14.8509C9.91146 14.9404 9.68229 15 9.45313 15C6.81771 15 4.18229 15 1.51823 15C0.658851 15 0 14.2843 0 13.3598C0 11.004 0 8.61829 0 6.26242C0 5.03976 0 3.78728 0 2.56461C0 1.84891 0.286453 1.31213 0.916662 1.01391C1.11718 0.924451 1.375 0.89463 1.60417 0.864809C1.80469 0.834988 2.03385 0.864809 2.26302 0.864809C2.26302 0.805167 2.26302 0.745525 2.26302 0.715704C2.29167 0.387672 2.4349 0.149107 2.72135 0.0298229C2.75 0.0298229 2.77864 0 2.80729 0C4.64062 0 6.41667 0 8.19271 0ZM2.29167 1.75944C2.09115 1.75944 1.89062 1.75944 1.6901 1

                                                                                                                                                                                                                                                                                                                C:\Users\user\PCAppStore\ui\static\media\icon_cross_gray_2.01bfd543.svg

                                                                                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\nsr7B99.tmp
                                                                                                                                                                                                                                                                                                                File Type:SVG Scalable Vector Graphics image
                                                                                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                                                                                Size (bytes):1592
                                                                                                                                                                                                                                                                                                                Entropy (8bit):4.004290849514056
                                                                                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                                                                                SSDEEP:
                                                                                                                                                                                                                                                                                                                MD5:D9F81AE3849F84F6F219B2831F088247
                                                                                                                                                                                                                                                                                                                SHA1:A0F7835AA9CD1261E3E2839B41055A3DD24A8637
                                                                                                                                                                                                                                                                                                                SHA-256:DA9DFE3D7B3033B518E8E2BD6C708A0F30F28E6013E696F8CEF108D2B64E0F35
                                                                                                                                                                                                                                                                                                                SHA-512:21D60604A97B9C084D924EA8C3C258990F818F2D44621C5F7D14380736BCF05ACDFF0DF31C5F9E71EAF68977FD2CA790E57AA6FFBF803DE1F88A45FAEBD3587F
                                                                                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                                                                                Preview:<svg width="16" height="16" viewBox="0 0 16 16" fill="none" xmlns="http://www.w3.org/2000/svg">..<path d="M0.930186 15.0723C0.877158 14.88 0.80093 14.6911 0.784359 14.4956C0.761161 14.1741 0.933506 13.9288 1.15225 13.7101C2.94199 11.9204 4.73173 10.1306 6.52146 8.34088C6.58112 8.28122 6.64078 8.22156 6.72032 8.14202C6.65072 8.07242 6.59438 8.01608 6.53472 7.95642C4.77152 6.19322 3.01494 4.42338 1.24511 2.67344C0.800997 2.23595 0.638599 1.78189 0.933576 1.20851C1.02638 1.11571 1.11918 1.02291 1.20866 0.933425C1.4009 0.880395 1.58981 0.804165 1.78535 0.787593C2.10684 0.764391 2.3521 0.936733 2.57085 1.15548C4.36056 2.94519 6.15028 4.73491 7.94331 6.52795C8.00297 6.5876 8.06263 6.64726 8.14217 6.7268C8.21177 6.6572 8.26812 6.60086 8.32777 6.5412C10.1275 4.74152 11.9271 2.94184 13.7268 1.14216C14.1312 0.73781 14.6151 0.671521 15.0525 0.943292C15.5165 1.23495 15.6458 1.88787 15.3309 2.3353C15.258 2.43473 15.1752 2.52422 15.0857 2.61371C13.3092 4.39019 11.5327 6.16667 9.75623 7.94315C9.69658

                                                                                                                                                                                                                                                                                                                C:\Users\user\PCAppStore\ui\static\media\icon_cross_white_2.05921d5e.svg

                                                                                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\nsr7B99.tmp
                                                                                                                                                                                                                                                                                                                File Type:SVG Scalable Vector Graphics image
                                                                                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                                                                                Size (bytes):1590
                                                                                                                                                                                                                                                                                                                Entropy (8bit):4.012220474436418
                                                                                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                                                                                SSDEEP:
                                                                                                                                                                                                                                                                                                                MD5:4DB5D94C4F838E720E17332EDF740EBC
                                                                                                                                                                                                                                                                                                                SHA1:D28ED3AD9E3A5EFE37DD1012C5F9F1E494C32883
                                                                                                                                                                                                                                                                                                                SHA-256:52151748BF54BE05AD5D26EB0FE3209E5EAFDEDB04AF6F1EB80D758E375A3E6C
                                                                                                                                                                                                                                                                                                                SHA-512:8264399F4119897182DFA43EA447DA2EF80ED6451677A66C12ECC4547BDCBD0762AA11CC3D89E948A32CA1C4B59952B267B2FADBDCB84A827E7DB2D66777837C
                                                                                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                                                                                Preview:<svg width="16" height="16" viewBox="0 0 16 16" fill="none" xmlns="http://www.w3.org/2000/svg">..<path d="M0.930186 15.0723C0.877158 14.88 0.80093 14.6911 0.784359 14.4956C0.761161 14.1741 0.933506 13.9288 1.15225 13.7101C2.94199 11.9204 4.73173 10.1306 6.52146 8.34088C6.58112 8.28122 6.64078 8.22156 6.72032 8.14202C6.65072 8.07242 6.59438 8.01608 6.53472 7.95642C4.77152 6.19322 3.01494 4.42338 1.24511 2.67344C0.800997 2.23595 0.638599 1.78189 0.933576 1.20851C1.02638 1.11571 1.11918 1.02291 1.20866 0.933425C1.4009 0.880395 1.58981 0.804165 1.78535 0.787593C2.10684 0.764391 2.3521 0.936733 2.57085 1.15548C4.36056 2.94519 6.15028 4.73491 7.94331 6.52795C8.00297 6.5876 8.06263 6.64726 8.14217 6.7268C8.21177 6.6572 8.26812 6.60086 8.32777 6.5412C10.1275 4.74152 11.9271 2.94184 13.7268 1.14216C14.1312 0.73781 14.6151 0.671521 15.0525 0.943292C15.5165 1.23495 15.6458 1.88787 15.3309 2.3353C15.258 2.43473 15.1752 2.52422 15.0857 2.61371C13.3092 4.39019 11.5327 6.16667 9.75623 7.94315C9.69658

                                                                                                                                                                                                                                                                                                                C:\Users\user\PCAppStore\ui\static\media\icon_dashboard_gray.3a181243.svg

                                                                                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\nsr7B99.tmp
                                                                                                                                                                                                                                                                                                                File Type:SVG Scalable Vector Graphics image
                                                                                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                                                                                Size (bytes):4264
                                                                                                                                                                                                                                                                                                                Entropy (8bit):3.894045254391696
                                                                                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                                                                                SSDEEP:
                                                                                                                                                                                                                                                                                                                MD5:E25CBB3FF275E58AF7891E0B857550A1
                                                                                                                                                                                                                                                                                                                SHA1:5FA0E6C032B080FC7A2E37ACADAA46D7F7AB04E2
                                                                                                                                                                                                                                                                                                                SHA-256:25FFBB8EEAC1F9A707570095599CE2349846836631CB2233D8273B4180425213
                                                                                                                                                                                                                                                                                                                SHA-512:BE2E449A4E86B723CA3881547F2CF11A305269EDE4DCB62EB94EEF44FC72E99EB0AE95B253735BD69BF10E814512B93AD8420193AF13598D0CEC987AA5F2A6C2
                                                                                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                                                                                Preview:<svg width="20" height="21" viewBox="0 0 20 21" fill="none" xmlns="http://www.w3.org/2000/svg">..<path d="M20.0001 10.7624L19.9644 10.7985C19.7505 11.593 19.2514 11.9903 18.4315 11.9903C16.542 11.9903 14.6525 11.9903 12.763 11.9903C12.6204 11.9903 12.5135 11.9903 12.3709 11.9903C11.4796 11.9903 10.8379 11.3402 10.8379 10.4374C10.8379 9.78739 10.8379 9.17347 10.8379 8.52344C10.8379 6.32057 10.8379 4.1538 10.8379 1.95092C10.8379 0.903652 11.1231 0.506411 12.0857 0.181396C14.3316 0.181396 16.542 0.181396 18.788 0.181396C19.1088 0.289735 19.4653 0.434186 19.6436 0.723088C19.7862 0.939764 19.8575 1.19255 19.9644 1.44534C20.0001 4.58715 20.0001 7.69285 20.0001 10.7624ZM18.7523 6.14C18.7523 4.69549 18.7523 3.28709 18.7523 1.84258C18.7523 1.55368 18.7167 1.51757 18.4315 1.51757C16.435 1.51757 14.4386 1.51757 12.4422 1.51757C12.157 1.51757 12.0857 1.55368 12.0857 1.84258C12.0857 4.69549 12.0857 7.58451 12.0857 10.4374C12.0857 10.7263 12.157 10.7985 12.4422 10.7985C14.4386 10.7985 16.435 10.7985

                                                                                                                                                                                                                                                                                                                C:\Users\user\PCAppStore\ui\static\media\icon_dashboard_white.a91ae220.svg

                                                                                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\nsr7B99.tmp
                                                                                                                                                                                                                                                                                                                File Type:SVG Scalable Vector Graphics image
                                                                                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                                                                                Size (bytes):4238
                                                                                                                                                                                                                                                                                                                Entropy (8bit):3.914834455290012
                                                                                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                                                                                SSDEEP:
                                                                                                                                                                                                                                                                                                                MD5:2A64F22D46EF697D361BC13F4E5EC382
                                                                                                                                                                                                                                                                                                                SHA1:8F4277EA88024B458509538814E3A50BD20F0F04
                                                                                                                                                                                                                                                                                                                SHA-256:33629801FE35C15E2803A47C1ED0B8E21F38114119F05D64EBD65E5DA246B7CA
                                                                                                                                                                                                                                                                                                                SHA-512:6A9FC6FC4526D36FC259BF104F35418FB0914E32314975666E8EF01BC1D940263CC2F3109051E112A26A7FE42895762729F3FF5DC1E4C6D8ADF2A0E1CFD410E9
                                                                                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                                                                                Preview:<svg width="20" height="20" viewBox="0 0 20 20" fill="none" xmlns="http://www.w3.org/2000/svg">..<path d="M20.0001 10.4456L19.9644 10.4813C19.7505 11.2656 19.2514 11.6578 18.4315 11.6578C16.542 11.6578 14.6525 11.6578 12.763 11.6578C12.6204 11.6578 12.5135 11.6578 12.3709 11.6578C11.4796 11.6578 10.8379 11.016 10.8379 10.1248C10.8379 9.48307 10.8379 8.87701 10.8379 8.23529C10.8379 6.06061 10.8379 3.92157 10.8379 1.74688C10.8379 0.713012 11.1231 0.320856 12.0857 0C14.3316 0 16.542 0 18.788 0C19.1088 0.106952 19.4653 0.249554 19.6436 0.534759C19.7862 0.748663 19.8575 0.998217 19.9644 1.24777C20.0001 4.34938 20.0001 7.41533 20.0001 10.4456ZM18.7523 5.88235C18.7523 4.45633 18.7523 3.06595 18.7523 1.63993C18.7523 1.35472 18.7167 1.31907 18.4315 1.31907C16.435 1.31907 14.4386 1.31907 12.4422 1.31907C12.157 1.31907 12.0857 1.35472 12.0857 1.63993C12.0857 4.45633 12.0857 7.30838 12.0857 10.1248C12.0857 10.41 12.157 10.4813 12.4422 10.4813C14.4386 10.4813 16.435 10.4813 18.4315 10.4813C18.7167

                                                                                                                                                                                                                                                                                                                C:\Users\user\PCAppStore\ui\static\media\icon_gamepad_gray.d7229273.svg

                                                                                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\nsr7B99.tmp
                                                                                                                                                                                                                                                                                                                File Type:SVG Scalable Vector Graphics image
                                                                                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                                                                                Size (bytes):6098
                                                                                                                                                                                                                                                                                                                Entropy (8bit):3.8868971852897896
                                                                                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                                                                                SSDEEP:
                                                                                                                                                                                                                                                                                                                MD5:8EBCB6408685047BE3BD1996D4000EE4
                                                                                                                                                                                                                                                                                                                SHA1:F16881FF86F16B8C4D725E17584ECE870CD6727F
                                                                                                                                                                                                                                                                                                                SHA-256:BA281665918CA2AB863CE98626153153931F2D99FEE645F7479118F91C66C9F2
                                                                                                                                                                                                                                                                                                                SHA-512:276FD1A09BDE77261210114F5FE6E3C796DAA6C85183CC206200B9BB0D148AB914981AE162A0D9FF901171A394A98708E672A8C002FDBEB4138488BF80944C5F
                                                                                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                                                                                Preview:<svg width="16" height="11" viewBox="0 0 16 11" fill="none" xmlns="http://www.w3.org/2000/svg">..<path d="M16 8.62987C15.9472 8.92217 15.9117 9.21777 15.8394 9.50569C15.7505 9.90773 15.5371 10.275 15.2269 10.56C14.6695 11.057 13.8597 11.138 13.1554 10.7669C12.6421 10.4875 12.1924 10.1131 11.8329 9.66553C11.4245 9.17616 11.0495 8.66271 10.6675 8.15364C10.6453 8.11432 10.6121 8.08164 10.5716 8.05922C10.5311 8.0368 10.4849 8.02553 10.4381 8.02664C8.81238 8.03102 7.18705 8.03102 5.5621 8.02664C5.51686 8.02284 5.47145 8.03194 5.43163 8.0528C5.39182 8.07365 5.35938 8.10532 5.33844 8.14378C4.90194 8.82765 4.38931 9.46449 3.80946 10.0432C3.47452 10.3927 3.06867 10.6735 2.61655 10.8687C2.2413 11.0212 1.82147 11.0416 1.43196 10.9261C1.04246 10.8106 0.708611 10.5667 0.489974 10.2381C0.217225 9.81192 0.0595757 9.32778 0.0311659 8.82912C-0.0766541 7.71682 0.109163 6.6286 0.375272 5.55243C0.728555 4.12921 1.22177 2.74649 1.97078 1.46231C2.19701 1.09466 2.45605 0.746321 2.74502 0.421172C2.85915 0.287

                                                                                                                                                                                                                                                                                                                C:\Users\user\PCAppStore\ui\static\media\icon_gamepad_white.25a7995d.svg

                                                                                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\nsr7B99.tmp
                                                                                                                                                                                                                                                                                                                File Type:SVG Scalable Vector Graphics image
                                                                                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                                                                                Size (bytes):6086
                                                                                                                                                                                                                                                                                                                Entropy (8bit):3.9063223215918432
                                                                                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                                                                                SSDEEP:
                                                                                                                                                                                                                                                                                                                MD5:048482A7B181541A174551C016205A44
                                                                                                                                                                                                                                                                                                                SHA1:5A5C2E2F813768E3C3C096ABDB209F55C5F2FCE3
                                                                                                                                                                                                                                                                                                                SHA-256:968A15C711DA89D4A150521A1889633C5967731EAB81C6A14DFFA352B325BC7E
                                                                                                                                                                                                                                                                                                                SHA-512:873070DE6578A9751FB2718F2C73E6ED8FA15F0C76C34D03E0A359658F5B885EFC5388DDDFB458CCFB99D44025983EAFCD595DE7C6218F1DAC81228D75F40F4C
                                                                                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                                                                                Preview:<svg width="16" height="11" viewBox="0 0 16 11" fill="none" xmlns="http://www.w3.org/2000/svg">..<path d="M16 8.62987C15.9472 8.92217 15.9117 9.21777 15.8394 9.50569C15.7505 9.90773 15.5371 10.275 15.2269 10.56C14.6695 11.057 13.8597 11.138 13.1554 10.7669C12.6421 10.4875 12.1924 10.1131 11.8329 9.66553C11.4245 9.17616 11.0495 8.66271 10.6675 8.15364C10.6453 8.11432 10.6121 8.08164 10.5716 8.05922C10.5311 8.0368 10.4849 8.02553 10.4381 8.02664C8.81238 8.03102 7.18705 8.03102 5.5621 8.02664C5.51686 8.02284 5.47145 8.03194 5.43163 8.0528C5.39182 8.07365 5.35938 8.10532 5.33844 8.14378C4.90194 8.82765 4.38931 9.46449 3.80946 10.0432C3.47452 10.3927 3.06867 10.6735 2.61655 10.8687C2.2413 11.0212 1.82147 11.0416 1.43196 10.9261C1.04246 10.8106 0.708611 10.5667 0.489974 10.2381C0.217225 9.81192 0.0595757 9.32778 0.0311659 8.82912C-0.0766541 7.71682 0.109163 6.6286 0.375272 5.55243C0.728555 4.12921 1.22177 2.74649 1.97078 1.46231C2.19701 1.09466 2.45605 0.746321 2.74502 0.421172C2.85915 0.287

                                                                                                                                                                                                                                                                                                                C:\Users\user\PCAppStore\ui\static\media\icon_gear_gray.545673b6.svg

                                                                                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\nsr7B99.tmp
                                                                                                                                                                                                                                                                                                                File Type:SVG Scalable Vector Graphics image
                                                                                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                                                                                Size (bytes):6801
                                                                                                                                                                                                                                                                                                                Entropy (8bit):3.7386877939405805
                                                                                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                                                                                SSDEEP:
                                                                                                                                                                                                                                                                                                                MD5:6DD649E7B024D0758023476637791EFF
                                                                                                                                                                                                                                                                                                                SHA1:47EAC14A729C1A1C314C644BD28FA8C7D8B6D24D
                                                                                                                                                                                                                                                                                                                SHA-256:663F3C16A7075FF42266008720D8D859F54E366040496F95E828E892DCAE6A7E
                                                                                                                                                                                                                                                                                                                SHA-512:3887A01D6329B979A683A6322508FD75C6C66369605133FBFA373E503CC2A199204002E5FEB382D163D67CB2DFBCD698AFB57C770916C1A5B6BB592261A1FE7C
                                                                                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                                                                                Preview:<svg width="21" height="21" viewBox="0 0 21 21" fill="none" xmlns="http://www.w3.org/2000/svg">..<path d="M9.56484 0C10.1938 0 10.8227 0 11.4516 0C11.4734 0.0109432 11.4953 0.0273583 11.5227 0.0328299C12.3539 0.207921 12.9336 0.798855 13.0703 1.63054C13.1031 1.82204 13.0977 2.02449 13.0922 2.22147C13.0922 2.33637 13.125 2.38562 13.2344 2.42392C13.4859 2.51147 13.732 2.60995 13.9781 2.71391C14.1203 2.7741 14.2734 2.90542 14.4047 2.88901C14.5305 2.86712 14.6344 2.6975 14.7492 2.58807C15.5203 1.86582 16.6469 1.8494 17.418 2.57165C17.7789 2.90542 18.1289 3.2556 18.457 3.61673C18.8891 4.09276 19.0367 4.65633 18.9164 5.29104C18.8398 5.71782 18.6156 6.06253 18.3094 6.358C18.0742 6.58781 18.0797 6.58781 18.2109 6.8778C18.3148 7.10761 18.4133 7.34289 18.5008 7.57817C18.6266 7.91193 18.6211 7.91193 18.9766 7.91193C19.8516 7.91741 20.5461 8.35513 20.8523 9.11569C20.9125 9.25795 20.9508 9.41115 21 9.55889C21 10.1881 21 10.8174 21 11.4466C20.9836 11.4904 20.9672 11.5341 20.9563 11.5779C20.8141 12.1

                                                                                                                                                                                                                                                                                                                C:\Users\user\PCAppStore\ui\static\media\icon_gear_white.2bba31c1.svg

                                                                                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\nsr7B99.tmp
                                                                                                                                                                                                                                                                                                                File Type:SVG Scalable Vector Graphics image
                                                                                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                                                                                Size (bytes):6797
                                                                                                                                                                                                                                                                                                                Entropy (8bit):3.744755737482207
                                                                                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                                                                                SSDEEP:
                                                                                                                                                                                                                                                                                                                MD5:C29E6ED919C2A6DE97D06B2AE745DE71
                                                                                                                                                                                                                                                                                                                SHA1:D5FBD0DBFBD471CE494FD822C8846D4460BD1545
                                                                                                                                                                                                                                                                                                                SHA-256:2B35B1B5EAB5E23F2FE6E3B1178A81933241006D56FC2731E40323B5E6AEE94A
                                                                                                                                                                                                                                                                                                                SHA-512:07C65E7CB30FA0D0B8054EDAB7AA9AA0625826C4327681E14AC06849C7DBD0722F2487D9564ADCF2CDF819352E78492B65620C0352F043818D4839674D21B2F0
                                                                                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                                                                                Preview:<svg width="21" height="21" viewBox="0 0 21 21" fill="none" xmlns="http://www.w3.org/2000/svg">..<path d="M9.56484 0C10.1938 0 10.8227 0 11.4516 0C11.4734 0.0109432 11.4953 0.0273583 11.5227 0.0328299C12.3539 0.207921 12.9336 0.798855 13.0703 1.63054C13.1031 1.82204 13.0977 2.02449 13.0922 2.22147C13.0922 2.33637 13.125 2.38562 13.2344 2.42392C13.4859 2.51147 13.732 2.60995 13.9781 2.71391C14.1203 2.7741 14.2734 2.90542 14.4047 2.88901C14.5305 2.86712 14.6344 2.6975 14.7492 2.58807C15.5203 1.86582 16.6469 1.8494 17.418 2.57165C17.7789 2.90542 18.1289 3.2556 18.457 3.61673C18.8891 4.09276 19.0367 4.65633 18.9164 5.29104C18.8398 5.71782 18.6156 6.06253 18.3094 6.358C18.0742 6.58781 18.0797 6.58781 18.2109 6.8778C18.3148 7.10761 18.4133 7.34289 18.5008 7.57817C18.6266 7.91193 18.6211 7.91193 18.9766 7.91193C19.8516 7.91741 20.5461 8.35513 20.8523 9.11569C20.9125 9.25795 20.9508 9.41115 21 9.55889C21 10.1881 21 10.8174 21 11.4466C20.9836 11.4904 20.9672 11.5341 20.9563 11.5779C20.8141 12.1

                                                                                                                                                                                                                                                                                                                C:\Users\user\PCAppStore\ui\static\media\icon_notification_gray.e0145c50.svg

                                                                                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\nsr7B99.tmp
                                                                                                                                                                                                                                                                                                                File Type:SVG Scalable Vector Graphics image
                                                                                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                                                                                Size (bytes):3605
                                                                                                                                                                                                                                                                                                                Entropy (8bit):3.914389459303166
                                                                                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                                                                                SSDEEP:
                                                                                                                                                                                                                                                                                                                MD5:477A237F6AE8615FA3C957919C161FFC
                                                                                                                                                                                                                                                                                                                SHA1:735FF4EB4377A45B2D2D5A8E7C305F6B6AF287C7
                                                                                                                                                                                                                                                                                                                SHA-256:A676CCE75141D03F6264C5D65398BE6021379FEF9A2BB25BA64549EFB8066B42
                                                                                                                                                                                                                                                                                                                SHA-512:5663DA1BF748E3A62A4D5919C4E1FEFE95DF60AB46E9DA6C03B6417854CC9A516F38C5EA14AB21A775EA9D3BA0630D830AF7379CC62FC17E84EA18B402666D30
                                                                                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                                                                                Preview:<svg width="14" height="15" viewBox="0 0 14 15" fill="none" xmlns="http://www.w3.org/2000/svg">..<path d="M13.98 6.12847C13.98 6.2105 13.9925 6.29644 13.9759 6.37457C13.9344 6.59722 13.7107 6.75347 13.4828 6.73394C13.2424 6.71441 13.0601 6.53082 13.0559 6.28863C13.0476 5.76519 12.9813 5.24957 12.828 4.74175C12.5504 3.82379 12.0614 3.0191 11.3611 2.3316C11.1042 2.0816 11.0793 1.81597 11.2906 1.62457C11.502 1.43316 11.7838 1.47222 12.0365 1.72222C13.0684 2.74175 13.6982 3.94488 13.9179 5.33941C13.9593 5.60113 13.9717 5.86285 14.0007 6.12457C13.9883 6.12847 13.9842 6.12847 13.98 6.12847Z" fill="#494444"/>..<path d="M7.1786 0C7.39409 0.0859375 7.63029 0.148438 7.82505 0.269531C8.19386 0.503906 8.37205 0.859375 8.38863 1.28125C8.39691 1.5 8.38863 1.71875 8.38863 1.94141C8.59582 2.01953 8.79887 2.08203 8.99364 2.17188C10.7879 3.01563 11.7369 4.38281 11.8074 6.27734C11.8322 6.92969 11.7991 7.58594 11.8405 8.23828C11.9275 9.54297 12.4041 10.7187 13.2163 11.7734C13.3986 12.0078 13.6058 12.2305

                                                                                                                                                                                                                                                                                                                C:\Users\user\PCAppStore\ui\static\media\icon_notification_white.addda272.svg

                                                                                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\nsr7B99.tmp
                                                                                                                                                                                                                                                                                                                File Type:SVG Scalable Vector Graphics image
                                                                                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                                                                                Size (bytes):3599
                                                                                                                                                                                                                                                                                                                Entropy (8bit):3.928807214825618
                                                                                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                                                                                SSDEEP:
                                                                                                                                                                                                                                                                                                                MD5:89DD3B8D872E8E8E8D51B3CD29C77023
                                                                                                                                                                                                                                                                                                                SHA1:E4D6DAA5097FFE044C8DF59692FC2F3ABCF45668
                                                                                                                                                                                                                                                                                                                SHA-256:A2DC2F231B7A3492ABCED87D8F1953CF313CFE3CDD32B38FEC3F6EDD270A26FD
                                                                                                                                                                                                                                                                                                                SHA-512:4E731CF642CBC3BEBC5C858073336B6D923227B690253378A47B8A5220E2F28EFC8D2D6602728F1DC2D13ED5EB95B5F889813FE89BBA7E55A6A487F01E510203
                                                                                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                                                                                Preview:<svg width="14" height="15" viewBox="0 0 14 15" fill="none" xmlns="http://www.w3.org/2000/svg">..<path d="M13.98 6.12847C13.98 6.2105 13.9925 6.29644 13.9759 6.37457C13.9344 6.59722 13.7107 6.75347 13.4828 6.73394C13.2424 6.71441 13.0601 6.53082 13.0559 6.28863C13.0476 5.76519 12.9813 5.24957 12.828 4.74175C12.5504 3.82379 12.0614 3.0191 11.3611 2.3316C11.1042 2.0816 11.0793 1.81597 11.2906 1.62457C11.502 1.43316 11.7838 1.47222 12.0365 1.72222C13.0684 2.74175 13.6982 3.94488 13.9179 5.33941C13.9593 5.60113 13.9717 5.86285 14.0007 6.12457C13.9883 6.12847 13.9842 6.12847 13.98 6.12847Z" fill="white"/>..<path d="M7.1786 0C7.39409 0.0859375 7.63029 0.148438 7.82505 0.269531C8.19386 0.503906 8.37205 0.859375 8.38863 1.28125C8.39691 1.5 8.38863 1.71875 8.38863 1.94141C8.59582 2.01953 8.79887 2.08203 8.99364 2.17188C10.7879 3.01563 11.7369 4.38281 11.8074 6.27734C11.8322 6.92969 11.7991 7.58594 11.8405 8.23828C11.9275 9.54297 12.4041 10.7187 13.2163 11.7734C13.3986 12.0078 13.6058 12.2305 13

                                                                                                                                                                                                                                                                                                                C:\Users\user\PCAppStore\ui\static\media\icon_screenshot_gray.01873dbe.svg

                                                                                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\nsr7B99.tmp
                                                                                                                                                                                                                                                                                                                File Type:SVG Scalable Vector Graphics image
                                                                                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                                                                                Size (bytes):2232
                                                                                                                                                                                                                                                                                                                Entropy (8bit):3.9969278840420657
                                                                                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                                                                                SSDEEP:
                                                                                                                                                                                                                                                                                                                MD5:73CD1627E147A8EAD813AD7201D75876
                                                                                                                                                                                                                                                                                                                SHA1:9873BA2A53794A91E4DFB617D0D713DCC1EF5AFA
                                                                                                                                                                                                                                                                                                                SHA-256:27AF99AEF7A11E5806946F03234615F4F96576936C87BF3E256572AD6D35BB3B
                                                                                                                                                                                                                                                                                                                SHA-512:5EE5A96FC914E6D2E4481003B817F8CFA647C447CBA2254EB83EC75E606DACBDA1520D0C0CAF789103B53FC47CB825539748E703CAC99D41BB02A1E64711C7CA
                                                                                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                                                                                Preview:<svg width="12" height="14" viewBox="0 0 12 14" fill="none" xmlns="http://www.w3.org/2000/svg">..<path d="M7.09854 10.2731C7.43835 9.88812 7.85096 9.62347 8.33639 9.50318C9.59851 9.19042 10.8849 9.98435 11.1519 11.2595C11.4189 12.5105 10.5451 13.7615 9.25871 13.954C7.94805 14.1705 6.73447 13.2323 6.61311 11.9331C6.58884 11.7166 6.51602 11.476 6.44321 11.2595C6.17622 10.4415 5.90923 9.62347 5.66652 8.80548C5.64225 8.75736 5.64225 8.70924 5.61798 8.63707C5.59371 8.70924 5.56943 8.7333 5.54516 8.78142C5.22963 9.74376 4.9141 10.7302 4.62284 11.6925C4.5743 11.8369 4.5743 11.9812 4.55003 12.1496C4.30731 13.3285 3.19082 14.1465 2.02578 13.9781C0.763661 13.8097 -0.110117 12.727 0.0112413 11.5C0.108328 10.5618 0.642303 9.88812 1.54035 9.57535C2.4384 9.26259 3.23936 9.47912 3.91897 10.1287C3.96751 10.1768 4.01605 10.2249 4.0646 10.2731C4.08887 10.2249 4.11314 10.1768 4.11314 10.1287C5.15682 6.90485 6.17622 3.65694 7.2199 0.433091C7.29272 0.240623 7.3898 0.0722124 7.60825 0.0240953C7.97232 -0.048

                                                                                                                                                                                                                                                                                                                C:\Users\user\PCAppStore\ui\static\media\icon_screenshot_white.0e82acc2.svg

                                                                                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\nsr7B99.tmp
                                                                                                                                                                                                                                                                                                                File Type:SVG Scalable Vector Graphics image
                                                                                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                                                                                Size (bytes):2228
                                                                                                                                                                                                                                                                                                                Entropy (8bit):4.011244246624798
                                                                                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                                                                                SSDEEP:
                                                                                                                                                                                                                                                                                                                MD5:D4950E85D1EDD93F20A610F0B9575A1B
                                                                                                                                                                                                                                                                                                                SHA1:6CF6227A85D9111DBBD9A23A2BBA528D31B591A2
                                                                                                                                                                                                                                                                                                                SHA-256:4702B18CB5FAA0D6F56176EBE21011D2E994736BA0AFC52C961E3950F45E61EA
                                                                                                                                                                                                                                                                                                                SHA-512:15B47F230A966FEFCBE1BA1BC6D700FACF7978B22A7913388C3269D13A140AA634364121473A7152997EE5146FC5BED9697C00D7018F025CEB6BFB3018C64ABD
                                                                                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                                                                                Preview:<svg width="12" height="14" viewBox="0 0 12 14" fill="none" xmlns="http://www.w3.org/2000/svg">..<path d="M7.09854 10.2731C7.43835 9.88812 7.85096 9.62347 8.33639 9.50318C9.59851 9.19042 10.8849 9.98435 11.1519 11.2595C11.4189 12.5105 10.5451 13.7615 9.25871 13.954C7.94805 14.1705 6.73447 13.2323 6.61311 11.9331C6.58884 11.7166 6.51602 11.476 6.44321 11.2595C6.17622 10.4415 5.90923 9.62347 5.66652 8.80548C5.64225 8.75736 5.64225 8.70924 5.61798 8.63707C5.59371 8.70924 5.56943 8.7333 5.54516 8.78142C5.22963 9.74376 4.9141 10.7302 4.62284 11.6925C4.5743 11.8369 4.5743 11.9812 4.55003 12.1496C4.30731 13.3285 3.19082 14.1465 2.02578 13.9781C0.763661 13.8097 -0.110117 12.727 0.0112413 11.5C0.108328 10.5618 0.642303 9.88812 1.54035 9.57535C2.4384 9.26259 3.23936 9.47912 3.91897 10.1287C3.96751 10.1768 4.01605 10.2249 4.0646 10.2731C4.08887 10.2249 4.11314 10.1768 4.11314 10.1287C5.15682 6.90485 6.17622 3.65694 7.2199 0.433091C7.29272 0.240623 7.3898 0.0722124 7.60825 0.0240953C7.97232 -0.048

                                                                                                                                                                                                                                                                                                                C:\Users\user\PCAppStore\ui\static\media\icon_search_gray.ebbaf632.svg

                                                                                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\nsr7B99.tmp
                                                                                                                                                                                                                                                                                                                File Type:SVG Scalable Vector Graphics image
                                                                                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                                                                                Size (bytes):702
                                                                                                                                                                                                                                                                                                                Entropy (8bit):4.39074490019929
                                                                                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                                                                                SSDEEP:
                                                                                                                                                                                                                                                                                                                MD5:86893B121171A45F3494D301D57E80F1
                                                                                                                                                                                                                                                                                                                SHA1:739B6A99982CE3F6BF792876E72A8413D1583072
                                                                                                                                                                                                                                                                                                                SHA-256:4D8B0003A1DA38931E9BA26483D517CD59E62EA14759FC36F14B0F1EC558C6B8
                                                                                                                                                                                                                                                                                                                SHA-512:CABD9B44F635F3A1C9C8054004DE318FC3F875F6FD81DB722CD49FD29912E0720B656DD1BA81A5FF8B63C728A81A9A393618E0D18B07227F2AC937A954D9FEB0
                                                                                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                                                                                Preview:<svg width="12" height="12" viewBox="0 0 12 12" fill="none" xmlns="http://www.w3.org/2000/svg">..<path d="M0.146939 11.1478L3.03184 8.26286C2.31673 7.39102 1.88571 6.27429 1.88571 5.05714C1.88571 2.26531 4.15102 0 6.94286 0C9.73714 0 12 2.26531 12 5.05714C12 7.84898 9.73714 10.1143 6.94286 10.1143C5.72571 10.1143 4.61143 9.68571 3.73959 8.97061L0.854693 11.8531C0.658775 12.049 0.342857 12.049 0.146939 11.8531C-0.0489798 11.6596 -0.0489798 11.3412 0.146939 11.1478ZM6.94286 9.10775C9.17878 9.10775 10.9959 7.29061 10.9959 5.05714C10.9959 2.82367 9.17878 1.00408 6.94286 1.00408C4.70939 1.00408 2.8898 2.82367 2.8898 5.05714C2.8898 7.29061 4.70939 9.10775 6.94286 9.10775Z" fill="#827A7A"/>..</svg>..

                                                                                                                                                                                                                                                                                                                C:\Users\user\PCAppStore\ui\static\media\icon_search_white.0c376446.svg

                                                                                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\nsr7B99.tmp
                                                                                                                                                                                                                                                                                                                File Type:SVG Scalable Vector Graphics image
                                                                                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                                                                                Size (bytes):700
                                                                                                                                                                                                                                                                                                                Entropy (8bit):4.387297248681374
                                                                                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                                                                                SSDEEP:
                                                                                                                                                                                                                                                                                                                MD5:C6D2A075413FDBCB286B77A97F9B6F13
                                                                                                                                                                                                                                                                                                                SHA1:2DAA74C58338CAFE94A25CAB8FFB92253C140BCF
                                                                                                                                                                                                                                                                                                                SHA-256:A71D66F5B6FAC238513DAA379BAEE5B35F24EC42050DC21E056BF08310042888
                                                                                                                                                                                                                                                                                                                SHA-512:387762B3A3D0B7F694CF633926B3777AAA45DCA5A31DC7C095BC0B235B7D49CE5818BE76F2B032CF4E3031DEC520C5C67FAB879968C0F203E2A44EEA2EE0499F
                                                                                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                                                                                Preview:<svg width="12" height="12" viewBox="0 0 12 12" fill="none" xmlns="http://www.w3.org/2000/svg">..<path d="M0.146939 11.1478L3.03184 8.26286C2.31673 7.39102 1.88571 6.27429 1.88571 5.05714C1.88571 2.26531 4.15102 0 6.94286 0C9.73714 0 12 2.26531 12 5.05714C12 7.84898 9.73714 10.1143 6.94286 10.1143C5.72571 10.1143 4.61143 9.68571 3.73959 8.97061L0.854693 11.8531C0.658775 12.049 0.342857 12.049 0.146939 11.8531C-0.0489798 11.6596 -0.0489798 11.3412 0.146939 11.1478ZM6.94286 9.10775C9.17878 9.10775 10.9959 7.29061 10.9959 5.05714C10.9959 2.82367 9.17878 1.00408 6.94286 1.00408C4.70939 1.00408 2.8898 2.82367 2.8898 5.05714C2.8898 7.29061 4.70939 9.10775 6.94286 9.10775Z" fill="white"/>..</svg>..

                                                                                                                                                                                                                                                                                                                C:\Users\user\PCAppStore\ui\static\media\icon_support_gray.a272cc7a.svg

                                                                                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\nsr7B99.tmp
                                                                                                                                                                                                                                                                                                                File Type:SVG Scalable Vector Graphics image
                                                                                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                                                                                Size (bytes):3466
                                                                                                                                                                                                                                                                                                                Entropy (8bit):3.9394896115708424
                                                                                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                                                                                SSDEEP:
                                                                                                                                                                                                                                                                                                                MD5:97A4CAA52C453393A3ACEDB7EB240010
                                                                                                                                                                                                                                                                                                                SHA1:26353A64DD09BA4D0055D2F259266DABE7C1CC88
                                                                                                                                                                                                                                                                                                                SHA-256:0A5439D793597DA248595B59290A41123A36BA90D47554ABE4E64147455BD86F
                                                                                                                                                                                                                                                                                                                SHA-512:F1C236016CE294FDD70C584FAF045BF5DAF8DD4BBE2D453788CF78BB0397C61305C2C148651D9D8E52ECF08AF39264835781EF3A9496759870C7BA93A6BA2500
                                                                                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                                                                                Preview:<svg width="21" height="21" viewBox="0 0 21 21" fill="none" xmlns="http://www.w3.org/2000/svg">..<path d="M9.89765 0C10.3083 0 10.719 0 11.1297 0C11.1845 0.0136988 11.2392 0.0273993 11.294 0.0273993C12.7588 0.123291 14.1551 0.520555 15.442 1.23289C18.399 2.86305 20.206 5.34254 20.8357 8.67136C20.9179 9.06862 20.9452 9.47958 21 9.87685C21 10.2878 21 10.6988 21 11.1097C20.9863 11.1645 20.9726 11.233 20.9589 11.2878C20.8631 12.7536 20.4661 14.1372 19.7679 15.4249C18.1389 18.3838 15.661 20.1921 12.3344 20.8222C11.9374 20.9044 11.5267 20.9318 11.116 20.9866C10.6917 20.9866 10.2673 20.9866 9.84289 20.9866C9.59648 20.9592 9.35007 20.9318 9.08996 20.8907C7.78944 20.6989 6.57106 20.3154 5.42112 19.6852C5.33898 19.6441 5.20209 19.6304 5.10626 19.6578C4.59974 19.8085 4.10691 19.9729 3.60039 20.1373C2.72425 20.4249 1.8618 20.7126 0.985658 20.9866C0.87614 20.9866 0.766624 20.9866 0.657106 20.9866C0.328553 20.877 0.109518 20.6578 0 20.329C0 20.2195 0 20.1099 0 20.0003C0.0136897 19.9866 0.027379 19.9

                                                                                                                                                                                                                                                                                                                C:\Users\user\PCAppStore\ui\static\media\icon_support_white.66ecfc42.svg

                                                                                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\nsr7B99.tmp
                                                                                                                                                                                                                                                                                                                File Type:SVG Scalable Vector Graphics image
                                                                                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                                                                                Size (bytes):3460
                                                                                                                                                                                                                                                                                                                Entropy (8bit):3.951932320279216
                                                                                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                                                                                SSDEEP:
                                                                                                                                                                                                                                                                                                                MD5:7BBD80A02464154C092ACBE7DD328730
                                                                                                                                                                                                                                                                                                                SHA1:C5E8862B03D566CCE19001910B1254D0293C1D9F
                                                                                                                                                                                                                                                                                                                SHA-256:F6B4616A88E746054F75133B879556D769B8A16395EDE1EFC723112BD41E218B
                                                                                                                                                                                                                                                                                                                SHA-512:53A0B00F505D6AC3B4E737540DD02036778BC89C521083352A20EE1E63136C4D72A9F6482752ADA6D8E415C6D384197FC393F5AED907A45F1209926DA9F80C48
                                                                                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                                                                                Preview:<svg width="21" height="21" viewBox="0 0 21 21" fill="none" xmlns="http://www.w3.org/2000/svg">..<path d="M9.89765 0C10.3083 0 10.719 0 11.1297 0C11.1845 0.0136988 11.2392 0.0273993 11.294 0.0273993C12.7588 0.123291 14.1551 0.520555 15.442 1.23289C18.399 2.86305 20.206 5.34254 20.8357 8.67136C20.9179 9.06862 20.9452 9.47958 21 9.87685C21 10.2878 21 10.6988 21 11.1097C20.9863 11.1645 20.9726 11.233 20.9589 11.2878C20.8631 12.7536 20.4661 14.1372 19.7679 15.4249C18.1389 18.3838 15.661 20.1921 12.3344 20.8222C11.9374 20.9044 11.5267 20.9318 11.116 20.9866C10.6917 20.9866 10.2673 20.9866 9.84289 20.9866C9.59648 20.9592 9.35007 20.9318 9.08996 20.8907C7.78944 20.6989 6.57106 20.3154 5.42112 19.6852C5.33898 19.6441 5.20208 19.6304 5.10626 19.6578C4.59974 19.8085 4.10691 19.9729 3.60039 20.1373C2.72425 20.4249 1.8618 20.7126 0.985658 20.9866C0.87614 20.9866 0.766624 20.9866 0.657106 20.9866C0.328553 20.877 0.109518 20.6578 0 20.329C0 20.2195 0 20.1099 0 20.0003C0.0136897 19.9866 0.027379 19.9

                                                                                                                                                                                                                                                                                                                C:\Users\user\PCAppStore\ui\static\media\icon_trash_gray.4f9b6bc3.svg

                                                                                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\nsr7B99.tmp
                                                                                                                                                                                                                                                                                                                File Type:SVG Scalable Vector Graphics image
                                                                                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                                                                                Size (bytes):4403
                                                                                                                                                                                                                                                                                                                Entropy (8bit):3.8960426134967934
                                                                                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                                                                                SSDEEP:
                                                                                                                                                                                                                                                                                                                MD5:360145CB691391CCC038500BAD652269
                                                                                                                                                                                                                                                                                                                SHA1:4F2D87620766892151D6087962DCB08628FC1220
                                                                                                                                                                                                                                                                                                                SHA-256:4E9DBDEE102A27F7B339857D9B888EB218E00456E42D1CE3747E4810DC4087C5
                                                                                                                                                                                                                                                                                                                SHA-512:D2940AA1CBFC0ADE2AEFBCA312F077A23D84C7F4D1087D0D8FD87D9ADF7939AA9B2774AAE53B4A8F55AF4C946C7066193B5636FC44997F742B29A873E9EE5BEC
                                                                                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                                                                                Preview:<svg width="13" height="15" viewBox="0 0 13 15" fill="none" xmlns="http://www.w3.org/2000/svg">..<path d="M4.62038 0C5.87329 0 7.12258 0 8.37549 0C8.39354 0.00732064 8.41159 0.0183016 8.42965 0.0219619C9.02541 0.124451 9.44425 0.560029 9.51285 1.16764C9.53451 1.35798 9.51646 1.55564 9.51646 1.76061C9.59951 1.76061 9.65006 1.76061 9.70422 1.76061C10.3577 1.76061 11.0149 1.75695 11.6684 1.76061C12.3111 1.76428 12.8202 2.17057 12.9647 2.78184C13.1019 3.34919 12.8311 3.97511 12.3003 4.23499C12.127 4.31918 12.08 4.42167 12.08 4.58638C12.08 4.59736 12.08 4.60469 12.0764 4.61567C11.9573 6.08712 11.8381 7.56223 11.719 9.03368C11.5962 10.5564 11.4698 12.0754 11.3471 13.5981C11.3182 13.9824 11.2207 14.3338 10.9391 14.6157C10.7296 14.8243 10.4697 14.9305 10.1917 15C7.72557 15 5.26308 15 2.79699 15C2.78977 14.9927 2.78255 14.9854 2.77533 14.9854C2.18318 14.8975 1.70657 14.396 1.65963 13.7299C1.59102 12.7928 1.50798 11.8521 1.43215 10.9151C1.33828 9.79136 1.24801 8.6713 1.15413 7.54758C1.07109 6.51

                                                                                                                                                                                                                                                                                                                C:\Users\user\PCAppStore\ui\static\media\icon_trash_white.1601c18d.svg

                                                                                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\nsr7B99.tmp
                                                                                                                                                                                                                                                                                                                File Type:SVG Scalable Vector Graphics image
                                                                                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                                                                                Size (bytes):4395
                                                                                                                                                                                                                                                                                                                Entropy (8bit):3.9130769273478307
                                                                                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                                                                                SSDEEP:
                                                                                                                                                                                                                                                                                                                MD5:B0F49189BE082A137803BEA947266CC9
                                                                                                                                                                                                                                                                                                                SHA1:8733164F238BB6BC95614B91715408EA54C54E57
                                                                                                                                                                                                                                                                                                                SHA-256:042BEFCC06513E3E81506FE03F28CA2986A11731A70F958D1F0CE0095924412F
                                                                                                                                                                                                                                                                                                                SHA-512:B3E007E8284E32AA9B20BE9161CE7641F7953A23104C69265ADBB8E689CE683C0FED86DE8FC682B27C10EBAD10C0A6385EC58A7450F91D8A5541F54402EFECFF
                                                                                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                                                                                Preview:<svg width="13" height="15" viewBox="0 0 13 15" fill="none" xmlns="http://www.w3.org/2000/svg">..<path d="M4.62038 0C5.87329 0 7.12258 0 8.37549 0C8.39354 0.00732064 8.41159 0.0183016 8.42965 0.0219619C9.02541 0.124451 9.44425 0.560029 9.51285 1.16764C9.53451 1.35798 9.51646 1.55564 9.51646 1.76061C9.59951 1.76061 9.65006 1.76061 9.70422 1.76061C10.3577 1.76061 11.0149 1.75695 11.6684 1.76061C12.3111 1.76428 12.8202 2.17057 12.9647 2.78184C13.1019 3.34919 12.8311 3.97511 12.3003 4.23499C12.127 4.31918 12.08 4.42167 12.08 4.58638C12.08 4.59736 12.08 4.60469 12.0764 4.61567C11.9573 6.08712 11.8381 7.56223 11.719 9.03368C11.5962 10.5564 11.4698 12.0754 11.3471 13.5981C11.3182 13.9824 11.2207 14.3338 10.9391 14.6157C10.7296 14.8243 10.4697 14.9305 10.1917 15C7.72557 15 5.26308 15 2.79699 15C2.78977 14.9927 2.78255 14.9854 2.77533 14.9854C2.18318 14.8975 1.70657 14.396 1.65963 13.7299C1.59102 12.7928 1.50798 11.8521 1.43215 10.9151C1.33828 9.79136 1.24801 8.6713 1.15413 7.54758C1.07109 6.51

                                                                                                                                                                                                                                                                                                                C:\Users\user\PCAppStore\ui\static\media\icon_turnoff_gray.a7446394.svg

                                                                                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\nsr7B99.tmp
                                                                                                                                                                                                                                                                                                                File Type:SVG Scalable Vector Graphics image
                                                                                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                                                                                Size (bytes):1858
                                                                                                                                                                                                                                                                                                                Entropy (8bit):4.054255384536267
                                                                                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                                                                                SSDEEP:
                                                                                                                                                                                                                                                                                                                MD5:04FDC7FEDBD2538F8B4A24EC6A737DDB
                                                                                                                                                                                                                                                                                                                SHA1:30EAAA4ECE1B1D47F846D1CF2B5B29753049335C
                                                                                                                                                                                                                                                                                                                SHA-256:E649612224E5754F9FD4A7602847F932B58BF6B24A22A36029D782FD129054CD
                                                                                                                                                                                                                                                                                                                SHA-512:18502FD6B8C17E3EE5EC89E9F9028710BB2BE57D2FB46282DDD3E7CE5C76F76FD17ECDFCC810F4B44FCE583937F10DD45C397449C374E4DBD7EFF2C12E36358C
                                                                                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                                                                                Preview:<svg width="19" height="21" viewBox="0 0 19 21" fill="none" xmlns="http://www.w3.org/2000/svg">..<path d="M8.896 21C8.53124 20.9487 8.16142 20.9077 7.80173 20.8359C5.14713 20.3231 3.06499 18.9233 1.56544 16.6568C0.521838 15.0826 -0.00502985 13.334 3.61876e-05 11.4418C0.0101683 8.62669 1.02844 6.24228 3.05486 4.30398C3.81983 3.57584 4.69119 3.00665 5.6436 2.57592C6.08435 2.37594 6.54536 2.50926 6.77839 2.89897C7.00636 3.27843 6.92024 3.77069 6.57069 4.03734C6.47443 4.10912 6.36298 4.16553 6.25659 4.21681C4.39229 5.10904 3.05992 6.51918 2.28482 8.45235C1.75289 9.78044 1.6009 11.1547 1.81874 12.5751C2.07711 14.2467 2.79142 15.6928 3.96168 16.8978C5.00021 17.9695 6.25153 18.6925 7.70041 19.0309C9.72683 19.5078 11.6469 19.2207 13.4352 18.1592C15.1424 17.1491 16.3127 15.6723 16.9054 13.7647C17.5893 11.57 17.3613 9.44201 16.2316 7.43705C15.416 5.98589 14.2407 4.91931 12.7411 4.21681C12.4777 4.09374 12.2446 3.93478 12.1433 3.6425C12.0268 3.31432 12.118 2.93999 12.3764 2.70411C12.6651 2.44773 1

                                                                                                                                                                                                                                                                                                                C:\Users\user\PCAppStore\ui\static\media\icon_turnoff_white.333d83c8.svg

                                                                                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\nsr7B99.tmp
                                                                                                                                                                                                                                                                                                                File Type:SVG Scalable Vector Graphics image
                                                                                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                                                                                Size (bytes):1854
                                                                                                                                                                                                                                                                                                                Entropy (8bit):4.069519451091226
                                                                                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                                                                                SSDEEP:
                                                                                                                                                                                                                                                                                                                MD5:FCA164880EE2E1D12B798C98241DCB76
                                                                                                                                                                                                                                                                                                                SHA1:A8554FA6389771ECBB7A7C5FEB016EC3DD6C056E
                                                                                                                                                                                                                                                                                                                SHA-256:5F591B87FE162601A488611DAEE8E89C6C0ABA9006DE926D75FC339224AA61E2
                                                                                                                                                                                                                                                                                                                SHA-512:90C00A580BBB8C47AB0B88A52F7738AE6F3188F3E6964D7CBB7011680C4F5406FA61EF7EA8A6403D41CA429E3FFD9FFABEF4C948DCA86782515E99A057B1CE27
                                                                                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                                                                                Preview:<svg width="19" height="21" viewBox="0 0 19 21" fill="none" xmlns="http://www.w3.org/2000/svg">..<path d="M8.896 21C8.53124 20.9487 8.16142 20.9077 7.80173 20.8359C5.14713 20.3231 3.06499 18.9233 1.56544 16.6568C0.521838 15.0826 -0.00502985 13.334 3.61876e-05 11.4418C0.0101683 8.62669 1.02844 6.24228 3.05486 4.30398C3.81983 3.57584 4.69119 3.00665 5.6436 2.57592C6.08435 2.37594 6.54536 2.50926 6.77839 2.89897C7.00636 3.27843 6.92024 3.77069 6.57069 4.03734C6.47443 4.10912 6.36298 4.16553 6.25659 4.21681C4.39229 5.10904 3.05992 6.51918 2.28482 8.45235C1.75289 9.78044 1.6009 11.1547 1.81874 12.5751C2.07711 14.2467 2.79142 15.6928 3.96168 16.8978C5.00021 17.9695 6.25153 18.6925 7.70041 19.0309C9.72683 19.5078 11.6469 19.2207 13.4352 18.1592C15.1424 17.1491 16.3127 15.6723 16.9054 13.7647C17.5893 11.57 17.3613 9.44201 16.2316 7.43705C15.416 5.98589 14.2407 4.91931 12.7411 4.21681C12.4777 4.09374 12.2446 3.93478 12.1433 3.6425C12.0268 3.31432 12.118 2.93999 12.3764 2.70411C12.6651 2.44773 1

                                                                                                                                                                                                                                                                                                                C:\Users\user\PCAppStore\ui\static\media\icon_unpin_gray.712c1820.svg

                                                                                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\nsr7B99.tmp
                                                                                                                                                                                                                                                                                                                File Type:SVG Scalable Vector Graphics image
                                                                                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                                                                                Size (bytes):2922
                                                                                                                                                                                                                                                                                                                Entropy (8bit):3.8955256034331684
                                                                                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                                                                                SSDEEP:
                                                                                                                                                                                                                                                                                                                MD5:60F659C2639149E5FE452A99BA232B94
                                                                                                                                                                                                                                                                                                                SHA1:70AB8FCF7714F5C83F9C7C749E95702273CEAF11
                                                                                                                                                                                                                                                                                                                SHA-256:FA330061E57D90B2BBB6F9F24982991F574DEC5E697CBACFB2551BD6D6317CD3
                                                                                                                                                                                                                                                                                                                SHA-512:25C728806C4C1501762A1D0446D18818BDDE667FE0681074541D3C8F4F2207F8DC8AA3A5F825CDE2F79E580BBA0F6C9189BBD9C2E11D261E57D4ECA78B83405D
                                                                                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                                                                                Preview:<svg width="15" height="15" viewBox="0 0 15 15" fill="none" xmlns="http://www.w3.org/2000/svg">..<path d="M14.7852 5.44353C13.0198 3.71096 11.2747 1.96502 9.5161 0.225768C9.21289 -0.0752561 8.88947 -0.0752561 8.58626 0.225768C7.95964 0.841196 7.33975 1.45662 6.71986 2.07874C6.41665 2.37977 6.41665 2.69417 6.7266 3.00188C6.84788 3.12898 6.98264 3.2427 7.10392 3.36311C7.07697 3.40325 7.07023 3.42332 7.05676 3.4367C6.49077 3.99861 5.93152 4.56052 5.3588 5.10905C5.31163 5.15588 5.19709 5.17595 5.12971 5.16257C4.27399 5.00871 3.41153 4.92844 2.54234 5.04216C1.8416 5.12912 1.18802 5.34987 0.648983 5.82482C0.271659 6.16598 0.264921 6.48039 0.622032 6.83493C1.69336 7.89855 2.77143 8.96886 3.84276 10.0325C3.89667 10.086 3.94383 10.1395 4.02469 10.2198C3.88993 10.3402 3.76191 10.4472 3.64736 10.5609C2.50865 11.6915 1.3632 12.822 0.224493 13.9592C-0.0113341 14.1933 -0.0584993 14.4408 0.0695214 14.6883C0.197542 14.9291 0.453583 15.0562 0.743314 14.976C0.878073 14.9425 1.00609 14.8556 1.10716 14.75

                                                                                                                                                                                                                                                                                                                C:\Users\user\PCAppStore\ui\static\media\icon_unpin_white.6b8ad10f.svg

                                                                                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\nsr7B99.tmp
                                                                                                                                                                                                                                                                                                                File Type:SVG Scalable Vector Graphics image
                                                                                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                                                                                Size (bytes):2920
                                                                                                                                                                                                                                                                                                                Entropy (8bit):3.895777405127468
                                                                                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                                                                                SSDEEP:
                                                                                                                                                                                                                                                                                                                MD5:610CC1A8CF2F609FCD872D217E3D4333
                                                                                                                                                                                                                                                                                                                SHA1:91F5EBF7DFAA1F39123342EFF19176D4432C0388
                                                                                                                                                                                                                                                                                                                SHA-256:AC401187E858B9BD7CAD7A638063B9808FA6545D6576BBEA41471C7336E6AAE2
                                                                                                                                                                                                                                                                                                                SHA-512:E803E86F8090F205EBF3EF2E9796ECFD7B31485A89DFFA4B72785E3E721BFA67CEF2D1D8416352C320BC6556FF977FC9630A2E24551BA6CDB9965F2067B3CE28
                                                                                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                                                                                Preview:<svg width="15" height="15" viewBox="0 0 15 15" fill="none" xmlns="http://www.w3.org/2000/svg">..<path d="M14.7852 5.44353C13.0198 3.71096 11.2747 1.96502 9.5161 0.225768C9.21289 -0.0752561 8.88947 -0.0752561 8.58626 0.225768C7.95964 0.841196 7.33975 1.45662 6.71986 2.07874C6.41665 2.37977 6.41665 2.69417 6.7266 3.00188C6.84788 3.12898 6.98264 3.2427 7.10392 3.36311C7.07697 3.40325 7.07023 3.42332 7.05676 3.4367C6.49077 3.99861 5.93152 4.56052 5.3588 5.10905C5.31163 5.15588 5.19709 5.17595 5.12971 5.16257C4.27399 5.00871 3.41153 4.92844 2.54234 5.04216C1.8416 5.12912 1.18802 5.34987 0.648983 5.82482C0.271659 6.16598 0.264921 6.48039 0.622032 6.83493C1.69336 7.89855 2.77143 8.96886 3.84276 10.0325C3.89667 10.086 3.94383 10.1395 4.02469 10.2198C3.88993 10.3402 3.76191 10.4472 3.64736 10.5609C2.50865 11.6915 1.3632 12.822 0.224493 13.9592C-0.0113341 14.1933 -0.0584993 14.4408 0.0695214 14.6883C0.197542 14.9291 0.453583 15.0562 0.743314 14.976C0.878073 14.9425 1.00609 14.8556 1.10716 14.75

                                                                                                                                                                                                                                                                                                                C:\Users\user\PCAppStore\ui\static\media\icon_weather_gray.6eb05cae.svg

                                                                                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\nsr7B99.tmp
                                                                                                                                                                                                                                                                                                                File Type:SVG Scalable Vector Graphics image
                                                                                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                                                                                Size (bytes):3445
                                                                                                                                                                                                                                                                                                                Entropy (8bit):3.979453075901205
                                                                                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                                                                                SSDEEP:
                                                                                                                                                                                                                                                                                                                MD5:8517A7C9AC10921DEBA471DD89A13601
                                                                                                                                                                                                                                                                                                                SHA1:55F06AA4A8E2C59CCBCF9EDFBF4A19192E921302
                                                                                                                                                                                                                                                                                                                SHA-256:4AA2937B6A751F114A1CB7BE1A09ECEC436F70AF6350A17EAFF88A3D88262818
                                                                                                                                                                                                                                                                                                                SHA-512:6EB83B5F88E0945C63550501FD856AB9E0B80C0827470124FF93342A7F8EB560CCF11AFEBC08D49F7BB55122EB6D22D0146E979D7A10F911233E17B77704DD86
                                                                                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                                                                                Preview:<svg width="27" height="23" viewBox="0 0 27 23" fill="none" xmlns="http://www.w3.org/2000/svg">..<path d="M26.576 17.9499C26.4889 18.2549 26.4453 18.5599 26.3582 18.8649C25.7918 20.9561 24.0056 22.5245 21.8708 22.7859C21.5223 22.8294 21.1737 22.8294 20.8252 22.8294C17.2527 22.8294 13.6367 22.8294 10.0642 22.8294C7.84227 22.8294 6.09959 21.3917 5.66392 19.257C5.44609 18.2549 5.62036 17.2529 6.14316 16.338C6.18673 16.2508 6.2303 16.2073 6.27387 16.1201C6.01247 15.9023 5.70749 15.6845 5.44609 15.4666C3.57271 13.6804 2.96277 11.502 3.70341 9.0623C4.44405 6.62255 6.18672 5.18485 8.7136 4.74918C11.3712 4.31351 13.9416 5.70765 15.1615 8.10383C15.2486 8.27809 15.3358 8.32166 15.51 8.36523C17.8191 8.5395 19.5182 9.62867 20.5202 11.6763C20.6509 11.8941 20.7381 11.9813 20.9995 11.9813C23.8313 11.9377 26.0968 13.9418 26.4889 16.7301C26.4889 16.7736 26.5325 16.8608 26.5325 16.9043C26.576 17.2529 26.576 17.6014 26.576 17.9499ZM15.5972 21.3046C16.5121 21.3046 17.4706 21.3046 18.3855 21.3046C19.3439 2

                                                                                                                                                                                                                                                                                                                C:\Users\user\PCAppStore\ui\static\media\icon_weather_white.c0043930.svg

                                                                                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\nsr7B99.tmp
                                                                                                                                                                                                                                                                                                                File Type:SVG Scalable Vector Graphics image
                                                                                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                                                                                Size (bytes):3425
                                                                                                                                                                                                                                                                                                                Entropy (8bit):4.01234712901125
                                                                                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                                                                                SSDEEP:
                                                                                                                                                                                                                                                                                                                MD5:0C92AF8318B8C3247643257AF05FD42E
                                                                                                                                                                                                                                                                                                                SHA1:2DD447FF88BC4B9BC48324FEF75D9395867D7462
                                                                                                                                                                                                                                                                                                                SHA-256:0503A1E65404853AE72D674F95D1ECB8EFCDF94B68A5B80EE8B59D7E77504A39
                                                                                                                                                                                                                                                                                                                SHA-512:C5AACD08A30E34262FA433B29EC8971CC39E4675D9186C9D527641516CBB5C70B7F3138DF3AA3BD45677B4043F89DAC981C2F16D31ACD6A80226E4E43AB6107B
                                                                                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                                                                                Preview:<svg width="26" height="22" viewBox="0 0 26 22" fill="none" xmlns="http://www.w3.org/2000/svg">..<path d="M26 17.2979C25.9147 17.5917 25.8721 17.8856 25.7869 18.1795C25.2328 20.1948 23.4853 21.7063 21.3968 21.9582C21.0558 22.0002 20.7149 22.0002 20.3739 22.0002C16.8789 22.0002 13.3413 22.0002 9.84631 22.0002C7.6726 22.0002 5.96772 20.6147 5.5415 18.5574C5.32839 17.5917 5.49888 16.6261 6.01034 15.7444C6.05297 15.6604 6.0956 15.6185 6.13822 15.5345C5.88249 15.3246 5.58412 15.1146 5.32839 14.9047C3.49565 13.1833 2.89895 11.0841 3.62352 8.7329C4.34809 6.38173 6.05296 4.99623 8.52503 4.57638C11.125 4.15653 13.6397 5.50005 14.8331 7.80923C14.9183 7.97717 15.0035 8.01915 15.174 8.06114C17.433 8.22908 19.0952 9.2787 20.0755 11.252C20.2034 11.4619 20.2887 11.5459 20.5444 11.5459C23.3148 11.5039 25.5311 13.4352 25.9147 16.1223C25.9147 16.1643 25.9574 16.2482 25.9574 16.2902C26 16.6261 26 16.962 26 17.2979ZM15.2593 20.5307C16.1543 20.5307 17.092 20.5307 17.9871 20.5307C18.9248 20.5307 19.8198 20.

                                                                                                                                                                                                                                                                                                                C:\Users\user\PCAppStore\ui\static\media\in_background_auto_update_img.dd2961b8.png

                                                                                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\nsr7B99.tmp
                                                                                                                                                                                                                                                                                                                File Type:PNG image data, 490 x 140, 8-bit/color RGBA, non-interlaced
                                                                                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                                                                                Size (bytes):11957
                                                                                                                                                                                                                                                                                                                Entropy (8bit):7.943985153985361
                                                                                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                                                                                SSDEEP:
                                                                                                                                                                                                                                                                                                                MD5:5D3291D90D252B1C09C262466D67D04A
                                                                                                                                                                                                                                                                                                                SHA1:0AFB93843C13CC71B458D92E5400FC756FEC5691
                                                                                                                                                                                                                                                                                                                SHA-256:4192A0833E3F06C4B9B563BA5777A3CBFAA69BCBA6DF233889540709772FF082
                                                                                                                                                                                                                                                                                                                SHA-512:B14F315D3C3A7F7EEEB758774DCC0F3891087DCC79C2A30C61E27F401F04AFDD18D0393AA7CFA4E56A41F6F295AF0716920B313653D095ADB5CE56E18804EEE1
                                                                                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                                                                                Preview:.PNG........IHDR.....................pHYs.................sRGB.........gAMA......a....JIDATx..}p..}.b......l.`...cp.p..$....M...$...6.I.o...i...N.f...L.G.M..8.f...0..,$1..........3.X....=.s........+..~f4..=.y?.w~..9.i.c.Q'..B.<2..'..B.."A-..B...j!..".HP.!..9F.Z.!..1..B.!D....B.!r....B..c$...B..#A-..B...j!..".HP.!..9F.Z.!..1..B.!D....B.!r....B..c$...B..#A-..B...j!..".HP.!..9F.Z.!..1..B.!D....B.!r....B..c$...B..#A-..B...j!..".HP.!..9F.Z.!..17...2........&wS.m..^..r..x......kC/9!..b..r..m... ..=.GA@g.j..7...I`.!..I..RP..y.k.....^....kCn.....wB.!..`...E.q9.}......q-7..z._Z|.......T0o.....7...~......+.n....Y.q.+.5....IW.O..~o.....Y...].Y....v.....~w..{.../..?..g..y...?...x..g...'....zA...o...7o..........R......W)...k........._..[{....|..?..?.Y..?......O.`.{<..j..dtt.......Q-...c_..S.Zz<G.R?.so.....H...}.I..o}....cuiy......_y.}...s---..O~5..g.wB.Q.......k..z@X.....t..._.qn.]w.A..D..<......@.,.=....>.v.u.{.....s...4..ou.>......7....o.-.X.Tz.....

                                                                                                                                                                                                                                                                                                                Chrome Cache Entry: 274

                                                                                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                                                                                Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                                                                                                                                File Type:ASCII text, with very long lines (4932), with no line terminators
                                                                                                                                                                                                                                                                                                                Category:downloaded
                                                                                                                                                                                                                                                                                                                Size (bytes):4932
                                                                                                                                                                                                                                                                                                                Entropy (8bit):5.844252032729788
                                                                                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                                                                                SSDEEP:
                                                                                                                                                                                                                                                                                                                MD5:BFE398A907032B8C2B67008FA71D7D4C
                                                                                                                                                                                                                                                                                                                SHA1:89A6956D18D617ABDFEA8B6D25B853C7FB4FA8AF
                                                                                                                                                                                                                                                                                                                SHA-256:0EF233DC40F7D174B54CA35C37081842EEC4E1E6E71A3DF17E88A544FE900B75
                                                                                                                                                                                                                                                                                                                SHA-512:DCB65CE16062347EBF1305ACB6F6A36CFADE97AC480C8B8ECC4CE2E68FB3BE34AE96E56D552D0DCA19379A92A2DC90E0796DEF8EDAD81BBDAF95428FAB7503BD
                                                                                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                                                                                URL:https://googleads.g.doubleclick.net/pagead/viewthroughconversion/858128210/?random=1728050424541&cv=11&fst=1728050424541&bg=ffffff&guid=ON&async=1&gtm=45be4a20v9103256652za200&gcd=13l3l3l3l1l1&dma=0&tag_exp=101671035~101747727&u_w=1280&u_h=1024&url=https%3A%2F%2Fpcapp.store%2F%3Fp%3Dlpd_installing_r2%26guid%3D71434D56-1548-ED3D-AEE6-C75AECD93BF0%26_fcid%3D1728048003008516%26_winver%3D19045%26version%3Dfa.1091x&label=kTaFCIuq0YYZENL-l5kD&hn=www.googleadservices.com&frm=0&tiba=APP%20STORE%3A%20Installing&value=1&currency_code=USD&npa=0&pscdl=noapi&auid=1413056622.1728050423&uaa=x86&uab=64&uafvl=Google%2520Chrome%3B117.0.5938.132%7CNot%253BA%253DBrand%3B8.0.0.0%7CChromium%3B117.0.5938.132&uamb=0&uam=&uap=Windows&uapv=10.0.0&uaw=0&fledge=1&data=event%3Dconversion&rfmt=3&fmt=4
                                                                                                                                                                                                                                                                                                                Preview:(function(){var s = {};(function(){var h=typeof Object.defineProperties=="function"?Object.defineProperty:function(a,b,d){if(a==Array.prototype||a==Object.prototype)return a;a[b]=d.value;return a};function k(a){a=["object"==typeof globalThis&&globalThis,a,"object"==typeof window&&window,"object"==typeof self&&self,"object"==typeof global&&global];for(var b=0;b<a.length;++b){var d=a[b];if(d&&d.Math==Math)return d}throw Error("Cannot find global object");} var m=k(this),p=typeof Symbol==="function"&&typeof Symbol("x")==="symbol",t={},v={};function w(a,b,d){if(!d||a!=null){d=v[b];if(d==null)return a[b];d=a[d];return d!==void 0?d:a[b]}} function x(a,b,d){if(b)a:{var c=a.split(".");a=c.length===1;var e=c[0],g;!a&&e in t?g=t:g=m;for(e=0;e<c.length-1;e++){var f=c[e];if(!(f in g))break a;g=g[f]}c=c[c.length-1];d=p&&d==="es6"?g[c]:null;b=b(d);b!=null&&(a?h(t,c,{configurable:!0,writable:!0,value:b}):b!==d&&(v[c]===void 0&&(a=Math.random()*1E9>>>0,v[c]=p?m.Symbol(c):"$jscp$"+a+"$"+c),h(g,v[c],{co

                                                                                                                                                                                                                                                                                                                Chrome Cache Entry: 275

                                                                                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                                                                                Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                                                                                                                                File Type:HTML document, ASCII text, with very long lines (52670), with no line terminators
                                                                                                                                                                                                                                                                                                                Category:downloaded
                                                                                                                                                                                                                                                                                                                Size (bytes):52670
                                                                                                                                                                                                                                                                                                                Entropy (8bit):5.511869787430099
                                                                                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                                                                                SSDEEP:
                                                                                                                                                                                                                                                                                                                MD5:60EBD215A8BA18B3B9A105C73D710EE3
                                                                                                                                                                                                                                                                                                                SHA1:9FBF5076F0600014E480C91C917B0602AA4F18A0
                                                                                                                                                                                                                                                                                                                SHA-256:A971D0871007890684E4D287614A6CD93DA98F0E185DA67C7E369D3D241CD5FD
                                                                                                                                                                                                                                                                                                                SHA-512:788CF3495336701964707FB13F5F8B256334EDF43720B4525F1D5042B768FEFAF9B5573508A0A3CCFA76F620351A97F091BADDCE60999E3BABBD28ED9C305534
                                                                                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                                                                                URL:https://td.doubleclick.net/td/rul/858128210?random=1728050423090&cv=11&fst=1728050423090&fmt=3&bg=ffffff&guid=ON&async=1&gtm=45be4a20v9103256652za200&gcd=13l3l3l3l1l1&dma=0&tag_exp=101671035~101747727&u_w=1280&u_h=1024&url=https%3A%2F%2Fpcapp.store%2F%3Fp%3Dlpd_installing_r2%26guid%3D71434D56-1548-ED3D-AEE6-C75AECD93BF0%26_fcid%3D1728048003008516%26_winver%3D19045%26version%3Dfa.1091x&hn=www.googleadservices.com&frm=0&tiba=APP%20STORE%3A%20Installing&npa=0&pscdl=noapi&auid=1413056622.1728050423&uaa=x86&uab=64&uafvl=Google%2520Chrome%3B117.0.5938.132%7CNot%253BA%253DBrand%3B8.0.0.0%7CChromium%3B117.0.5938.132&uamb=0&uam=&uap=Windows&uapv=10.0.0&uaw=0&fledge=1&data=event%3Dpage_view
                                                                                                                                                                                                                                                                                                                Preview:<html><head><meta http-equiv="origin-trial" content="Avh5Ny0XEFCyQ7+oNieXskUrqY8edUzL5/XrwKlGjARQHW4TFRK+jVd5HnDIpY20n5OLHfgU4ku7x48N3uhG/A0AAABxeyJvcmlnaW4iOiJodHRwczovL2RvdWJsZWNsaWNrLm5ldDo0NDMiLCJmZWF0dXJlIjoiUHJpdmFjeVNhbmRib3hBZHNBUElzIiwiZXhwaXJ5IjoxNjk1MTY3OTk5LCJpc1N1YmRvbWFpbiI6dHJ1ZX0="></head><body><script>var ig_list={"interestGroups":[{"action":0,"expirationTimeInSeconds":5184000,"interestGroupAttributes":{"owner":"https://td.doubleclick.net","name":"4s1413056622.1728050423","biddingLogicUrl":"https://td.doubleclick.net/td/bjs","dailyUpdateUrl":"https://td.doubleclick.net/td/update?ig_name=4s1413056622.1728050423\u0026ig_key=1sNHMxNDEzMDU2NjIyLjE3MjgwNTA0MjM!2sZ08O-Q!3sAAptDV73rlVS","trustedBiddingSignalsUrl":"https://td.doubleclick.net/td/bts","trustedBiddingSignalsKeys":["1sOxwLJg!2sZ08O-Q!3sAAptDV73rlVS"],"userBiddingSignals":[["7900466892","475816165","7904705661","596093288"],null,1728050425510322],"ads":[{"renderUrl":"https://tdsf.doubleclick.net/td/adfetch/gda?adg_

                                                                                                                                                                                                                                                                                                                Chrome Cache Entry: 276

                                                                                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                                                                                Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                                                                                                                                File Type:ASCII text, with very long lines (4833), with no line terminators
                                                                                                                                                                                                                                                                                                                Category:downloaded
                                                                                                                                                                                                                                                                                                                Size (bytes):4833
                                                                                                                                                                                                                                                                                                                Entropy (8bit):5.824073059298085
                                                                                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                                                                                SSDEEP:
                                                                                                                                                                                                                                                                                                                MD5:15C9628BCC015BBE3883E109BCAF214F
                                                                                                                                                                                                                                                                                                                SHA1:8E589F80FE50413C1A9959F5214F15BB1A14DB0A
                                                                                                                                                                                                                                                                                                                SHA-256:86D753ACD74100A3E152F397326ABB5BE9E39D5959C08606B7B2A78FA3F2F161
                                                                                                                                                                                                                                                                                                                SHA-512:8A03143E3B449154BC4FAC38BA609988AF7A47202F31A1490FC14091741D18BC8B2175E8C0D918AF01F17FE61CAE36171423640269855AF9E966519FE92DDEA9
                                                                                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                                                                                URL:https://googleads.g.doubleclick.net/pagead/viewthroughconversion/858128210/?random=1728050423090&cv=11&fst=1728050423090&bg=ffffff&guid=ON&async=1&gtm=45be4a20v9103256652za200&gcd=13l3l3l3l1l1&dma=0&tag_exp=101671035~101747727&u_w=1280&u_h=1024&url=https%3A%2F%2Fpcapp.store%2F%3Fp%3Dlpd_installing_r2%26guid%3D71434D56-1548-ED3D-AEE6-C75AECD93BF0%26_fcid%3D1728048003008516%26_winver%3D19045%26version%3Dfa.1091x&hn=www.googleadservices.com&frm=0&tiba=APP%20STORE%3A%20Installing&npa=0&pscdl=noapi&auid=1413056622.1728050423&uaa=x86&uab=64&uafvl=Google%2520Chrome%3B117.0.5938.132%7CNot%253BA%253DBrand%3B8.0.0.0%7CChromium%3B117.0.5938.132&uamb=0&uam=&uap=Windows&uapv=10.0.0&uaw=0&fledge=1&data=event%3Dpage_view&rfmt=3&fmt=4
                                                                                                                                                                                                                                                                                                                Preview:(function(){var s = {};(function(){var h=typeof Object.defineProperties=="function"?Object.defineProperty:function(a,b,d){if(a==Array.prototype||a==Object.prototype)return a;a[b]=d.value;return a};function k(a){a=["object"==typeof globalThis&&globalThis,a,"object"==typeof window&&window,"object"==typeof self&&self,"object"==typeof global&&global];for(var b=0;b<a.length;++b){var d=a[b];if(d&&d.Math==Math)return d}throw Error("Cannot find global object");} var m=k(this),p=typeof Symbol==="function"&&typeof Symbol("x")==="symbol",t={},v={};function w(a,b,d){if(!d||a!=null){d=v[b];if(d==null)return a[b];d=a[d];return d!==void 0?d:a[b]}} function x(a,b,d){if(b)a:{var c=a.split(".");a=c.length===1;var e=c[0],g;!a&&e in t?g=t:g=m;for(e=0;e<c.length-1;e++){var f=c[e];if(!(f in g))break a;g=g[f]}c=c[c.length-1];d=p&&d==="es6"?g[c]:null;b=b(d);b!=null&&(a?h(t,c,{configurable:!0,writable:!0,value:b}):b!==d&&(v[c]===void 0&&(a=Math.random()*1E9>>>0,v[c]=p?m.Symbol(c):"$jscp$"+a+"$"+c),h(g,v[c],{co

                                                                                                                                                                                                                                                                                                                Chrome Cache Entry: 277

                                                                                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                                                                                Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                                                                                                                                File Type:ASCII text, with very long lines (14408)
                                                                                                                                                                                                                                                                                                                Category:downloaded
                                                                                                                                                                                                                                                                                                                Size (bytes):355831
                                                                                                                                                                                                                                                                                                                Entropy (8bit):5.590345287971095
                                                                                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                                                                                SSDEEP:
                                                                                                                                                                                                                                                                                                                MD5:7C7375B91A45AFC9B244FC87BC06AC4E
                                                                                                                                                                                                                                                                                                                SHA1:8A97C7FE759CD717CAD6D88822AE3C30AD470E7A
                                                                                                                                                                                                                                                                                                                SHA-256:FA7C5ED9FE69B9A8DEDB479307EE745EC6E8525FCAD448C4E338ADF0B20B9E54
                                                                                                                                                                                                                                                                                                                SHA-512:2EC00ED07DA701FD50530E8CE98630AAC177B4D3E3B1DAD4EBA286A1E556D733ED89699A57A67916F9EC9929A34655E95A8818A572167740CC957E8984E9E77C
                                                                                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                                                                                URL:https://www.googletagmanager.com/gtag/js?id=G-VFQWFX3X1C
                                                                                                                                                                                                                                                                                                                Preview:.// Copyright 2012 Google Inc. All rights reserved.. .(function(){..var data = {."resource": {. "version":"3",. . "macros":[{"function":"__e"},{"function":"__c","vtp_value":""},{"function":"__c","vtp_value":0}],. "tags":[{"function":"__ogt_cross_domain","priority":39,"vtp_rules":["list","pcapp\\.store","pcappstore\\.download"],"tag_id":11},{"function":"__ogt_ga_send","priority":29,"vtp_value":true,"tag_id":13},{"function":"__ogt_referral_exclusion","priority":29,"vtp_includeConditions":["list","veryfast\\.io"],"tag_id":14},{"function":"__ogt_session_timeout","priority":29,"vtp_sessionMinutes":30,"vtp_sessionHours":0,"tag_id":15},{"function":"__ogt_1p_data_v2","priority":29,"vtp_isAutoEnabled":true,"vtp_autoCollectExclusionSelectors":["list",["map","exclusionSelector",""]],"vtp_isEnabled":true,"vtp_cityType":"CSS_SELECTOR","vtp_manualEmailEnabled":false,"vtp_firstNameType":"CSS_SELECTOR","vtp_countryType":"CSS_SELECTOR","vtp_cityValue":"","vtp_emailType":"CSS_SELECTOR","vtp_regionTy

                                                                                                                                                                                                                                                                                                                Chrome Cache Entry: 278

                                                                                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                                                                                Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                                                                                                                                File Type:ASCII text, with very long lines (4851), with no line terminators
                                                                                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                                                                                Size (bytes):4851
                                                                                                                                                                                                                                                                                                                Entropy (8bit):5.831354482006782
                                                                                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                                                                                SSDEEP:
                                                                                                                                                                                                                                                                                                                MD5:242FDAFFEA6558B2238578545A0A9139
                                                                                                                                                                                                                                                                                                                SHA1:9B172B7644E74260496FAF8CF3B011DD91B15BEA
                                                                                                                                                                                                                                                                                                                SHA-256:D5D45997B560622839F3FA2258CDC3C789683E526B4134A26F8AA67A0D60D41A
                                                                                                                                                                                                                                                                                                                SHA-512:7F297729751233736A3970E5929B0E3890544B630797E246D4151E19D69808377364A903FCB825D0CC0BE20BB1A9FB839DB72E153A7D97EEA78B168ABA4D4025
                                                                                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                                                                                Preview:(function(){var s = {};(function(){var h=typeof Object.defineProperties=="function"?Object.defineProperty:function(a,b,d){if(a==Array.prototype||a==Object.prototype)return a;a[b]=d.value;return a};function k(a){a=["object"==typeof globalThis&&globalThis,a,"object"==typeof window&&window,"object"==typeof self&&self,"object"==typeof global&&global];for(var b=0;b<a.length;++b){var d=a[b];if(d&&d.Math==Math)return d}throw Error("Cannot find global object");} var m=k(this),p=typeof Symbol==="function"&&typeof Symbol("x")==="symbol",t={},v={};function w(a,b,d){if(!d||a!=null){d=v[b];if(d==null)return a[b];d=a[d];return d!==void 0?d:a[b]}} function x(a,b,d){if(b)a:{var c=a.split(".");a=c.length===1;var e=c[0],g;!a&&e in t?g=t:g=m;for(e=0;e<c.length-1;e++){var f=c[e];if(!(f in g))break a;g=g[f]}c=c[c.length-1];d=p&&d==="es6"?g[c]:null;b=b(d);b!=null&&(a?h(t,c,{configurable:!0,writable:!0,value:b}):b!==d&&(v[c]===void 0&&(a=Math.random()*1E9>>>0,v[c]=p?m.Symbol(c):"$jscp$"+a+"$"+c),h(g,v[c],{co

                                                                                                                                                                                                                                                                                                                Chrome Cache Entry: 279

                                                                                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                                                                                Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                                                                                                                                File Type:SVG Scalable Vector Graphics image
                                                                                                                                                                                                                                                                                                                Category:downloaded
                                                                                                                                                                                                                                                                                                                Size (bytes):3592
                                                                                                                                                                                                                                                                                                                Entropy (8bit):4.71780114350715
                                                                                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                                                                                SSDEEP:
                                                                                                                                                                                                                                                                                                                MD5:0FFC071BC5AF33D2BE224CF147670471
                                                                                                                                                                                                                                                                                                                SHA1:5A7FC912A47D0531B2C95BFCB6BEAAA2248E0779
                                                                                                                                                                                                                                                                                                                SHA-256:1923EFD4718E21B882410106B6FEF7FA35C3EB2EC3C2338CD8DFF07108F25C1F
                                                                                                                                                                                                                                                                                                                SHA-512:205AF4B98312AB012BE7D7C25AC0A6D91D11C77DC3E29A9D6CC80F96A97577826079469AF16F88FE214CF0A17C70261C4AAA671FBB19EF214B91776BC3683353
                                                                                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                                                                                URL:https://repository.pcapp.store/pcapp/images/front_img/lp/lpd_installing_r2/img/done_cursor_icon.svg
                                                                                                                                                                                                                                                                                                                Preview:<svg width="107" height="109" viewBox="0 0 107 109" fill="none" xmlns="http://www.w3.org/2000/svg"><g filter="url(#filter0_d_539_286)"><path d="M78.856 41.614c.048-.048.096-.048.096-.096.048-.048.048-.096.048-.143v-.192c0-.096-.048-.144-.096-.24a.84.84 0 00-.191-.239c-.048-.096-.144-.143-.24-.191-.096-.048-.191-.144-.287-.192L31.16 17.144c-.096-.048-.144-.048-.24-.096S30.777 17 30.68 17h-.574c-.096 0-.144.048-.191.096-.048.048-.096.048-.144.096-.048.047-.048.095-.096.143L28 23.8v.191l7.853 43.29c0 .144.048.24.144.336.048.096.144.191.24.287.095.096.191.192.335.24.096.047.24.143.383.143.048 0 .048 0 .096.048h.622s.048 0 .048-.048c0 0 .048 0 .048-.048h.048s.048 0 .048-.047h.048l.048-.048.047-.048 10.153-14.27L63.1 70.537l.048.048s.048 0 .048.048l.048.048s.048.048.096.048h.096c.047 0 .047.047.095.047s.048.048.096.048h.863c.048 0 .048 0 .096-.047.048 0 .048-.048.096-.048l8.476-5.986 4.214-5.603c.048-.048.048-.096.096-.144 0-.048.047-.096.047-.144v-.191c0-.048-.047-.144-.047-.192a.363.363 0

                                                                                                                                                                                                                                                                                                                Chrome Cache Entry: 280

                                                                                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                                                                                Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                                                                                                                                File Type:ASCII text, with very long lines (4269)
                                                                                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                                                                                Size (bytes):282140
                                                                                                                                                                                                                                                                                                                Entropy (8bit):5.547211629456334
                                                                                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                                                                                SSDEEP:
                                                                                                                                                                                                                                                                                                                MD5:88F550324BC77DEF7089D9C0B07B3FC0
                                                                                                                                                                                                                                                                                                                SHA1:0C246A155049D455E1A3DBB875C7FC944CCCAEB0
                                                                                                                                                                                                                                                                                                                SHA-256:F3D0011E87108C076E58C455D27CB3B07EE4ECDA9C86B3583A80E400B906F5C6
                                                                                                                                                                                                                                                                                                                SHA-512:265EF8C7D63EB295911FFE56BBE5B5B27FB7A6F34D6846ADECB298D240CEF28E2AF38B10A66428289861CAAF1631A50FED3F766C2A4D1E0DC68FB1DEB5AF91C4
                                                                                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                                                                                Preview:.// Copyright 2012 Google Inc. All rights reserved.. .(function(){..var data = {."resource": {. "version":"2",. . "macros":[{"function":"__e"}],. "tags":[{"function":"__ogt_ads_datatos","priority":16,"vtp_instanceDestinationId":"AW-858128210","tag_id":16},{"function":"__ogt_cps","priority":6,"vtp_cpsMode":"ALL","tag_id":8},{"function":"__ogt_1p_data_v2","priority":6,"vtp_isAutoEnabled":true,"vtp_autoCollectExclusionSelectors":["list",["map","exclusionSelector",""]],"vtp_isEnabled":true,"vtp_cityType":"CSS_SELECTOR","vtp_manualEmailEnabled":false,"vtp_firstNameType":"CSS_SELECTOR","vtp_countryType":"CSS_SELECTOR","vtp_cityValue":"","vtp_emailType":"CSS_SELECTOR","vtp_regionType":"CSS_SELECTOR","vtp_autoEmailEnabled":true,"vtp_postalCodeValue":"","vtp_lastNameValue":"","vtp_phoneType":"CSS_SELECTOR","vtp_phoneValue":"","vtp_streetType":"CSS_SELECTOR","vtp_autoPhoneEnabled":false,"vtp_postalCodeType":"CSS_SELECTOR","vtp_emailValue":"","vtp_firstNameValue":"","vtp_streetValue":"","vtp_

                                                                                                                                                                                                                                                                                                                Chrome Cache Entry: 281

                                                                                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                                                                                Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                                                                                                                                File Type:ASCII text, with very long lines (4269)
                                                                                                                                                                                                                                                                                                                Category:downloaded
                                                                                                                                                                                                                                                                                                                Size (bytes):282126
                                                                                                                                                                                                                                                                                                                Entropy (8bit):5.547190093158589
                                                                                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                                                                                SSDEEP:
                                                                                                                                                                                                                                                                                                                MD5:69E5D8A4F73455703B62EFFE94FACB64
                                                                                                                                                                                                                                                                                                                SHA1:3070E99AAB76F50F849746719DA5AF7566F2DE82
                                                                                                                                                                                                                                                                                                                SHA-256:88F555AB0F11F12DA29DA94726EE76214C4918F94B13F42AD0B0093771705E7E
                                                                                                                                                                                                                                                                                                                SHA-512:FC5DC231C2FD5BC1FB7CC5486208BCDAE5DA5D9157CDE3E56021078AA003A72C3AB5334335D4E94CD59D4771E38290C78362F6A0F2C11B61CC7465ADFAF39C54
                                                                                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                                                                                URL:https://www.googletagmanager.com/gtag/js?id=AW-858128210
                                                                                                                                                                                                                                                                                                                Preview:.// Copyright 2012 Google Inc. All rights reserved.. .(function(){..var data = {."resource": {. "version":"2",. . "macros":[{"function":"__e"}],. "tags":[{"function":"__ogt_ads_datatos","priority":16,"vtp_instanceDestinationId":"AW-858128210","tag_id":16},{"function":"__ogt_cps","priority":6,"vtp_cpsMode":"ALL","tag_id":8},{"function":"__ogt_1p_data_v2","priority":6,"vtp_isAutoEnabled":true,"vtp_autoCollectExclusionSelectors":["list",["map","exclusionSelector",""]],"vtp_isEnabled":true,"vtp_cityType":"CSS_SELECTOR","vtp_manualEmailEnabled":false,"vtp_firstNameType":"CSS_SELECTOR","vtp_countryType":"CSS_SELECTOR","vtp_cityValue":"","vtp_emailType":"CSS_SELECTOR","vtp_regionType":"CSS_SELECTOR","vtp_autoEmailEnabled":true,"vtp_postalCodeValue":"","vtp_lastNameValue":"","vtp_phoneType":"CSS_SELECTOR","vtp_phoneValue":"","vtp_streetType":"CSS_SELECTOR","vtp_autoPhoneEnabled":false,"vtp_postalCodeType":"CSS_SELECTOR","vtp_emailValue":"","vtp_firstNameValue":"","vtp_streetValue":"","vtp_

                                                                                                                                                                                                                                                                                                                Chrome Cache Entry: 282

                                                                                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                                                                                Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                                                                                                                                File Type:HTML document, ASCII text, with very long lines (65536), with no line terminators
                                                                                                                                                                                                                                                                                                                Category:downloaded
                                                                                                                                                                                                                                                                                                                Size (bytes):68009
                                                                                                                                                                                                                                                                                                                Entropy (8bit):5.512387264595809
                                                                                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                                                                                SSDEEP:
                                                                                                                                                                                                                                                                                                                MD5:0221D6378B36571B60C408506A5B6B0A
                                                                                                                                                                                                                                                                                                                SHA1:5EBE887B4C4ED23A0ABDAA17CFDF44554BC3B768
                                                                                                                                                                                                                                                                                                                SHA-256:F172D3923F08B16E1DA800617CEE556B59458BD784974096EC6B7D6ED36D9AB8
                                                                                                                                                                                                                                                                                                                SHA-512:68CA93BF46CD7875F13B32AB5FE54E8F4E22252F81C13643EB9FE4F3229D20E8F0D82E179B8F2623B00AA839F642F403CFD24335775172D39E459DFA609CE3BD
                                                                                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                                                                                URL:https://td.doubleclick.net/td/rul/858128210?random=1728050424541&cv=11&fst=1728050424541&fmt=3&bg=ffffff&guid=ON&async=1&gtm=45be4a20v9103256652za200&gcd=13l3l3l3l1l1&dma=0&tag_exp=101671035~101747727&u_w=1280&u_h=1024&url=https%3A%2F%2Fpcapp.store%2F%3Fp%3Dlpd_installing_r2%26guid%3D71434D56-1548-ED3D-AEE6-C75AECD93BF0%26_fcid%3D1728048003008516%26_winver%3D19045%26version%3Dfa.1091x&label=kTaFCIuq0YYZENL-l5kD&hn=www.googleadservices.com&frm=0&tiba=APP%20STORE%3A%20Installing&value=1&currency_code=USD&npa=0&pscdl=noapi&auid=1413056622.1728050423&uaa=x86&uab=64&uafvl=Google%2520Chrome%3B117.0.5938.132%7CNot%253BA%253DBrand%3B8.0.0.0%7CChromium%3B117.0.5938.132&uamb=0&uam=&uap=Windows&uapv=10.0.0&uaw=0&fledge=1&data=event%3Dconversion
                                                                                                                                                                                                                                                                                                                Preview:<html><head><meta http-equiv="origin-trial" content="Avh5Ny0XEFCyQ7+oNieXskUrqY8edUzL5/XrwKlGjARQHW4TFRK+jVd5HnDIpY20n5OLHfgU4ku7x48N3uhG/A0AAABxeyJvcmlnaW4iOiJodHRwczovL2RvdWJsZWNsaWNrLm5ldDo0NDMiLCJmZWF0dXJlIjoiUHJpdmFjeVNhbmRib3hBZHNBUElzIiwiZXhwaXJ5IjoxNjk1MTY3OTk5LCJpc1N1YmRvbWFpbiI6dHJ1ZX0="></head><body><script>var ig_list={"interestGroups":[{"action":0,"expirationTimeInSeconds":31104000,"interestGroupAttributes":{"owner":"https://td.doubleclick.net","name":"4s1413056622.1728050423","biddingLogicUrl":"https://td.doubleclick.net/td/bjs","dailyUpdateUrl":"https://td.doubleclick.net/td/update?ig_name=4s1413056622.1728050423\u0026ig_key=1sNHMxNDEzMDU2NjIyLjE3MjgwNTA0MjM!2saNqQ-g!3sAAptDV79qvGK","trustedBiddingSignalsUrl":"https://td.doubleclick.net/td/bts","trustedBiddingSignalsKeys":["1sOxwLJg!2saNqQ-g!3sAAptDV79qvGK"],"userBiddingSignals":[["7900466892","475816165","7904705661","8552333481","596093288"],null,1728050426378089],"ads":[{"renderUrl":"https://tdsf.doubleclick.net/td/ad

                                                                                                                                                                                                                                                                                                                Chrome Cache Entry: 283

                                                                                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                                                                                Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                                                                                                                                File Type:SVG Scalable Vector Graphics image
                                                                                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                                                                                Size (bytes):3592
                                                                                                                                                                                                                                                                                                                Entropy (8bit):4.71780114350715
                                                                                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                                                                                SSDEEP:
                                                                                                                                                                                                                                                                                                                MD5:0FFC071BC5AF33D2BE224CF147670471
                                                                                                                                                                                                                                                                                                                SHA1:5A7FC912A47D0531B2C95BFCB6BEAAA2248E0779
                                                                                                                                                                                                                                                                                                                SHA-256:1923EFD4718E21B882410106B6FEF7FA35C3EB2EC3C2338CD8DFF07108F25C1F
                                                                                                                                                                                                                                                                                                                SHA-512:205AF4B98312AB012BE7D7C25AC0A6D91D11C77DC3E29A9D6CC80F96A97577826079469AF16F88FE214CF0A17C70261C4AAA671FBB19EF214B91776BC3683353
                                                                                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                                                                                Preview:<svg width="107" height="109" viewBox="0 0 107 109" fill="none" xmlns="http://www.w3.org/2000/svg"><g filter="url(#filter0_d_539_286)"><path d="M78.856 41.614c.048-.048.096-.048.096-.096.048-.048.048-.096.048-.143v-.192c0-.096-.048-.144-.096-.24a.84.84 0 00-.191-.239c-.048-.096-.144-.143-.24-.191-.096-.048-.191-.144-.287-.192L31.16 17.144c-.096-.048-.144-.048-.24-.096S30.777 17 30.68 17h-.574c-.096 0-.144.048-.191.096-.048.048-.096.048-.144.096-.048.047-.048.095-.096.143L28 23.8v.191l7.853 43.29c0 .144.048.24.144.336.048.096.144.191.24.287.095.096.191.192.335.24.096.047.24.143.383.143.048 0 .048 0 .096.048h.622s.048 0 .048-.048c0 0 .048 0 .048-.048h.048s.048 0 .048-.047h.048l.048-.048.047-.048 10.153-14.27L63.1 70.537l.048.048s.048 0 .048.048l.048.048s.048.048.096.048h.096c.047 0 .047.047.095.047s.048.048.096.048h.863c.048 0 .048 0 .096-.047.048 0 .048-.048.096-.048l8.476-5.986 4.214-5.603c.048-.048.048-.096.096-.144 0-.048.047-.096.047-.144v-.191c0-.048-.047-.144-.047-.192a.363.363 0

                                                                                                                                                                                                                                                                                                                Chrome Cache Entry: 284

                                                                                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                                                                                Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                                                                                                                                File Type:Web Open Font Format (Version 2), TrueType, length 48444, version 1.0
                                                                                                                                                                                                                                                                                                                Category:downloaded
                                                                                                                                                                                                                                                                                                                Size (bytes):48444
                                                                                                                                                                                                                                                                                                                Entropy (8bit):7.995593685409469
                                                                                                                                                                                                                                                                                                                Encrypted:true
                                                                                                                                                                                                                                                                                                                SSDEEP:
                                                                                                                                                                                                                                                                                                                MD5:8E433C0592F77BEB6DC527D7B90BE120
                                                                                                                                                                                                                                                                                                                SHA1:D7402416753AE1BB4CBD4B10D33A0C10517838BD
                                                                                                                                                                                                                                                                                                                SHA-256:F052EE44C3728DFD23ABA8A4567150BC314D23903026FBB6AD089422C2DF56AF
                                                                                                                                                                                                                                                                                                                SHA-512:5E90F48B923BB95AEB49691D03DADE8825C119B2FA28977EA170C41548900F4E0165E2869F97C7A9380D7FF8FF331A1DA855500E5F7B0DFD2B9ABD77A386BBF3
                                                                                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                                                                                URL:https://fonts.gstatic.com/s/inter/v18/UcC73FwrK3iLTeHuS_nVMrMxCp50SjIa1ZL7.woff2
                                                                                                                                                                                                                                                                                                                Preview:wOF2.......<.......l..............................`...\..p?HVAR.m?MVAR^.`?STAT.N'&..>/l........>....0....6.$.... ........[..A.2v.6......$..e...w"../.L.p:......Tpc..8@.[5......d#d.xw..o.O3-.....%..>...%..)~p.K.J.H..S...s..z..Wa.. 0\..J.....BL;V..-.L...j....^.9..HO l..,.*.6.v....?....x.....m..;....a![zif...Ur...Q..P.&.I1..:n.p...j~..h...9.!....@.<.bl|.Y?h..B.j/..rH.S%/~.^D...6..D.4G...y....Y.....=/o..W..5ryo.d?.gA]..?...1V..S......7ZJ...f....mBG[0eW....y..%B}..]? ...,sR<.y~.~.}.%.!..,X.....`...R..^....S.....u*.?k.v.k..U.u..M..`!...b!..X)P...y{.........n..T+6...R......L...x}...g...].g"WT.b..h ....X...=;{w...QO.s..w..@.(,..........{.........1..@...(...\.......9*..2.h9P.G........K.Dp...F..4W..ui.u...G...s..x7.?..tg..D..O.sA..t.t.4..~..e\...X.....T..kf.qfX..=^_....g"....De...x[J..A..).G.YUhR.....0.l..#&3.'.K..*...........$I.Pp.../.s.<@...r=..S......d..P.S.B.w.~X..ZK....h J.`A.bv,=.....>1.Ev.^..U.A. ....EU..].........dw..!$.A`..B.._.....Z~..!..J..l]r.m}m..

                                                                                                                                                                                                                                                                                                                Chrome Cache Entry: 285

                                                                                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                                                                                Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                                                                                                                                File Type:SVG Scalable Vector Graphics image
                                                                                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                                                                                Size (bytes):2118
                                                                                                                                                                                                                                                                                                                Entropy (8bit):4.907323279161229
                                                                                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                                                                                SSDEEP:
                                                                                                                                                                                                                                                                                                                MD5:1039640CF0666A1621D55C9E9FA81439
                                                                                                                                                                                                                                                                                                                SHA1:A7E6A6AB233DAE1776506F2E6C7FD03E46E83EA9
                                                                                                                                                                                                                                                                                                                SHA-256:4455C2A26901C4D348E194B06B06908C155E6459CF5987984D03848E30964F0C
                                                                                                                                                                                                                                                                                                                SHA-512:F9324B6C58C51DC3F24BD242EADA7E5565B60E12863EC13F28D883028791AEC7EC5E324298FA0427AD1CD45BDD7260FF0295DC171F24DD0AC3F0203FB6CD0706
                                                                                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                                                                                Preview:<svg width="132" height="132" viewBox="0 0 132 132" fill="none" xmlns="http://www.w3.org/2000/svg"><g filter="url(#filter0_d_539_279)"><path d="M16 12.5A4.5 4.5 0 0120.5 8h91a4.5 4.5 0 014.5 4.5v91a4.5 4.5 0 01-4.5 4.5h-91a4.5 4.5 0 01-4.5-4.5v-91z" fill="#fff"/></g><path d="M81.894 54.233H67.64c-.913 0-.913 0-.913-.865V32.733c0-.865 0-.845.85-.966 3.341-.463 6.661-.946 10.002-1.41 3.839-.543 7.657-1.066 11.496-1.59 2.345-.322 4.69-.664 7.014-.986 1.037-.14 1.037-.14 1.037.866v24.6c0 .986 0 .986-1.016.986H81.894zm.021 5.841h14.422c.767 0 .767 0 .767.765v24.963c0 .845 0 .865-.871.745-3.32-.463-6.64-.947-9.94-1.41-2.282-.322-4.586-.624-6.868-.946-2.801-.382-5.603-.785-8.404-1.187-1.204-.161-2.386-.363-3.59-.484-.54-.06-.705-.261-.705-.764.02-4.067.02-8.113.02-12.18v-8.898c0-.463.146-.604.623-.604 4.814.02 9.69 0 14.546 0zm-34.175.001h12.243c.705 0 .705 0 .705.704v19.669c0 .825-.041.825-.892.704-2.47-.342-4.918-.684-7.387-1.026-2.158-.303-4.316-.625-6.454-.927-2.448-.342-4.897-.664-7.345-

                                                                                                                                                                                                                                                                                                                Chrome Cache Entry: 286

                                                                                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                                                                                Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                                                                                                                                File Type:HTML document, ASCII text, with no line terminators
                                                                                                                                                                                                                                                                                                                Category:downloaded
                                                                                                                                                                                                                                                                                                                Size (bytes):13
                                                                                                                                                                                                                                                                                                                Entropy (8bit):2.7773627950641693
                                                                                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                                                                                SSDEEP:
                                                                                                                                                                                                                                                                                                                MD5:C83301425B2AD1D496473A5FF3D9ECCA
                                                                                                                                                                                                                                                                                                                SHA1:941EFB7368E46B27B937D34B07FC4D41DA01B002
                                                                                                                                                                                                                                                                                                                SHA-256:B633A587C652D02386C4F16F8C6F6AAB7352D97F16367C3C40576214372DD628
                                                                                                                                                                                                                                                                                                                SHA-512:83BAFE4C888008AFDD1B72C028C7F50DEE651CA9E7D8E1B332E0BF3AA1315884155A1458A304F6E5C5627E714BF5A855A8B8D7DB3F4EB2BB2789FE2F8F6A1D83
                                                                                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                                                                                URL:https://td.doubleclick.net/td/ga/rul?tid=G-VFQWFX3X1C&gacid=1613511744.1728050423&gtm=45je4a20v898645365za200&dma=0&gcd=13l3l3l3l1l1&npa=0&pscdl=noapi&aip=1&fledge=1&frm=0&tag_exp=101671035~101747727&z=502626798
                                                                                                                                                                                                                                                                                                                Preview:<html></html>

                                                                                                                                                                                                                                                                                                                Chrome Cache Entry: 287

                                                                                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                                                                                Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                                                                                                                                File Type:ASCII text, with very long lines (4851), with no line terminators
                                                                                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                                                                                Size (bytes):4851
                                                                                                                                                                                                                                                                                                                Entropy (8bit):5.828024129016643
                                                                                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                                                                                SSDEEP:
                                                                                                                                                                                                                                                                                                                MD5:E3B146A2AE8ED81CA432D2A51526BE5C
                                                                                                                                                                                                                                                                                                                SHA1:2EC0BC475A5D48DF62786C9B775EED35950BA97E
                                                                                                                                                                                                                                                                                                                SHA-256:AEAFEA0E6B90D7BFF19F938CC1F6D11DA93BAE5519AF5DC652A475D59EAF4C58
                                                                                                                                                                                                                                                                                                                SHA-512:1889D1B595FD212AEAFA6B0D13B88FA0EEE72DE3C2669462F1FFD2A0202906B96CB935C95DD58274E33B16BB4515F469D2DE3EA0C8FC4334D5B3EDCBB7B83FCE
                                                                                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                                                                                Preview:(function(){var s = {};(function(){var h=typeof Object.defineProperties=="function"?Object.defineProperty:function(a,b,d){if(a==Array.prototype||a==Object.prototype)return a;a[b]=d.value;return a};function k(a){a=["object"==typeof globalThis&&globalThis,a,"object"==typeof window&&window,"object"==typeof self&&self,"object"==typeof global&&global];for(var b=0;b<a.length;++b){var d=a[b];if(d&&d.Math==Math)return d}throw Error("Cannot find global object");} var m=k(this),p=typeof Symbol==="function"&&typeof Symbol("x")==="symbol",t={},v={};function w(a,b,d){if(!d||a!=null){d=v[b];if(d==null)return a[b];d=a[d];return d!==void 0?d:a[b]}} function x(a,b,d){if(b)a:{var c=a.split(".");a=c.length===1;var e=c[0],g;!a&&e in t?g=t:g=m;for(e=0;e<c.length-1;e++){var f=c[e];if(!(f in g))break a;g=g[f]}c=c[c.length-1];d=p&&d==="es6"?g[c]:null;b=b(d);b!=null&&(a?h(t,c,{configurable:!0,writable:!0,value:b}):b!==d&&(v[c]===void 0&&(a=Math.random()*1E9>>>0,v[c]=p?m.Symbol(c):"$jscp$"+a+"$"+c),h(g,v[c],{co

                                                                                                                                                                                                                                                                                                                Chrome Cache Entry: 288

                                                                                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                                                                                Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                                                                                                                                File Type:ASCII text
                                                                                                                                                                                                                                                                                                                Category:downloaded
                                                                                                                                                                                                                                                                                                                Size (bytes):2442
                                                                                                                                                                                                                                                                                                                Entropy (8bit):5.462129481910531
                                                                                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                                                                                SSDEEP:
                                                                                                                                                                                                                                                                                                                MD5:A545EA9BF9BAA0298A1E5DFC899E1ED1
                                                                                                                                                                                                                                                                                                                SHA1:14772011A8B58050F88DE884AF1427B3A5446BF8
                                                                                                                                                                                                                                                                                                                SHA-256:8910EB7147C93440E1664FA8D3F0A992D6B2DFBBE20D4B05F448A26A7869F85E
                                                                                                                                                                                                                                                                                                                SHA-512:A10DAF0DB9B17616F8EF3A322EF013C81D4579419CF2B4EF408177D0F6160CE10AED6689D6B8452D85A4E72AFBC6833B33AFF09C834AE94C56101718D5C641E1
                                                                                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                                                                                URL:https://fonts.googleapis.com/css2?family=Inter:wght@100..900&display=swap
                                                                                                                                                                                                                                                                                                                Preview:/* cyrillic-ext */.@font-face {. font-family: 'Inter';. font-style: normal;. font-weight: 100 900;. font-display: swap;. src: url(https://fonts.gstatic.com/s/inter/v18/UcC73FwrK3iLTeHuS_nVMrMxCp50SjIa2JL7SUc.woff2) format('woff2');. unicode-range: U+0460-052F, U+1C80-1C88, U+20B4, U+2DE0-2DFF, U+A640-A69F, U+FE2E-FE2F;.}./* cyrillic */.@font-face {. font-family: 'Inter';. font-style: normal;. font-weight: 100 900;. font-display: swap;. src: url(https://fonts.gstatic.com/s/inter/v18/UcC73FwrK3iLTeHuS_nVMrMxCp50SjIa0ZL7SUc.woff2) format('woff2');. unicode-range: U+0301, U+0400-045F, U+0490-0491, U+04B0-04B1, U+2116;.}./* greek-ext */.@font-face {. font-family: 'Inter';. font-style: normal;. font-weight: 100 900;. font-display: swap;. src: url(https://fonts.gstatic.com/s/inter/v18/UcC73FwrK3iLTeHuS_nVMrMxCp50SjIa2ZL7SUc.woff2) format('woff2');. unicode-range: U+1F00-1FFF;.}./* greek */.@font-face {. font-family: 'Inter';. font-style: normal;. font-weight: 100 900;. f

                                                                                                                                                                                                                                                                                                                Chrome Cache Entry: 289

                                                                                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                                                                                Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                                                                                                                                File Type:ASCII text, with very long lines (4950), with no line terminators
                                                                                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                                                                                Size (bytes):4950
                                                                                                                                                                                                                                                                                                                Entropy (8bit):5.850749811803868
                                                                                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                                                                                SSDEEP:
                                                                                                                                                                                                                                                                                                                MD5:47163DB89C8C08DFC7BFF26F922A5B33
                                                                                                                                                                                                                                                                                                                SHA1:2320B8D8384B725207FED89F52E40687D670B297
                                                                                                                                                                                                                                                                                                                SHA-256:E2FCBF7A6D805FD030FABB5D78C6F89FA8EB9829B14DB9E41BF65CCF31ADF3B5
                                                                                                                                                                                                                                                                                                                SHA-512:919874ED28C264E70FE183DEB27CB195674A2FBBA3508481A8EEAB81733E5EEE33DD33D299FE9AA3D12707ECF9111591456D5D51457411BD3494818B007F55F7
                                                                                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                                                                                Preview:(function(){var s = {};(function(){var h=typeof Object.defineProperties=="function"?Object.defineProperty:function(a,b,d){if(a==Array.prototype||a==Object.prototype)return a;a[b]=d.value;return a};function k(a){a=["object"==typeof globalThis&&globalThis,a,"object"==typeof window&&window,"object"==typeof self&&self,"object"==typeof global&&global];for(var b=0;b<a.length;++b){var d=a[b];if(d&&d.Math==Math)return d}throw Error("Cannot find global object");} var m=k(this),p=typeof Symbol==="function"&&typeof Symbol("x")==="symbol",t={},v={};function w(a,b,d){if(!d||a!=null){d=v[b];if(d==null)return a[b];d=a[d];return d!==void 0?d:a[b]}} function x(a,b,d){if(b)a:{var c=a.split(".");a=c.length===1;var e=c[0],g;!a&&e in t?g=t:g=m;for(e=0;e<c.length-1;e++){var f=c[e];if(!(f in g))break a;g=g[f]}c=c[c.length-1];d=p&&d==="es6"?g[c]:null;b=b(d);b!=null&&(a?h(t,c,{configurable:!0,writable:!0,value:b}):b!==d&&(v[c]===void 0&&(a=Math.random()*1E9>>>0,v[c]=p?m.Symbol(c):"$jscp$"+a+"$"+c),h(g,v[c],{co

                                                                                                                                                                                                                                                                                                                Chrome Cache Entry: 290

                                                                                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                                                                                Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                                                                                                                                File Type:HTML document, ASCII text, with very long lines (52670), with no line terminators
                                                                                                                                                                                                                                                                                                                Category:downloaded
                                                                                                                                                                                                                                                                                                                Size (bytes):52670
                                                                                                                                                                                                                                                                                                                Entropy (8bit):5.511888961527363
                                                                                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                                                                                SSDEEP:
                                                                                                                                                                                                                                                                                                                MD5:1314F122BC86CC187529069BE5DCBDDD
                                                                                                                                                                                                                                                                                                                SHA1:722D1514A9382C6D5F9C9DF3B200A2C2BFDEA340
                                                                                                                                                                                                                                                                                                                SHA-256:B23AA7AF95FE054ECB51B039490E41E8D818073E9424628F9C8259F355E43F34
                                                                                                                                                                                                                                                                                                                SHA-512:F8F65A31BB826056A3AD9CCDCFAD07B60BB86F8431439612C81C910ECE448F6905DAA6702A416E2655305E955332489854B7AE3C26509E87B219ABB229CB42AB
                                                                                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                                                                                URL:https://td.doubleclick.net/td/rul/858128210?random=1728050423031&cv=11&fst=1728050423031&fmt=3&bg=ffffff&guid=ON&async=1&gtm=45be4a20v9103256652za200&gcd=13l3l3l3l1l1&dma=0&tag_exp=101671035~101747727&u_w=1280&u_h=1024&url=https%3A%2F%2Fpcapp.store%2F%3Fp%3Dlpd_installing_r2%26guid%3D71434D56-1548-ED3D-AEE6-C75AECD93BF0%26_fcid%3D1728048003008516%26_winver%3D19045%26version%3Dfa.1091x&hn=www.googleadservices.com&frm=0&tiba=APP%20STORE%3A%20Installing&npa=0&pscdl=noapi&auid=1413056622.1728050423&uaa=x86&uab=64&uafvl=Google%2520Chrome%3B117.0.5938.132%7CNot%253BA%253DBrand%3B8.0.0.0%7CChromium%3B117.0.5938.132&uamb=0&uam=&uap=Windows&uapv=10.0.0&uaw=0&fledge=1&data=event%3Dgtag.config
                                                                                                                                                                                                                                                                                                                Preview:<html><head><meta http-equiv="origin-trial" content="Avh5Ny0XEFCyQ7+oNieXskUrqY8edUzL5/XrwKlGjARQHW4TFRK+jVd5HnDIpY20n5OLHfgU4ku7x48N3uhG/A0AAABxeyJvcmlnaW4iOiJodHRwczovL2RvdWJsZWNsaWNrLm5ldDo0NDMiLCJmZWF0dXJlIjoiUHJpdmFjeVNhbmRib3hBZHNBUElzIiwiZXhwaXJ5IjoxNjk1MTY3OTk5LCJpc1N1YmRvbWFpbiI6dHJ1ZX0="></head><body><script>var ig_list={"interestGroups":[{"action":0,"expirationTimeInSeconds":5184000,"interestGroupAttributes":{"owner":"https://td.doubleclick.net","name":"4s1413056622.1728050423","biddingLogicUrl":"https://td.doubleclick.net/td/bjs","dailyUpdateUrl":"https://td.doubleclick.net/td/update?ig_name=4s1413056622.1728050423\u0026ig_key=1sNHMxNDEzMDU2NjIyLjE3MjgwNTA0MjM!2sZ08O-Q!3sAAptDV73rlVS","trustedBiddingSignalsUrl":"https://td.doubleclick.net/td/bts","trustedBiddingSignalsKeys":["1sOxwLJg!2sZ08O-Q!3sAAptDV73rlVS"],"userBiddingSignals":[["7900466892","475816165","596093288","7904705661"],null,1728050425499084],"ads":[{"renderUrl":"https://tdsf.doubleclick.net/td/adfetch/gda?adg_

                                                                                                                                                                                                                                                                                                                Chrome Cache Entry: 291

                                                                                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                                                                                Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                                                                                                                                File Type:ASCII text, with very long lines (14408)
                                                                                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                                                                                Size (bytes):355838
                                                                                                                                                                                                                                                                                                                Entropy (8bit):5.590362632393068
                                                                                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                                                                                SSDEEP:
                                                                                                                                                                                                                                                                                                                MD5:CEA570D78D1941C0A5EB7C437E3E963B
                                                                                                                                                                                                                                                                                                                SHA1:174E7E648EAD7486268810CFE63720BDCCAD2661
                                                                                                                                                                                                                                                                                                                SHA-256:29ADC94DB50EF22E2231DBE0CB271028756490DCB913A0A5F464DEF40AC0FE1A
                                                                                                                                                                                                                                                                                                                SHA-512:CE6F3029EF4194C50F656B7510E1AED116A3B0FA58D576782A3AD79F9C3E532B966E4A7DBF10A3ADA1C7622CBE04274230C2CB90D274DFB519310479BF4B7A24
                                                                                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                                                                                Preview:.// Copyright 2012 Google Inc. All rights reserved.. .(function(){..var data = {."resource": {. "version":"3",. . "macros":[{"function":"__e"},{"function":"__c","vtp_value":""},{"function":"__c","vtp_value":0}],. "tags":[{"function":"__ogt_cross_domain","priority":39,"vtp_rules":["list","pcapp\\.store","pcappstore\\.download"],"tag_id":11},{"function":"__ogt_ga_send","priority":29,"vtp_value":true,"tag_id":13},{"function":"__ogt_referral_exclusion","priority":29,"vtp_includeConditions":["list","veryfast\\.io"],"tag_id":14},{"function":"__ogt_session_timeout","priority":29,"vtp_sessionMinutes":30,"vtp_sessionHours":0,"tag_id":15},{"function":"__ogt_1p_data_v2","priority":29,"vtp_isAutoEnabled":true,"vtp_autoCollectExclusionSelectors":["list",["map","exclusionSelector",""]],"vtp_isEnabled":true,"vtp_cityType":"CSS_SELECTOR","vtp_manualEmailEnabled":false,"vtp_firstNameType":"CSS_SELECTOR","vtp_countryType":"CSS_SELECTOR","vtp_cityValue":"","vtp_emailType":"CSS_SELECTOR","vtp_regionTy

                                                                                                                                                                                                                                                                                                                Chrome Cache Entry: 292

                                                                                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                                                                                Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                                                                                                                                File Type:ASCII text, with very long lines (4834), with no line terminators
                                                                                                                                                                                                                                                                                                                Category:downloaded
                                                                                                                                                                                                                                                                                                                Size (bytes):4834
                                                                                                                                                                                                                                                                                                                Entropy (8bit):5.820694397445823
                                                                                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                                                                                SSDEEP:
                                                                                                                                                                                                                                                                                                                MD5:F1BC9E86FAD28D8562081FE4CD23D19A
                                                                                                                                                                                                                                                                                                                SHA1:27C7AE196BC7F779E00AEB75D1675605AFEC57C6
                                                                                                                                                                                                                                                                                                                SHA-256:2C0B8642CF38A778E391430174DAE67563060A9A34E781FC8896797179D1AABD
                                                                                                                                                                                                                                                                                                                SHA-512:05BBE9D38673F8AAADEDC8596CEA486A7DB4CA0934580EB630DD8B664E645ADC7CB5B30FE3EEC62ED9A940902D068321619F253988CC6324C8935080AC4700D7
                                                                                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                                                                                URL:https://googleads.g.doubleclick.net/pagead/viewthroughconversion/858128210/?random=1728050423031&cv=11&fst=1728050423031&bg=ffffff&guid=ON&async=1&gtm=45be4a20v9103256652za200&gcd=13l3l3l3l1l1&dma=0&tag_exp=101671035~101747727&u_w=1280&u_h=1024&url=https%3A%2F%2Fpcapp.store%2F%3Fp%3Dlpd_installing_r2%26guid%3D71434D56-1548-ED3D-AEE6-C75AECD93BF0%26_fcid%3D1728048003008516%26_winver%3D19045%26version%3Dfa.1091x&hn=www.googleadservices.com&frm=0&tiba=APP%20STORE%3A%20Installing&npa=0&pscdl=noapi&auid=1413056622.1728050423&uaa=x86&uab=64&uafvl=Google%2520Chrome%3B117.0.5938.132%7CNot%253BA%253DBrand%3B8.0.0.0%7CChromium%3B117.0.5938.132&uamb=0&uam=&uap=Windows&uapv=10.0.0&uaw=0&fledge=1&data=event%3Dgtag.config&rfmt=3&fmt=4
                                                                                                                                                                                                                                                                                                                Preview:(function(){var s = {};(function(){var h=typeof Object.defineProperties=="function"?Object.defineProperty:function(a,b,d){if(a==Array.prototype||a==Object.prototype)return a;a[b]=d.value;return a};function k(a){a=["object"==typeof globalThis&&globalThis,a,"object"==typeof window&&window,"object"==typeof self&&self,"object"==typeof global&&global];for(var b=0;b<a.length;++b){var d=a[b];if(d&&d.Math==Math)return d}throw Error("Cannot find global object");} var m=k(this),p=typeof Symbol==="function"&&typeof Symbol("x")==="symbol",t={},v={};function w(a,b,d){if(!d||a!=null){d=v[b];if(d==null)return a[b];d=a[d];return d!==void 0?d:a[b]}} function x(a,b,d){if(b)a:{var c=a.split(".");a=c.length===1;var e=c[0],g;!a&&e in t?g=t:g=m;for(e=0;e<c.length-1;e++){var f=c[e];if(!(f in g))break a;g=g[f]}c=c[c.length-1];d=p&&d==="es6"?g[c]:null;b=b(d);b!=null&&(a?h(t,c,{configurable:!0,writable:!0,value:b}):b!==d&&(v[c]===void 0&&(a=Math.random()*1E9>>>0,v[c]=p?m.Symbol(c):"$jscp$"+a+"$"+c),h(g,v[c],{co

                                                                                                                                                                                                                                                                                                                Chrome Cache Entry: 293

                                                                                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                                                                                Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                                                                                                                                File Type:SVG Scalable Vector Graphics image
                                                                                                                                                                                                                                                                                                                Category:downloaded
                                                                                                                                                                                                                                                                                                                Size (bytes):2118
                                                                                                                                                                                                                                                                                                                Entropy (8bit):4.907323279161229
                                                                                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                                                                                SSDEEP:
                                                                                                                                                                                                                                                                                                                MD5:1039640CF0666A1621D55C9E9FA81439
                                                                                                                                                                                                                                                                                                                SHA1:A7E6A6AB233DAE1776506F2E6C7FD03E46E83EA9
                                                                                                                                                                                                                                                                                                                SHA-256:4455C2A26901C4D348E194B06B06908C155E6459CF5987984D03848E30964F0C
                                                                                                                                                                                                                                                                                                                SHA-512:F9324B6C58C51DC3F24BD242EADA7E5565B60E12863EC13F28D883028791AEC7EC5E324298FA0427AD1CD45BDD7260FF0295DC171F24DD0AC3F0203FB6CD0706
                                                                                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                                                                                URL:https://repository.pcapp.store/pcapp/images/front_img/lp/lpd_installing_r2/img/done_windows_icon.svg
                                                                                                                                                                                                                                                                                                                Preview:<svg width="132" height="132" viewBox="0 0 132 132" fill="none" xmlns="http://www.w3.org/2000/svg"><g filter="url(#filter0_d_539_279)"><path d="M16 12.5A4.5 4.5 0 0120.5 8h91a4.5 4.5 0 014.5 4.5v91a4.5 4.5 0 01-4.5 4.5h-91a4.5 4.5 0 01-4.5-4.5v-91z" fill="#fff"/></g><path d="M81.894 54.233H67.64c-.913 0-.913 0-.913-.865V32.733c0-.865 0-.845.85-.966 3.341-.463 6.661-.946 10.002-1.41 3.839-.543 7.657-1.066 11.496-1.59 2.345-.322 4.69-.664 7.014-.986 1.037-.14 1.037-.14 1.037.866v24.6c0 .986 0 .986-1.016.986H81.894zm.021 5.841h14.422c.767 0 .767 0 .767.765v24.963c0 .845 0 .865-.871.745-3.32-.463-6.64-.947-9.94-1.41-2.282-.322-4.586-.624-6.868-.946-2.801-.382-5.603-.785-8.404-1.187-1.204-.161-2.386-.363-3.59-.484-.54-.06-.705-.261-.705-.764.02-4.067.02-8.113.02-12.18v-8.898c0-.463.146-.604.623-.604 4.814.02 9.69 0 14.546 0zm-34.175.001h12.243c.705 0 .705 0 .705.704v19.669c0 .825-.041.825-.892.704-2.47-.342-4.918-.684-7.387-1.026-2.158-.303-4.316-.625-6.454-.927-2.448-.342-4.897-.664-7.345-

                                                                                                                                                                                                                                                                                                                Static File Info

                                                                                                                                                                                                                                                                                                                General

                                                                                                                                                                                                                                                                                                                File type:PE32 executable (GUI) Intel 80386, for MS Windows, Nullsoft Installer self-extracting archive
                                                                                                                                                                                                                                                                                                                Entropy (8bit):7.226506222117283
                                                                                                                                                                                                                                                                                                                TrID:
                                                                                                                                                                                                                                                                                                                • Win32 Executable (generic) a (10002005/4) 99.96%
                                                                                                                                                                                                                                                                                                                • Generic Win/DOS Executable (2004/3) 0.02%
                                                                                                                                                                                                                                                                                                                • DOS Executable Generic (2002/1) 0.02%
                                                                                                                                                                                                                                                                                                                • Autodesk FLIC Image File (extensions: flc, fli, cel) (7/3) 0.00%
                                                                                                                                                                                                                                                                                                                File name:Setup.exe
                                                                                                                                                                                                                                                                                                                File size:120'440 bytes
                                                                                                                                                                                                                                                                                                                MD5:a496dae5f3d0664308aa6a8284ebed86
                                                                                                                                                                                                                                                                                                                SHA1:7aedb3b07f3de8793263d3c58f930379d5d7f2fd
                                                                                                                                                                                                                                                                                                                SHA256:1934cc0f8bd680d20eed2e2a88015319d27e31bf3f743d8fbda883ac3b07ae0d
                                                                                                                                                                                                                                                                                                                SHA512:a906084b057cb1df87cd99a70eeb172b62d5600e04fe0afa47f6700ddf478c15d6dbb2c124b9d0279fc6e6cdf1fe7ce80d41600668cf7d0527d4383815e280f1
                                                                                                                                                                                                                                                                                                                SSDEEP:3072:ubG7N2kDTHUpou7DoruORPzy5n+/mGCKXU7J:ubE/HUTMFRry5nmIt
                                                                                                                                                                                                                                                                                                                TLSH:22C3D06052D0C423C8635A30B9793F7B9EB5DD2256709E8317107E487E7EE829B1E363
                                                                                                                                                                                                                                                                                                                File Content Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........1...Pf..Pf..Pf.*_9..Pf..Pg.LPf.*_;..Pf..sV..Pf..V`..Pf.Rich.Pf.........................PE..L...Z.Oa.................j.........

                                                                                                                                                                                                                                                                                                                File Icon

                                                                                                                                                                                                                                                                                                                Icon Hash:45d44c7192498005

                                                                                                                                                                                                                                                                                                                Static PE Info

                                                                                                                                                                                                                                                                                                                General

                                                                                                                                                                                                                                                                                                                Entrypoint:0x40352d
                                                                                                                                                                                                                                                                                                                Entrypoint Section:.text
                                                                                                                                                                                                                                                                                                                Digitally signed:true
                                                                                                                                                                                                                                                                                                                Imagebase:0x400000
                                                                                                                                                                                                                                                                                                                Subsystem:windows gui
                                                                                                                                                                                                                                                                                                                Image File Characteristics:RELOCS_STRIPPED, EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, LOCAL_SYMS_STRIPPED, 32BIT_MACHINE
                                                                                                                                                                                                                                                                                                                DLL Characteristics:DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE
                                                                                                                                                                                                                                                                                                                Time Stamp:0x614F9B5A [Sat Sep 25 21:57:46 2021 UTC]
                                                                                                                                                                                                                                                                                                                TLS Callbacks:
                                                                                                                                                                                                                                                                                                                CLR (.Net) Version:
                                                                                                                                                                                                                                                                                                                OS Version Major:4
                                                                                                                                                                                                                                                                                                                OS Version Minor:0
                                                                                                                                                                                                                                                                                                                File Version Major:4
                                                                                                                                                                                                                                                                                                                File Version Minor:0
                                                                                                                                                                                                                                                                                                                Subsystem Version Major:4
                                                                                                                                                                                                                                                                                                                Subsystem Version Minor:0
                                                                                                                                                                                                                                                                                                                Import Hash:56a78d55f3f7af51443e58e0ce2fb5f6

                                                                                                                                                                                                                                                                                                                Authenticode Signature

                                                                                                                                                                                                                                                                                                                Signature Valid:true
                                                                                                                                                                                                                                                                                                                Signature Issuer:CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1, O="DigiCert, Inc.", C=US
                                                                                                                                                                                                                                                                                                                Signature Validation Error:The operation completed successfully
                                                                                                                                                                                                                                                                                                                Error Number:0
                                                                                                                                                                                                                                                                                                                Not Before, Not After
                                                                                                                                                                                                                                                                                                                • 08/05/2024 01:00:00 13/02/2025 23:59:59
                                                                                                                                                                                                                                                                                                                Subject Chain
                                                                                                                                                                                                                                                                                                                • CN=FAST CORPORATION LTD, O=FAST CORPORATION LTD, L=Ra'anana, C=IL, SERIALNUMBER=515636181, OID.2.5.4.15=Private Organization, OID.1.3.6.1.4.1.311.60.2.1.3=IL
                                                                                                                                                                                                                                                                                                                Version:3
                                                                                                                                                                                                                                                                                                                Thumbprint MD5:04786BD703B906E22AECB2AD38CE4D94
                                                                                                                                                                                                                                                                                                                Thumbprint SHA-1:07BE42727905BE32C822A638502C1B8FAAE6540A
                                                                                                                                                                                                                                                                                                                Thumbprint SHA-256:FDB017BB88E5D453E22A73810690C72534F58EFB109EA0D4494EC393F2307DBC
                                                                                                                                                                                                                                                                                                                Serial:0E5C655E1CBE9A8879372F58A5BC0302

                                                                                                                                                                                                                                                                                                                Entrypoint Preview

                                                                                                                                                                                                                                                                                                                Instruction
                                                                                                                                                                                                                                                                                                                push ebp
                                                                                                                                                                                                                                                                                                                mov ebp, esp
                                                                                                                                                                                                                                                                                                                sub esp, 000003F4h
                                                                                                                                                                                                                                                                                                                push ebx
                                                                                                                                                                                                                                                                                                                push esi
                                                                                                                                                                                                                                                                                                                push edi
                                                                                                                                                                                                                                                                                                                push 00000020h
                                                                                                                                                                                                                                                                                                                pop edi
                                                                                                                                                                                                                                                                                                                xor ebx, ebx
                                                                                                                                                                                                                                                                                                                push 00008001h
                                                                                                                                                                                                                                                                                                                mov dword ptr [ebp-14h], ebx
                                                                                                                                                                                                                                                                                                                mov dword ptr [ebp-04h], 0040A2E0h
                                                                                                                                                                                                                                                                                                                mov dword ptr [ebp-10h], ebx
                                                                                                                                                                                                                                                                                                                call dword ptr [004080CCh]
                                                                                                                                                                                                                                                                                                                mov esi, dword ptr [004080D0h]
                                                                                                                                                                                                                                                                                                                lea eax, dword ptr [ebp-00000140h]
                                                                                                                                                                                                                                                                                                                push eax
                                                                                                                                                                                                                                                                                                                mov dword ptr [ebp-0000012Ch], ebx
                                                                                                                                                                                                                                                                                                                mov dword ptr [ebp-2Ch], ebx
                                                                                                                                                                                                                                                                                                                mov dword ptr [ebp-28h], ebx
                                                                                                                                                                                                                                                                                                                mov dword ptr [ebp-00000140h], 0000011Ch
                                                                                                                                                                                                                                                                                                                call esi
                                                                                                                                                                                                                                                                                                                test eax, eax
                                                                                                                                                                                                                                                                                                                jne 00007FB73451C5FAh
                                                                                                                                                                                                                                                                                                                lea eax, dword ptr [ebp-00000140h]
                                                                                                                                                                                                                                                                                                                mov dword ptr [ebp-00000140h], 00000114h
                                                                                                                                                                                                                                                                                                                push eax
                                                                                                                                                                                                                                                                                                                call esi
                                                                                                                                                                                                                                                                                                                mov ax, word ptr [ebp-0000012Ch]
                                                                                                                                                                                                                                                                                                                mov ecx, dword ptr [ebp-00000112h]
                                                                                                                                                                                                                                                                                                                sub ax, 00000053h
                                                                                                                                                                                                                                                                                                                add ecx, FFFFFFD0h
                                                                                                                                                                                                                                                                                                                neg ax
                                                                                                                                                                                                                                                                                                                sbb eax, eax
                                                                                                                                                                                                                                                                                                                mov byte ptr [ebp-26h], 00000004h
                                                                                                                                                                                                                                                                                                                not eax
                                                                                                                                                                                                                                                                                                                and eax, ecx
                                                                                                                                                                                                                                                                                                                mov word ptr [ebp-2Ch], ax
                                                                                                                                                                                                                                                                                                                cmp dword ptr [ebp-0000013Ch], 0Ah
                                                                                                                                                                                                                                                                                                                jnc 00007FB73451C5CAh
                                                                                                                                                                                                                                                                                                                and word ptr [ebp-00000132h], 0000h
                                                                                                                                                                                                                                                                                                                mov eax, dword ptr [ebp-00000134h]
                                                                                                                                                                                                                                                                                                                movzx ecx, byte ptr [ebp-00000138h]
                                                                                                                                                                                                                                                                                                                mov dword ptr [00434FB8h], eax
                                                                                                                                                                                                                                                                                                                xor eax, eax
                                                                                                                                                                                                                                                                                                                mov ah, byte ptr [ebp-0000013Ch]
                                                                                                                                                                                                                                                                                                                movzx eax, ax
                                                                                                                                                                                                                                                                                                                or eax, ecx
                                                                                                                                                                                                                                                                                                                xor ecx, ecx
                                                                                                                                                                                                                                                                                                                mov ch, byte ptr [ebp-2Ch]
                                                                                                                                                                                                                                                                                                                movzx ecx, cx
                                                                                                                                                                                                                                                                                                                shl eax, 10h
                                                                                                                                                                                                                                                                                                                or eax, ecx

                                                                                                                                                                                                                                                                                                                Rich Headers

                                                                                                                                                                                                                                                                                                                Programming Language:
                                                                                                                                                                                                                                                                                                                • [EXP] VC++ 6.0 SP5 build 8804

                                                                                                                                                                                                                                                                                                                Data Directories

                                                                                                                                                                                                                                                                                                                NameVirtual AddressVirtual Size Is in Section
                                                                                                                                                                                                                                                                                                                IMAGE_DIRECTORY_ENTRY_EXPORT0x00x0
                                                                                                                                                                                                                                                                                                                IMAGE_DIRECTORY_ENTRY_IMPORT0x86100xa0.rdata
                                                                                                                                                                                                                                                                                                                IMAGE_DIRECTORY_ENTRY_RESOURCE0x6c0000x4f40.rsrc
                                                                                                                                                                                                                                                                                                                IMAGE_DIRECTORY_ENTRY_EXCEPTION0x00x0
                                                                                                                                                                                                                                                                                                                IMAGE_DIRECTORY_ENTRY_SECURITY0x1ad100x2968.data
                                                                                                                                                                                                                                                                                                                IMAGE_DIRECTORY_ENTRY_BASERELOC0x00x0
                                                                                                                                                                                                                                                                                                                IMAGE_DIRECTORY_ENTRY_DEBUG0x00x0
                                                                                                                                                                                                                                                                                                                IMAGE_DIRECTORY_ENTRY_COPYRIGHT0x00x0
                                                                                                                                                                                                                                                                                                                IMAGE_DIRECTORY_ENTRY_GLOBALPTR0x00x0
                                                                                                                                                                                                                                                                                                                IMAGE_DIRECTORY_ENTRY_TLS0x00x0
                                                                                                                                                                                                                                                                                                                IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG0x00x0
                                                                                                                                                                                                                                                                                                                IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT0x00x0
                                                                                                                                                                                                                                                                                                                IMAGE_DIRECTORY_ENTRY_IAT0x80000x2b0.rdata
                                                                                                                                                                                                                                                                                                                IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT0x00x0
                                                                                                                                                                                                                                                                                                                IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR0x00x0
                                                                                                                                                                                                                                                                                                                IMAGE_DIRECTORY_ENTRY_RESERVED0x00x0

                                                                                                                                                                                                                                                                                                                Sections

                                                                                                                                                                                                                                                                                                                NameVirtual AddressVirtual SizeRaw SizeMD5Xored PEZLIB ComplexityFile TypeEntropyCharacteristics
                                                                                                                                                                                                                                                                                                                .text0x10000x68970x6a00ce9df19df15aa7bfbc0a8d0af0b841d0False0.6661261792452831data6.458398214928006IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
                                                                                                                                                                                                                                                                                                                .rdata0x80000x14a60x1600a118375c929d970903c1204233b7583dFalse0.4392755681818182data5.024109281264143IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
                                                                                                                                                                                                                                                                                                                .data0xa0000x2b0180x60082a10c59a8679bb952fc8316070b8a6cFalse0.521484375data4.15458210408643IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                                                                                                                                                                                                                                                                                                                .ndata0x360000x360000x0d41d8cd98f00b204e9800998ecf8427eFalse0empty0.0IMAGE_SCN_CNT_UNINITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                                                                                                                                                                                                                                                                                                                .rsrc0x6c0000x4f400x5000a2e7245f21c43e9cf81e95bf61434f20False0.101513671875data2.760850842403731IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ

                                                                                                                                                                                                                                                                                                                Resources

                                                                                                                                                                                                                                                                                                                NameRVASizeTypeLanguageCountryZLIB Complexity
                                                                                                                                                                                                                                                                                                                RT_ICON0x6c2080x4228Device independent bitmap graphic, 64 x 128 x 32, image size 16384, resolution 2834 x 2834 px/mEnglishUnited States0.036372224846480866
                                                                                                                                                                                                                                                                                                                RT_DIALOG0x704300x202dataEnglishUnited States0.4085603112840467
                                                                                                                                                                                                                                                                                                                RT_DIALOG0x706380xf8dataEnglishUnited States0.6290322580645161
                                                                                                                                                                                                                                                                                                                RT_DIALOG0x707300xa0dataEnglishUnited States0.60625
                                                                                                                                                                                                                                                                                                                RT_DIALOG0x707d00xeedataEnglishUnited States0.6302521008403361
                                                                                                                                                                                                                                                                                                                RT_GROUP_ICON0x708c00x14dataEnglishUnited States1.1
                                                                                                                                                                                                                                                                                                                RT_VERSION0x708d80x240dataEnglishUnited States0.4895833333333333
                                                                                                                                                                                                                                                                                                                RT_MANIFEST0x70b180x423XML 1.0 document, ASCII text, with very long lines (1059), with no line terminatorsEnglishUnited States0.5127478753541076

                                                                                                                                                                                                                                                                                                                Imports

                                                                                                                                                                                                                                                                                                                DLLImport
                                                                                                                                                                                                                                                                                                                ADVAPI32.dllRegCreateKeyExW, RegEnumKeyW, RegQueryValueExW, RegSetValueExW, RegCloseKey, RegDeleteValueW, RegDeleteKeyW, AdjustTokenPrivileges, LookupPrivilegeValueW, OpenProcessToken, SetFileSecurityW, RegOpenKeyExW, RegEnumValueW
                                                                                                                                                                                                                                                                                                                SHELL32.dllSHGetSpecialFolderLocation, SHFileOperationW, SHBrowseForFolderW, SHGetPathFromIDListW, ShellExecuteExW, SHGetFileInfoW
                                                                                                                                                                                                                                                                                                                ole32.dllOleInitialize, OleUninitialize, CoCreateInstance, IIDFromString, CoTaskMemFree
                                                                                                                                                                                                                                                                                                                COMCTL32.dllImageList_Create, ImageList_Destroy, ImageList_AddMasked
                                                                                                                                                                                                                                                                                                                USER32.dllGetClientRect, EndPaint, DrawTextW, IsWindowEnabled, DispatchMessageW, wsprintfA, CharNextA, CharPrevW, MessageBoxIndirectW, GetDlgItemTextW, SetDlgItemTextW, GetSystemMetrics, FillRect, AppendMenuW, TrackPopupMenu, OpenClipboard, SetClipboardData, CloseClipboard, IsWindowVisible, CallWindowProcW, GetMessagePos, CheckDlgButton, LoadCursorW, SetCursor, GetSysColor, SetWindowPos, GetWindowLongW, PeekMessageW, SetClassLongW, GetSystemMenu, EnableMenuItem, GetWindowRect, ScreenToClient, EndDialog, RegisterClassW, SystemParametersInfoW, CreateWindowExW, GetClassInfoW, DialogBoxParamW, CharNextW, ExitWindowsEx, DestroyWindow, CreateDialogParamW, SetTimer, SetWindowTextW, PostQuitMessage, SetForegroundWindow, ShowWindow, wsprintfW, SendMessageTimeoutW, FindWindowExW, IsWindow, GetDlgItem, SetWindowLongW, LoadImageW, GetDC, ReleaseDC, EnableWindow, InvalidateRect, SendMessageW, DefWindowProcW, BeginPaint, EmptyClipboard, CreatePopupMenu
                                                                                                                                                                                                                                                                                                                GDI32.dllSetBkMode, SetBkColor, GetDeviceCaps, CreateFontIndirectW, CreateBrushIndirect, DeleteObject, SetTextColor, SelectObject
                                                                                                                                                                                                                                                                                                                KERNEL32.dllGetExitCodeProcess, WaitForSingleObject, GetModuleHandleA, GetProcAddress, GetSystemDirectoryW, lstrcatW, Sleep, lstrcpyA, WriteFile, GetTempFileNameW, CreateFileW, lstrcmpiA, RemoveDirectoryW, CreateProcessW, CreateDirectoryW, GetLastError, CreateThread, GlobalLock, GlobalUnlock, GetDiskFreeSpaceW, WideCharToMultiByte, lstrcpynW, lstrlenW, SetErrorMode, GetVersionExW, GetCommandLineW, GetTempPathW, GetWindowsDirectoryW, SetEnvironmentVariableW, CopyFileW, ExitProcess, GetCurrentProcess, GetModuleFileNameW, GetFileSize, GetTickCount, MulDiv, SetFileAttributesW, GetFileAttributesW, SetCurrentDirectoryW, MoveFileW, GetFullPathNameW, GetShortPathNameW, SearchPathW, CompareFileTime, SetFileTime, CloseHandle, lstrcmpiW, lstrcmpW, ExpandEnvironmentStringsW, GlobalFree, GlobalAlloc, GetModuleHandleW, LoadLibraryExW, MoveFileExW, FreeLibrary, WritePrivateProfileStringW, GetPrivateProfileStringW, lstrlenA, MultiByteToWideChar, ReadFile, SetFilePointer, FindClose, FindNextFileW, FindFirstFileW, DeleteFileW

                                                                                                                                                                                                                                                                                                                Possible Origin

                                                                                                                                                                                                                                                                                                                Language of compilation systemCountry where language is spokenMap
                                                                                                                                                                                                                                                                                                                EnglishUnited States

                                                                                                                                                                                                                                                                                                                Network Behavior

                                                                                                                                                                                                                                                                                                                DNS Queries

                                                                                                                                                                                                                                                                                                                TimestampSource IPDest IPTrans IDOP CodeNameTypeClassDNS over HTTPS
                                                                                                                                                                                                                                                                                                                Oct 4, 2024 16:00:11.490844011 CEST192.168.2.41.1.1.10x64b9Standard query (0)pcapp.storeA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                Oct 4, 2024 16:00:20.587896109 CEST192.168.2.41.1.1.10x3e9Standard query (0)pcapp.storeA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                Oct 4, 2024 16:00:20.588112116 CEST192.168.2.41.1.1.10xe3efStandard query (0)pcapp.store65IN (0x0001)false
                                                                                                                                                                                                                                                                                                                Oct 4, 2024 16:00:21.001363993 CEST192.168.2.41.1.1.10xf824Standard query (0)delivery.pcapp.storeA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                Oct 4, 2024 16:00:23.650989056 CEST192.168.2.41.1.1.10x7143Standard query (0)pcapp.storeA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                Oct 4, 2024 16:00:23.651151896 CEST192.168.2.41.1.1.10x106cStandard query (0)pcapp.store65IN (0x0001)false
                                                                                                                                                                                                                                                                                                                Oct 4, 2024 16:00:23.988440037 CEST192.168.2.41.1.1.10xeb75Standard query (0)repository.pcapp.storeA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                Oct 4, 2024 16:00:23.989208937 CEST192.168.2.41.1.1.10xeec3Standard query (0)repository.pcapp.store65IN (0x0001)false
                                                                                                                                                                                                                                                                                                                Oct 4, 2024 16:00:24.115621090 CEST192.168.2.41.1.1.10xe23Standard query (0)google.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                Oct 4, 2024 16:00:24.115621090 CEST192.168.2.41.1.1.10x93e3Standard query (0)google.com65IN (0x0001)false
                                                                                                                                                                                                                                                                                                                Oct 4, 2024 16:00:24.135132074 CEST192.168.2.41.1.1.10xdcfaStandard query (0)www.google.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                Oct 4, 2024 16:00:24.135132074 CEST192.168.2.41.1.1.10xb184Standard query (0)www.google.com65IN (0x0001)false
                                                                                                                                                                                                                                                                                                                Oct 4, 2024 16:00:24.146286964 CEST192.168.2.41.1.1.10x278bStandard query (0)googleads.g.doubleclick.netA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                Oct 4, 2024 16:00:24.146425962 CEST192.168.2.41.1.1.10x4fc0Standard query (0)googleads.g.doubleclick.net65IN (0x0001)false
                                                                                                                                                                                                                                                                                                                Oct 4, 2024 16:00:24.148014069 CEST192.168.2.41.1.1.10xcd2dStandard query (0)td.doubleclick.netA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                Oct 4, 2024 16:00:24.148140907 CEST192.168.2.41.1.1.10xe4e1Standard query (0)td.doubleclick.net65IN (0x0001)false
                                                                                                                                                                                                                                                                                                                Oct 4, 2024 16:00:24.170074940 CEST192.168.2.41.1.1.10xf6eeStandard query (0)analytics.google.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                Oct 4, 2024 16:00:24.170485973 CEST192.168.2.41.1.1.10x7de1Standard query (0)analytics.google.com65IN (0x0001)false
                                                                                                                                                                                                                                                                                                                Oct 4, 2024 16:00:24.172462940 CEST192.168.2.41.1.1.10x5c12Standard query (0)stats.g.doubleclick.netA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                Oct 4, 2024 16:00:24.173046112 CEST192.168.2.41.1.1.10xdc6fStandard query (0)stats.g.doubleclick.net65IN (0x0001)false
                                                                                                                                                                                                                                                                                                                Oct 4, 2024 16:00:25.754218102 CEST192.168.2.41.1.1.10x806aStandard query (0)www.google.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                Oct 4, 2024 16:00:25.754618883 CEST192.168.2.41.1.1.10x350aStandard query (0)www.google.com65IN (0x0001)false
                                                                                                                                                                                                                                                                                                                Oct 4, 2024 16:00:25.957946062 CEST192.168.2.41.1.1.10x1394Standard query (0)repository.pcapp.storeA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                Oct 4, 2024 16:00:25.958101034 CEST192.168.2.41.1.1.10x6e9bStandard query (0)repository.pcapp.store65IN (0x0001)false
                                                                                                                                                                                                                                                                                                                Oct 4, 2024 16:00:25.961049080 CEST192.168.2.41.1.1.10xd338Standard query (0)googleads.g.doubleclick.netA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                Oct 4, 2024 16:00:25.961222887 CEST192.168.2.41.1.1.10x5b31Standard query (0)googleads.g.doubleclick.net65IN (0x0001)false
                                                                                                                                                                                                                                                                                                                Oct 4, 2024 16:00:26.944917917 CEST192.168.2.41.1.1.10x6ad2Standard query (0)www.google.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                Oct 4, 2024 16:00:26.946686029 CEST192.168.2.41.1.1.10x5575Standard query (0)www.google.com65IN (0x0001)false
                                                                                                                                                                                                                                                                                                                Oct 4, 2024 16:00:42.139770985 CEST192.168.2.41.1.1.10x7c46Standard query (0)206.23.85.13.in-addr.arpaPTR (Pointer record)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                Oct 4, 2024 16:00:43.766313076 CEST192.168.2.41.1.1.10xdfcdStandard query (0)197.87.175.4.in-addr.arpaPTR (Pointer record)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                Oct 4, 2024 16:00:44.887489080 CEST192.168.2.41.1.1.10x4ab5Standard query (0)pcapp.storeA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                Oct 4, 2024 16:01:24.203552961 CEST192.168.2.41.1.1.10x5ed2Standard query (0)www.google.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                Oct 4, 2024 16:02:09.489728928 CEST192.168.2.41.1.1.10x8da2Standard query (0)d74queuslupub.cloudfront.netA (IP address)IN (0x0001)false

                                                                                                                                                                                                                                                                                                                DNS Answers

                                                                                                                                                                                                                                                                                                                TimestampSource IPDest IPTrans IDReply CodeNameCNameAddressTypeClassDNS over HTTPS
                                                                                                                                                                                                                                                                                                                Oct 4, 2024 16:00:11.551049948 CEST1.1.1.1192.168.2.40x64b9No error (0)pcapp.store207.246.91.177A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                Oct 4, 2024 16:00:11.551049948 CEST1.1.1.1192.168.2.40x64b9No error (0)pcapp.store209.222.21.115A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                Oct 4, 2024 16:00:11.551049948 CEST1.1.1.1192.168.2.40x64b9No error (0)pcapp.store159.223.126.41A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                Oct 4, 2024 16:00:11.551049948 CEST1.1.1.1192.168.2.40x64b9No error (0)pcapp.store64.176.203.93A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                Oct 4, 2024 16:00:11.551049948 CEST1.1.1.1192.168.2.40x64b9No error (0)pcapp.store104.248.126.225A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                Oct 4, 2024 16:00:11.551049948 CEST1.1.1.1192.168.2.40x64b9No error (0)pcapp.store45.32.1.23A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                Oct 4, 2024 16:00:11.551049948 CEST1.1.1.1192.168.2.40x64b9No error (0)pcapp.store167.99.235.203A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                Oct 4, 2024 16:00:20.596857071 CEST1.1.1.1192.168.2.40x3e9No error (0)pcapp.store104.248.126.225A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                Oct 4, 2024 16:00:20.596857071 CEST1.1.1.1192.168.2.40x3e9No error (0)pcapp.store209.222.21.115A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                Oct 4, 2024 16:00:20.596857071 CEST1.1.1.1192.168.2.40x3e9No error (0)pcapp.store167.99.235.203A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                Oct 4, 2024 16:00:20.596857071 CEST1.1.1.1192.168.2.40x3e9No error (0)pcapp.store64.176.203.93A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                Oct 4, 2024 16:00:20.596857071 CEST1.1.1.1192.168.2.40x3e9No error (0)pcapp.store207.246.91.177A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                Oct 4, 2024 16:00:20.596857071 CEST1.1.1.1192.168.2.40x3e9No error (0)pcapp.store45.32.1.23A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                Oct 4, 2024 16:00:20.596857071 CEST1.1.1.1192.168.2.40x3e9No error (0)pcapp.store159.223.126.41A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                Oct 4, 2024 16:00:21.012036085 CEST1.1.1.1192.168.2.40xf824No error (0)delivery.pcapp.store1285660440.rsc.cdn77.orgCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                Oct 4, 2024 16:00:21.012036085 CEST1.1.1.1192.168.2.40xf824No error (0)1285660440.rsc.cdn77.org207.211.211.27A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                Oct 4, 2024 16:00:21.012036085 CEST1.1.1.1192.168.2.40xf824No error (0)1285660440.rsc.cdn77.org169.150.255.181A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                Oct 4, 2024 16:00:21.012036085 CEST1.1.1.1192.168.2.40xf824No error (0)1285660440.rsc.cdn77.org195.181.170.19A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                Oct 4, 2024 16:00:21.012036085 CEST1.1.1.1192.168.2.40xf824No error (0)1285660440.rsc.cdn77.org169.150.255.184A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                Oct 4, 2024 16:00:21.012036085 CEST1.1.1.1192.168.2.40xf824No error (0)1285660440.rsc.cdn77.org37.19.194.81A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                Oct 4, 2024 16:00:21.012036085 CEST1.1.1.1192.168.2.40xf824No error (0)1285660440.rsc.cdn77.org195.181.175.41A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                Oct 4, 2024 16:00:21.012036085 CEST1.1.1.1192.168.2.40xf824No error (0)1285660440.rsc.cdn77.org212.102.56.179A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                Oct 4, 2024 16:00:23.658682108 CEST1.1.1.1192.168.2.40x7143No error (0)pcapp.store45.32.1.23A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                Oct 4, 2024 16:00:23.658682108 CEST1.1.1.1192.168.2.40x7143No error (0)pcapp.store64.176.203.93A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                Oct 4, 2024 16:00:23.658682108 CEST1.1.1.1192.168.2.40x7143No error (0)pcapp.store209.222.21.115A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                Oct 4, 2024 16:00:23.658682108 CEST1.1.1.1192.168.2.40x7143No error (0)pcapp.store167.99.235.203A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                Oct 4, 2024 16:00:23.658682108 CEST1.1.1.1192.168.2.40x7143No error (0)pcapp.store104.248.126.225A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                Oct 4, 2024 16:00:23.658682108 CEST1.1.1.1192.168.2.40x7143No error (0)pcapp.store207.246.91.177A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                Oct 4, 2024 16:00:23.658682108 CEST1.1.1.1192.168.2.40x7143No error (0)pcapp.store159.223.126.41A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                Oct 4, 2024 16:00:23.997999907 CEST1.1.1.1192.168.2.40xeb75No error (0)repository.pcapp.store1715720427.rsc.cdn77.orgCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                Oct 4, 2024 16:00:23.997999907 CEST1.1.1.1192.168.2.40xeb75No error (0)1715720427.rsc.cdn77.org195.181.170.18A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                Oct 4, 2024 16:00:23.997999907 CEST1.1.1.1192.168.2.40xeb75No error (0)1715720427.rsc.cdn77.org207.211.211.26A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                Oct 4, 2024 16:00:23.997999907 CEST1.1.1.1192.168.2.40xeb75No error (0)1715720427.rsc.cdn77.org169.150.255.181A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                Oct 4, 2024 16:00:23.997999907 CEST1.1.1.1192.168.2.40xeb75No error (0)1715720427.rsc.cdn77.org37.19.194.81A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                Oct 4, 2024 16:00:23.997999907 CEST1.1.1.1192.168.2.40xeb75No error (0)1715720427.rsc.cdn77.org195.181.175.41A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                Oct 4, 2024 16:00:23.997999907 CEST1.1.1.1192.168.2.40xeb75No error (0)1715720427.rsc.cdn77.org169.150.255.184A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                Oct 4, 2024 16:00:23.997999907 CEST1.1.1.1192.168.2.40xeb75No error (0)1715720427.rsc.cdn77.org212.102.56.178A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                Oct 4, 2024 16:00:24.000323057 CEST1.1.1.1192.168.2.40xeec3No error (0)repository.pcapp.store1715720427.rsc.cdn77.orgCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                Oct 4, 2024 16:00:24.124334097 CEST1.1.1.1192.168.2.40xe23No error (0)google.com142.250.185.142A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                Oct 4, 2024 16:00:24.124346972 CEST1.1.1.1192.168.2.40x93e3No error (0)google.com65IN (0x0001)false
                                                                                                                                                                                                                                                                                                                Oct 4, 2024 16:00:24.146358967 CEST1.1.1.1192.168.2.40xb184No error (0)www.google.com65IN (0x0001)false
                                                                                                                                                                                                                                                                                                                Oct 4, 2024 16:00:24.146598101 CEST1.1.1.1192.168.2.40xdcfaNo error (0)www.google.com142.250.185.132A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                Oct 4, 2024 16:00:24.153577089 CEST1.1.1.1192.168.2.40x4fc0No error (0)googleads.g.doubleclick.net65IN (0x0001)false
                                                                                                                                                                                                                                                                                                                Oct 4, 2024 16:00:24.154086113 CEST1.1.1.1192.168.2.40x278bNo error (0)googleads.g.doubleclick.net142.250.181.226A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                Oct 4, 2024 16:00:24.159466028 CEST1.1.1.1192.168.2.40xcd2dNo error (0)td.doubleclick.net142.250.185.98A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                Oct 4, 2024 16:00:24.181185961 CEST1.1.1.1192.168.2.40xf6eeNo error (0)analytics.google.comanalytics-alv.google.comCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                Oct 4, 2024 16:00:24.181185961 CEST1.1.1.1192.168.2.40xf6eeNo error (0)analytics-alv.google.com216.239.32.181A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                Oct 4, 2024 16:00:24.181185961 CEST1.1.1.1192.168.2.40xf6eeNo error (0)analytics-alv.google.com216.239.36.181A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                Oct 4, 2024 16:00:24.181185961 CEST1.1.1.1192.168.2.40xf6eeNo error (0)analytics-alv.google.com216.239.38.181A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                Oct 4, 2024 16:00:24.181185961 CEST1.1.1.1192.168.2.40xf6eeNo error (0)analytics-alv.google.com216.239.34.181A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                Oct 4, 2024 16:00:24.182236910 CEST1.1.1.1192.168.2.40x7de1No error (0)analytics.google.comanalytics-alv.google.comCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                Oct 4, 2024 16:00:24.183372021 CEST1.1.1.1192.168.2.40x5c12No error (0)stats.g.doubleclick.net64.233.167.154A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                Oct 4, 2024 16:00:24.183372021 CEST1.1.1.1192.168.2.40x5c12No error (0)stats.g.doubleclick.net64.233.167.155A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                Oct 4, 2024 16:00:24.183372021 CEST1.1.1.1192.168.2.40x5c12No error (0)stats.g.doubleclick.net64.233.167.157A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                Oct 4, 2024 16:00:24.183372021 CEST1.1.1.1192.168.2.40x5c12No error (0)stats.g.doubleclick.net64.233.167.156A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                Oct 4, 2024 16:00:25.762130976 CEST1.1.1.1192.168.2.40x806aNo error (0)www.google.com142.250.185.100A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                Oct 4, 2024 16:00:25.762161016 CEST1.1.1.1192.168.2.40x350aNo error (0)www.google.com65IN (0x0001)false
                                                                                                                                                                                                                                                                                                                Oct 4, 2024 16:00:25.968780041 CEST1.1.1.1192.168.2.40xd338No error (0)googleads.g.doubleclick.net172.217.18.2A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                Oct 4, 2024 16:00:25.969943047 CEST1.1.1.1192.168.2.40x5b31No error (0)googleads.g.doubleclick.net65IN (0x0001)false
                                                                                                                                                                                                                                                                                                                Oct 4, 2024 16:00:25.975752115 CEST1.1.1.1192.168.2.40x6e9bNo error (0)repository.pcapp.store1715720427.rsc.cdn77.orgCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                Oct 4, 2024 16:00:25.981939077 CEST1.1.1.1192.168.2.40x1394No error (0)repository.pcapp.store1715720427.rsc.cdn77.orgCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                Oct 4, 2024 16:00:25.981939077 CEST1.1.1.1192.168.2.40x1394No error (0)1715720427.rsc.cdn77.org207.211.211.27A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                Oct 4, 2024 16:00:25.981939077 CEST1.1.1.1192.168.2.40x1394No error (0)1715720427.rsc.cdn77.org169.150.255.183A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                Oct 4, 2024 16:00:25.981939077 CEST1.1.1.1192.168.2.40x1394No error (0)1715720427.rsc.cdn77.org169.150.255.181A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                Oct 4, 2024 16:00:25.981939077 CEST1.1.1.1192.168.2.40x1394No error (0)1715720427.rsc.cdn77.org212.102.56.179A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                Oct 4, 2024 16:00:25.981939077 CEST1.1.1.1192.168.2.40x1394No error (0)1715720427.rsc.cdn77.org195.181.175.41A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                Oct 4, 2024 16:00:25.981939077 CEST1.1.1.1192.168.2.40x1394No error (0)1715720427.rsc.cdn77.org195.181.170.19A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                Oct 4, 2024 16:00:25.981939077 CEST1.1.1.1192.168.2.40x1394No error (0)1715720427.rsc.cdn77.org37.19.194.80A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                Oct 4, 2024 16:00:26.956526041 CEST1.1.1.1192.168.2.40x6ad2No error (0)www.google.com142.250.186.100A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                Oct 4, 2024 16:00:26.957948923 CEST1.1.1.1192.168.2.40x5575No error (0)www.google.com65IN (0x0001)false
                                                                                                                                                                                                                                                                                                                Oct 4, 2024 16:00:42.154088020 CEST1.1.1.1192.168.2.40x7c46Name error (3)206.23.85.13.in-addr.arpanonenonePTR (Pointer record)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                Oct 4, 2024 16:00:43.787889957 CEST1.1.1.1192.168.2.40xdfcdName error (3)197.87.175.4.in-addr.arpanonenonePTR (Pointer record)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                Oct 4, 2024 16:00:44.899425983 CEST1.1.1.1192.168.2.40x4ab5No error (0)pcapp.store45.32.1.23A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                Oct 4, 2024 16:00:44.899425983 CEST1.1.1.1192.168.2.40x4ab5No error (0)pcapp.store207.246.91.177A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                Oct 4, 2024 16:00:44.899425983 CEST1.1.1.1192.168.2.40x4ab5No error (0)pcapp.store104.248.126.225A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                Oct 4, 2024 16:00:44.899425983 CEST1.1.1.1192.168.2.40x4ab5No error (0)pcapp.store209.222.21.115A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                Oct 4, 2024 16:00:44.899425983 CEST1.1.1.1192.168.2.40x4ab5No error (0)pcapp.store64.176.203.93A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                Oct 4, 2024 16:00:44.899425983 CEST1.1.1.1192.168.2.40x4ab5No error (0)pcapp.store167.99.235.203A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                Oct 4, 2024 16:00:44.899425983 CEST1.1.1.1192.168.2.40x4ab5No error (0)pcapp.store159.223.126.41A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                Oct 4, 2024 16:01:24.210402012 CEST1.1.1.1192.168.2.40x5ed2No error (0)www.google.com142.250.186.100A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                Oct 4, 2024 16:02:09.504493952 CEST1.1.1.1192.168.2.40x8da2No error (0)d74queuslupub.cloudfront.net18.173.205.111A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                Oct 4, 2024 16:02:09.504493952 CEST1.1.1.1192.168.2.40x8da2No error (0)d74queuslupub.cloudfront.net18.173.205.117A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                Oct 4, 2024 16:02:09.504493952 CEST1.1.1.1192.168.2.40x8da2No error (0)d74queuslupub.cloudfront.net18.173.205.91A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                Oct 4, 2024 16:02:09.504493952 CEST1.1.1.1192.168.2.40x8da2No error (0)d74queuslupub.cloudfront.net18.173.205.24A (IP address)IN (0x0001)false

                                                                                                                                                                                                                                                                                                                HTTPS Proxied Packets

                                                                                                                                                                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                                0192.168.2.449731207.246.91.1774437480C:\Users\user\Desktop\Setup.exe
                                                                                                                                                                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                2024-10-04 14:00:12 UTC260OUTPOST /inst_cpg.php?guid=71434D56-1548-ED3D-AEE6-C75AECD93BF0&_fcid=1728048003008516&version=fa.1091x&src=pcapp_mini&uc=16le HTTP/1.1
                                                                                                                                                                                                                                                                                                                Content-Type: application/json
                                                                                                                                                                                                                                                                                                                User-Agent: NSIS_wininet
                                                                                                                                                                                                                                                                                                                Host: pcapp.store
                                                                                                                                                                                                                                                                                                                Content-Length: 2904
                                                                                                                                                                                                                                                                                                                Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                                2024-10-04 14:00:12 UTC2904OUTData Raw: 7b 00 22 00 73 00 79 00 73 00 74 00 65 00 6d 00 5f 00 73 00 74 00 61 00 74 00 73 00 22 00 3a 00 7b 00 22 00 6f 00 73 00 5f 00 6e 00 61 00 6d 00 65 00 22 00 3a 00 22 00 4d 00 69 00 63 00 72 00 6f 00 73 00 6f 00 66 00 74 00 2b 00 57 00 69 00 6e 00 64 00 6f 00 77 00 73 00 2b 00 31 00 30 00 2b 00 50 00 72 00 6f 00 22 00 2c 00 22 00 6f 00 73 00 5f 00 69 00 6e 00 73 00 74 00 61 00 6c 00 6c 00 64 00 61 00 74 00 65 00 22 00 3a 00 22 00 32 00 30 00 32 00 33 00 31 00 30 00 30 00 33 00 30 00 39 00 35 00 37 00 31 00 38 00 25 00 32 00 45 00 30 00 30 00 30 00 30 00 30 00 30 00 25 00 32 00 42 00 30 00 36 00 30 00 22 00 2c 00 22 00 6f 00 73 00 5f 00 70 00 72 00 6f 00 63 00 65 00 73 00 73 00 65 00 73 00 22 00 3a 00 22 00 31 00 31 00 33 00 22 00 2c 00 22 00 6f 00 73 00 5f
                                                                                                                                                                                                                                                                                                                Data Ascii: {"system_stats":{"os_name":"Microsoft+Windows+10+Pro","os_installdate":"20231003095718%2E000000%2B060","os_processes":"113","os_
                                                                                                                                                                                                                                                                                                                2024-10-04 14:00:12 UTC509INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                Server: nginx
                                                                                                                                                                                                                                                                                                                Date: Fri, 04 Oct 2024 14:00:12 GMT
                                                                                                                                                                                                                                                                                                                Content-Type: text/html; charset=UTF-8
                                                                                                                                                                                                                                                                                                                Transfer-Encoding: chunked
                                                                                                                                                                                                                                                                                                                Connection: close
                                                                                                                                                                                                                                                                                                                Vary: Accept-Encoding
                                                                                                                                                                                                                                                                                                                Vary: Accept-Encoding
                                                                                                                                                                                                                                                                                                                Access-Control-Allow-Credentials: true
                                                                                                                                                                                                                                                                                                                Access-Control-Allow-Methods: GET, POST, OPTIONS
                                                                                                                                                                                                                                                                                                                Access-Control-Allow-Headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
                                                                                                                                                                                                                                                                                                                Cache-Control: no-store, no-cache, must-revalidate, proxy-revalidate, max-age=0
                                                                                                                                                                                                                                                                                                                2024-10-04 14:00:12 UTC229INData Raw: 64 61 0d 0a 7b 00 22 00 63 00 70 00 67 00 22 00 3a 00 22 00 64 00 65 00 66 00 61 00 75 00 6c 00 74 00 22 00 2c 00 22 00 69 00 6e 00 73 00 74 00 5f 00 65 00 78 00 63 00 6c 00 22 00 3a 00 6e 00 75 00 6c 00 6c 00 2c 00 22 00 69 00 6e 00 73 00 74 00 5f 00 61 00 64 00 64 00 6f 00 6e 00 22 00 3a 00 7b 00 22 00 65 00 75 00 6c 00 61 00 22 00 3a 00 22 00 73 00 6b 00 69 00 70 00 70 00 65 00 64 00 22 00 7d 00 2c 00 22 00 69 00 6e 00 73 00 74 00 5f 00 61 00 64 00 76 00 61 00 6e 00 63 00 65 00 64 00 22 00 3a 00 7b 00 22 00 70 00 61 00 74 00 68 00 22 00 3a 00 22 00 31 00 22 00 2c 00 22 00 73 00 74 00 61 00 72 00 74 00 75 00 70 00 22 00 3a 00 22 00 31 00 22 00 7d 00 7d 00 0d 0a 30 0d 0a 0d 0a
                                                                                                                                                                                                                                                                                                                Data Ascii: da{"cpg":"default","inst_excl":null,"inst_addon":{"eula":"skipped"},"inst_advanced":{"path":"1","startup":"1"}}0


                                                                                                                                                                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                                1192.168.2.449732207.246.91.1774437480C:\Users\user\Desktop\Setup.exe
                                                                                                                                                                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                2024-10-04 14:00:14 UTC264OUTGET /pixel.gif?guid=71434D56-1548-ED3D-AEE6-C75AECD93BF0&version=fa.1091x&evt_src=fa_mini_installer&evt_action=show_page&p=wel&_fcid=1728048003008516 HTTP/1.1
                                                                                                                                                                                                                                                                                                                User-Agent: NSIS_Inetc (Mozilla)
                                                                                                                                                                                                                                                                                                                Host: pcapp.store
                                                                                                                                                                                                                                                                                                                Connection: Keep-Alive
                                                                                                                                                                                                                                                                                                                Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                                2024-10-04 14:00:14 UTC302INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                Server: nginx
                                                                                                                                                                                                                                                                                                                Date: Fri, 04 Oct 2024 14:00:14 GMT
                                                                                                                                                                                                                                                                                                                Content-Type: image/gif
                                                                                                                                                                                                                                                                                                                Content-Length: 42
                                                                                                                                                                                                                                                                                                                Connection: close
                                                                                                                                                                                                                                                                                                                Strict-Transport-Security: max-age=31536000; includeSubDomains
                                                                                                                                                                                                                                                                                                                Accept-Ranges: bytes
                                                                                                                                                                                                                                                                                                                Cache-Control: no-store, no-cache, must-revalidate, proxy-revalidate, max-age=0
                                                                                                                                                                                                                                                                                                                2024-10-04 14:00:14 UTC42INData Raw: 47 49 46 38 39 61 01 00 01 00 80 00 00 00 00 00 ff ff ff 21 f9 04 01 00 00 00 00 2c 00 00 00 00 01 00 01 00 00 02 01 44 00 3b
                                                                                                                                                                                                                                                                                                                Data Ascii: GIF89a!,D;


                                                                                                                                                                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                                2192.168.2.449733207.246.91.1774437480C:\Users\user\Desktop\Setup.exe
                                                                                                                                                                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                2024-10-04 14:00:17 UTC271OUTGET /pixel.gif?guid=71434D56-1548-ED3D-AEE6-C75AECD93BF0&version=fa.1091x&evt_src=fa_mini_installer&evt_action=show_page&p=installing&_fcid=1728048003008516 HTTP/1.1
                                                                                                                                                                                                                                                                                                                User-Agent: NSIS_Inetc (Mozilla)
                                                                                                                                                                                                                                                                                                                Host: pcapp.store
                                                                                                                                                                                                                                                                                                                Connection: Keep-Alive
                                                                                                                                                                                                                                                                                                                Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                                2024-10-04 14:00:17 UTC302INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                Server: nginx
                                                                                                                                                                                                                                                                                                                Date: Fri, 04 Oct 2024 14:00:17 GMT
                                                                                                                                                                                                                                                                                                                Content-Type: image/gif
                                                                                                                                                                                                                                                                                                                Content-Length: 42
                                                                                                                                                                                                                                                                                                                Connection: close
                                                                                                                                                                                                                                                                                                                Strict-Transport-Security: max-age=31536000; includeSubDomains
                                                                                                                                                                                                                                                                                                                Accept-Ranges: bytes
                                                                                                                                                                                                                                                                                                                Cache-Control: no-store, no-cache, must-revalidate, proxy-revalidate, max-age=0
                                                                                                                                                                                                                                                                                                                2024-10-04 14:00:17 UTC42INData Raw: 47 49 46 38 39 61 01 00 01 00 80 00 00 00 00 00 ff ff ff 21 f9 04 01 00 00 00 00 2c 00 00 00 00 01 00 01 00 00 02 01 44 00 3b
                                                                                                                                                                                                                                                                                                                Data Ascii: GIF89a!,D;


                                                                                                                                                                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                                3192.168.2.449734207.246.91.1774437480C:\Users\user\Desktop\Setup.exe
                                                                                                                                                                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                2024-10-04 14:00:19 UTC265OUTGET /pixel.gif?guid=71434D56-1548-ED3D-AEE6-C75AECD93BF0&version=fa.1091x&evt_src=fa_mini_installer&evt_action=start&permision=&_fcid=1728048003008516 HTTP/1.1
                                                                                                                                                                                                                                                                                                                User-Agent: NSIS_Inetc (Mozilla)
                                                                                                                                                                                                                                                                                                                Host: pcapp.store
                                                                                                                                                                                                                                                                                                                Connection: Keep-Alive
                                                                                                                                                                                                                                                                                                                Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                                2024-10-04 14:00:19 UTC302INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                Server: nginx
                                                                                                                                                                                                                                                                                                                Date: Fri, 04 Oct 2024 14:00:19 GMT
                                                                                                                                                                                                                                                                                                                Content-Type: image/gif
                                                                                                                                                                                                                                                                                                                Content-Length: 42
                                                                                                                                                                                                                                                                                                                Connection: close
                                                                                                                                                                                                                                                                                                                Strict-Transport-Security: max-age=31536000; includeSubDomains
                                                                                                                                                                                                                                                                                                                Accept-Ranges: bytes
                                                                                                                                                                                                                                                                                                                Cache-Control: no-store, no-cache, must-revalidate, proxy-revalidate, max-age=0
                                                                                                                                                                                                                                                                                                                2024-10-04 14:00:19 UTC42INData Raw: 47 49 46 38 39 61 01 00 01 00 80 00 00 00 00 00 ff ff ff 21 f9 04 01 00 00 00 00 2c 00 00 00 00 01 00 01 00 00 02 01 44 00 3b
                                                                                                                                                                                                                                                                                                                Data Ascii: GIF89a!,D;


                                                                                                                                                                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                                4192.168.2.449735207.246.91.1774437480C:\Users\user\Desktop\Setup.exe
                                                                                                                                                                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                2024-10-04 14:00:20 UTC263OUTGET /pixel.gif?guid=71434D56-1548-ED3D-AEE6-C75AECD93BF0&version=fa.1091x&evt_src=fa_mini_installer&evt_action=download_start&_fcid=1728048003008516 HTTP/1.1
                                                                                                                                                                                                                                                                                                                User-Agent: NSIS_Inetc (Mozilla)
                                                                                                                                                                                                                                                                                                                Host: pcapp.store
                                                                                                                                                                                                                                                                                                                Connection: Keep-Alive
                                                                                                                                                                                                                                                                                                                Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                                2024-10-04 14:00:20 UTC302INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                Server: nginx
                                                                                                                                                                                                                                                                                                                Date: Fri, 04 Oct 2024 14:00:20 GMT
                                                                                                                                                                                                                                                                                                                Content-Type: image/gif
                                                                                                                                                                                                                                                                                                                Content-Length: 42
                                                                                                                                                                                                                                                                                                                Connection: close
                                                                                                                                                                                                                                                                                                                Strict-Transport-Security: max-age=31536000; includeSubDomains
                                                                                                                                                                                                                                                                                                                Accept-Ranges: bytes
                                                                                                                                                                                                                                                                                                                Cache-Control: no-store, no-cache, must-revalidate, proxy-revalidate, max-age=0
                                                                                                                                                                                                                                                                                                                2024-10-04 14:00:20 UTC42INData Raw: 47 49 46 38 39 61 01 00 01 00 80 00 00 00 00 00 ff ff ff 21 f9 04 01 00 00 00 00 2c 00 00 00 00 01 00 01 00 00 02 01 44 00 3b
                                                                                                                                                                                                                                                                                                                Data Ascii: GIF89a!,D;


                                                                                                                                                                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                                5192.168.2.449738104.248.126.2254437872C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                2024-10-04 14:00:21 UTC790OUTGET /installing.php?guid=71434D56-1548-ED3D-AEE6-C75AECD93BF0&winver=19045&version=fa.1091x&nocache=20241004100016.659&_fcid=1728048003008516 HTTP/1.1
                                                                                                                                                                                                                                                                                                                Host: pcapp.store
                                                                                                                                                                                                                                                                                                                Connection: keep-alive
                                                                                                                                                                                                                                                                                                                sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"
                                                                                                                                                                                                                                                                                                                sec-ch-ua-mobile: ?0
                                                                                                                                                                                                                                                                                                                sec-ch-ua-platform: "Windows"
                                                                                                                                                                                                                                                                                                                Upgrade-Insecure-Requests: 1
                                                                                                                                                                                                                                                                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36
                                                                                                                                                                                                                                                                                                                Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                                                                                                                                                                                                                                                                                                Sec-Fetch-Site: none
                                                                                                                                                                                                                                                                                                                Sec-Fetch-Mode: navigate
                                                                                                                                                                                                                                                                                                                Sec-Fetch-User: ?1
                                                                                                                                                                                                                                                                                                                Sec-Fetch-Dest: document
                                                                                                                                                                                                                                                                                                                Accept-Encoding: gzip, deflate, br
                                                                                                                                                                                                                                                                                                                Accept-Language: en-US,en;q=0.9
                                                                                                                                                                                                                                                                                                                2024-10-04 14:00:21 UTC645INHTTP/1.1 307 Temporary Redirect
                                                                                                                                                                                                                                                                                                                Server: nginx
                                                                                                                                                                                                                                                                                                                Date: Fri, 04 Oct 2024 14:00:21 GMT
                                                                                                                                                                                                                                                                                                                Content-Type: text/html; charset=UTF-8
                                                                                                                                                                                                                                                                                                                Transfer-Encoding: chunked
                                                                                                                                                                                                                                                                                                                Connection: close
                                                                                                                                                                                                                                                                                                                Pragma: no-cache
                                                                                                                                                                                                                                                                                                                Location: https://pcapp.store/?p=lpd_installing_r2&guid=71434D56-1548-ED3D-AEE6-C75AECD93BF0&_fcid=1728048003008516&_winver=19045&version=fa.1091x
                                                                                                                                                                                                                                                                                                                Access-Control-Allow-Credentials: true
                                                                                                                                                                                                                                                                                                                Access-Control-Allow-Methods: GET, POST, OPTIONS
                                                                                                                                                                                                                                                                                                                Access-Control-Allow-Headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
                                                                                                                                                                                                                                                                                                                Cache-Control: no-store, no-cache, must-revalidate, proxy-revalidate, max-age=0
                                                                                                                                                                                                                                                                                                                2024-10-04 14:00:21 UTC5INData Raw: 30 0d 0a 0d 0a
                                                                                                                                                                                                                                                                                                                Data Ascii: 0


                                                                                                                                                                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                                6192.168.2.449740207.211.211.274437480C:\Users\user\Desktop\Setup.exe
                                                                                                                                                                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                2024-10-04 14:00:21 UTC186OUTGET /download.php?&src=mini_installer&file=1&mini_ver=fa.1091x HTTP/1.1
                                                                                                                                                                                                                                                                                                                User-Agent: NSIS_Inetc (Mozilla)
                                                                                                                                                                                                                                                                                                                Host: delivery.pcapp.store
                                                                                                                                                                                                                                                                                                                Connection: Keep-Alive
                                                                                                                                                                                                                                                                                                                Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                                2024-10-04 14:00:21 UTC926INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                Date: Fri, 04 Oct 2024 14:00:21 GMT
                                                                                                                                                                                                                                                                                                                Content-Type: application/octet-stream
                                                                                                                                                                                                                                                                                                                Content-Length: 93366688
                                                                                                                                                                                                                                                                                                                Connection: close
                                                                                                                                                                                                                                                                                                                Content-Description: File Transfer
                                                                                                                                                                                                                                                                                                                Content-Disposition: attachment; filename="Setup.exe"
                                                                                                                                                                                                                                                                                                                Expires: Fri, 04 Oct 2024 14:11:57 GMT
                                                                                                                                                                                                                                                                                                                Cache-Control: max-age=900
                                                                                                                                                                                                                                                                                                                X-Frame-Options: SAMEORIGIN
                                                                                                                                                                                                                                                                                                                Access-Control-Allow-Credentials: true
                                                                                                                                                                                                                                                                                                                Access-Control-Allow-Methods: GET, POST, OPTIONS
                                                                                                                                                                                                                                                                                                                Access-Control-Allow-Headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
                                                                                                                                                                                                                                                                                                                Strict-Transport-Security: max-age=31536000; includeSubDomains
                                                                                                                                                                                                                                                                                                                X-77-NZT: EgwBz9PTGQGzfQUAAAwBJRPCLgG3zAAAAA
                                                                                                                                                                                                                                                                                                                X-77-NZT-Ray: 43862e246428ddadf5f4ff669d8ec533
                                                                                                                                                                                                                                                                                                                X-Accel-Expires: @1728051117
                                                                                                                                                                                                                                                                                                                X-Accel-Date: 1728049016
                                                                                                                                                                                                                                                                                                                X-Accel-Date-Max: 1728050217
                                                                                                                                                                                                                                                                                                                X-77-Cache: HIT
                                                                                                                                                                                                                                                                                                                X-77-Age: 204
                                                                                                                                                                                                                                                                                                                Server: CDN77-Turbo
                                                                                                                                                                                                                                                                                                                X-Cache: EXPIRED
                                                                                                                                                                                                                                                                                                                X-Age: 1405
                                                                                                                                                                                                                                                                                                                X-77-POP: frankfurtDE
                                                                                                                                                                                                                                                                                                                Accept-Ranges: bytes
                                                                                                                                                                                                                                                                                                                2024-10-04 14:00:21 UTC15458INData Raw: 4d 5a 90 00 03 00 00 00 04 00 00 00 ff ff 00 00 b8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 d8 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 0d 0d 0a 24 00 00 00 00 00 00 00 ad 31 08 81 e9 50 66 d2 e9 50 66 d2 e9 50 66 d2 2a 5f 39 d2 eb 50 66 d2 e9 50 67 d2 4c 50 66 d2 2a 5f 3b d2 e6 50 66 d2 bd 73 56 d2 e3 50 66 d2 2e 56 60 d2 e8 50 66 d2 52 69 63 68 e9 50 66 d2 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 50 45 00 00 4c 01 05 00 1f 9b 4f 61 00 00 00 00 00 00 00 00 e0 00 0f 01 0b 01 06 00 00 68 00 00 00 2a 02 00 00 08 00
                                                                                                                                                                                                                                                                                                                Data Ascii: MZ@!L!This program cannot be run in DOS mode.$1PfPfPf*_9PfPgLPf*_;PfsVPf.V`PfRichPfPELOah*
                                                                                                                                                                                                                                                                                                                2024-10-04 14:00:22 UTC16384INData Raw: 50 ff 15 f4 81 40 00 50 53 68 43 04 00 00 57 ff d6 68 00 00 01 04 53 68 45 04 00 00 57 ff d6 ff 75 14 e8 f5 1d 00 00 50 53 68 35 04 00 00 57 ff d6 8d 45 f4 89 1d 14 17 42 00 50 ff 75 0c 68 49 04 00 00 57 ff d6 89 1d 14 17 42 00 33 c0 e9 52 01 00 00 81 7d 0c 11 01 00 00 8b 35 80 82 40 00 75 5b 8b 45 10 c1 e8 10 66 85 c0 0f 85 25 01 00 00 39 1d 14 17 42 00 0f 85 19 01 00 00 a1 20 27 42 00 8d 78 14 f6 07 20 0f 84 08 01 00 00 53 53 68 f0 00 00 00 68 0a 04 00 00 ff 75 08 ff 15 64 82 40 00 50 ff d6 8b 0f 83 e0 01 83 e1 fe 50 0b c8 89 0f e8 cc fc ff ff e8 ef 00 00 00 83 7d 0c 4e 0f 85 c0 00 00 00 68 e8 03 00 00 ff 75 08 ff 15 64 82 40 00 8b 7d 14 81 7f 08 0b 07 00 00 75 67 81 7f 0c 01 02 00 00 75 5e 8b 4f 1c 8b 57 18 89 4d f8 2b ca 81 f9 00 08 00 00 89 55 f4 c7
                                                                                                                                                                                                                                                                                                                Data Ascii: P@PShCWhShEWuPSh5WEBPuhIWB3R}5@u[Ef%9B 'Bx SShhud@PP}Nhud@}ugu^OWM+U
                                                                                                                                                                                                                                                                                                                2024-10-04 14:00:22 UTC16384INData Raw: 6c 73 74 72 63 6d 70 57 00 00 c4 03 6c 73 74 72 63 6d 70 69 57 00 34 00 43 6c 6f 73 65 48 61 6e 64 6c 65 00 1f 03 53 65 74 46 69 6c 65 54 69 6d 65 00 39 00 43 6f 6d 70 61 72 65 46 69 6c 65 54 69 6d 65 00 dc 02 53 65 61 72 63 68 50 61 74 68 57 00 b6 01 47 65 74 53 68 6f 72 74 50 61 74 68 4e 61 6d 65 57 00 6a 01 47 65 74 46 75 6c 6c 50 61 74 68 4e 61 6d 65 57 00 00 71 02 4d 6f 76 65 46 69 6c 65 57 00 0b 03 53 65 74 43 75 72 72 65 6e 74 44 69 72 65 63 74 6f 72 79 57 00 00 61 01 47 65 74 46 69 6c 65 41 74 74 72 69 62 75 74 65 73 57 00 00 1a 03 53 65 74 46 69 6c 65 41 74 74 72 69 62 75 74 65 73 57 00 00 56 03 53 6c 65 65 70 00 df 01 47 65 74 54 69 63 6b 43 6f 75 6e 74 00 00 56 00 43 72 65 61 74 65 46 69 6c 65 57 00 63 01 47 65 74 46 69 6c 65 53 69 7a 65 00 7e
                                                                                                                                                                                                                                                                                                                Data Ascii: lstrcmpWlstrcmpiW4CloseHandleSetFileTime9CompareFileTimeSearchPathWGetShortPathNameWjGetFullPathNameWqMoveFileWSetCurrentDirectoryWaGetFileAttributesWSetFileAttributesWVSleepGetTickCountVCreateFileWcGetFileSize~
                                                                                                                                                                                                                                                                                                                2024-10-04 14:00:22 UTC16384INData Raw: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff cb da ff ff 2c 68 ff ff 2c 68 ff ff 2c 68 ff ff 2c 68 ff ff 2c 68 ff ff 2c 68 ff ff 2c 68 ff ff 2c 68 ff ff 2c 68 ff ff 2c 68 ff ff 2c 68 ff ff 2c 68 ff ff 2c 68 ff ff 2c 68 ff ff 2c 68 ff ff 2c 68 ff ff 2c 68 ff ff 2c 68 ff ff 2c 68 ff ff 2c 68 ff ff 2c 68 ff ff 2c 68 ff ff 2c 68 ff ff 2c 68 ff ff 2c 68 ff ff 2c 68 ff ff cb da ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff 2c 68 ff ff 2c 68 ff ff 2c 68 ff ff 2c 68 ff ff 2c 68 ff ff 2c 68 ff ff 2c 68 ff ff 2c 68 ff ff 2c 68 ff ff 2c 68 ff ff 2c 68 ff ff 2c 68 ff ff 2c 68 ff ff 2c 68 ff ff 2c 68 ff ff 2c 68 ff ff 2c 68 ff ff 2c 68 ff ff 2c 68 ff ff 2c 68 ff ff 2c 68 ff ff 2c 68 ff ff 2c 68 ff ff 2c 68 ff ff f3
                                                                                                                                                                                                                                                                                                                Data Ascii: ,h,h,h,h,h,h,h,h,h,h,h,h,h,h,h,h,h,h,h,h,h,h,h,h,h,h,h,h,h,h,h,h,h,h,h,h,h,h,h,h,h,h,h,h,h,h,h,h,h,h
                                                                                                                                                                                                                                                                                                                2024-10-04 14:00:22 UTC16384INData Raw: 62 ce b5 42 39 ce c6 1a 15 a5 5e a1 25 8f 55 7e 90 83 ab 3d cf d2 e3 85 cd 3d 8b 2d e6 bc a5 3c f2 a9 3d f0 08 21 14 b3 21 53 fc 71 d2 56 58 5e 87 5f 5d ab 3d 3d 3b 1d 51 c9 49 24 0c da 99 8d c9 28 b4 57 90 88 65 64 1b 6a b1 02 7d 81 59 a3 3f bd bb 57 b8 59 34 19 5b 7b e1 36 82 71 00 74 4c c5 01 60 b0 cb 6c 4a 9a 31 22 07 ac af cd 6e 4f 78 da 3c 6a 92 a0 63 da 50 e0 12 3a db 56 a6 bb 46 4b b9 bf 2b 51 30 1c 7e e6 ee 77 a2 49 12 6a 3d 0c c4 73 41 92 af 80 eb 9c 42 f9 7f e4 af 7d 31 c6 f6 db ac 7a b7 d2 b9 9d 1a 5e e1 bd a5 38 ae 27 ea 97 ac b1 61 7d 6c 62 43 06 20 ab e2 ff c9 ae 6f a5 a3 8a f1 a6 eb b9 d4 7a 04 e8 49 a7 e1 b8 53 f1 2d 23 e4 b4 cf 54 f9 3a d3 93 7e fe 85 1a 1d 36 0e 77 7c 74 65 0d 01 a9 3b e2 ea e8 68 44 92 11 2f d0 8b cb 5f 2c d8 4d 0d 72
                                                                                                                                                                                                                                                                                                                Data Ascii: bB9^%U~==-<=!!SqVX^_]==;QI$(Wedj}Y?WY4[{6qtL`lJ1"nOx<jcP:VFK+Q0~wIj=sAB}1z^8'a}lbC ozIS-#T:~6w|te;hD/_,Mr
                                                                                                                                                                                                                                                                                                                2024-10-04 14:00:22 UTC16384INData Raw: 4e be b8 83 89 30 20 4b 30 2c fb cb 8a 39 97 f8 b3 d1 36 7d 6d 29 9a 59 6c 83 a4 5a 23 81 a3 26 c4 82 d1 07 71 de 74 ab 0a 26 d4 04 c3 7d 5f 23 9d f0 ba 86 bf 27 d6 b8 2f d7 51 67 c0 66 16 f9 52 8a 82 ea 92 64 87 99 2d ce e6 ea 60 23 29 d0 16 28 5e fd 43 9c f7 c2 46 83 d5 78 f0 d2 b8 7c 3b 00 46 c7 93 2a 1d 52 fa 56 ee 9f b8 2a c8 87 82 24 af da 8a af 61 d9 5a 65 32 59 9e ce 11 62 46 09 7f 19 29 cd de 3c 80 c5 8f a2 e7 9f b0 7a 1d fc 48 58 e4 4f 28 39 81 2c 5a f7 fa 10 c3 96 1e fe 40 29 ec bb bb 7d 8e 4c 8f 14 eb 25 13 2e 2b 07 f0 a3 0b 4d ad 63 35 e1 20 a7 b0 a6 9b 7a 9e e3 43 9b 79 62 91 fb ca 81 ce d0 2c 41 2b 74 42 ba 2a 96 47 c0 fd 64 72 d3 ef 72 55 d3 48 2c 54 41 57 5b c3 5e 83 cb 51 c3 ac e0 26 67 70 1e b6 83 21 2c 92 7b f0 03 fd 1a 7a c5 1a fe ff
                                                                                                                                                                                                                                                                                                                Data Ascii: N0 K0,96}m)YlZ#&qt&}_#'/QgfRd-`#)(^CFx|;F*RV*$aZe2YbF)<zHXO(9,Z@)}L%.+Mc5 zCyb,A+tB*GdrrUH,TAW[^Q&gp!,{z
                                                                                                                                                                                                                                                                                                                2024-10-04 14:00:22 UTC16384INData Raw: db 6a b8 36 bd 63 2e 71 5e bd c7 d7 be ef 05 36 46 9b e1 83 bb df 22 a1 e8 18 45 08 e3 bb 7e 5a 7e a5 53 81 dd cd 04 64 79 6f 42 4b 82 37 a6 6c 08 24 f1 e9 f2 cb ee 93 92 14 24 86 57 73 64 24 ca 0a cc d8 1c ce 02 b3 d2 c4 2f 2c ed 4a 58 70 cd 52 c1 23 ed 95 44 79 a7 d1 ca f2 bf ee b0 d1 b5 61 cc 22 0b 6b 2b c7 1d 13 27 de 14 2b a3 3b 23 09 a8 0e 8a e5 13 f6 b5 91 49 9a 07 17 4a ed 59 32 17 8c be 98 e4 b3 21 3f 7d c9 02 31 31 e0 ae 11 db ff b3 f5 d2 05 be 4a e5 7f 9b 62 94 9a 00 e2 2e 5e 39 ac fa 07 16 6e 90 f3 fe e0 73 bb 38 c6 62 2c 32 86 96 1f 67 db 58 cf 8e c4 3b df 0e 47 9b ca de c8 8a a2 d0 8d 56 c2 a9 64 15 00 56 1c 99 99 f1 74 48 00 fc d3 8f a3 57 7a bc f2 00 c3 80 4d 2f 02 86 69 15 9a 0b 66 be f5 25 6b 06 2e 72 b0 d7 74 18 a8 4d e4 13 ef 43 a1 e8
                                                                                                                                                                                                                                                                                                                Data Ascii: j6c.q^6F"E~Z~SdyoBK7l$$Wsd$/,JXpR#Dya"k+'+;#IJY2!?}11Jb.^9ns8b,2gX;GVdVtHWzM/if%k.rtMC
                                                                                                                                                                                                                                                                                                                2024-10-04 14:00:22 UTC16384INData Raw: 05 9e f1 da 9b 9c 0f cc 2b ca e4 d5 ab af d0 6a 99 94 1c d0 1f 2d 87 e0 e3 48 5e b7 e1 47 2d b4 92 3d 81 9e 1b 34 52 19 a4 36 d3 6d 1a a7 6f 0b 0a 13 95 d3 4c 5f 25 02 0c 30 cb f8 20 a0 3c 25 49 b9 09 40 bb 5f 80 bc d2 9a 4a ec 92 3f e3 66 b7 53 c4 94 22 59 83 7f d1 35 3b a2 8e df 3a d6 76 6a 47 ad be be 1c 2a 6f 04 d4 3d 62 27 72 d3 95 87 d7 6b 99 e8 5b 9e d0 73 ed b9 bd a4 c7 88 e8 cf cd 57 9f de 6d 54 42 92 a2 02 23 1b ad cc 8d 21 b7 95 28 a7 cd 1c 59 10 a7 f8 49 0c f8 57 3e 8c 7b 2c ad 6e 15 f2 35 6c 14 8e 57 65 45 0d 30 f0 31 53 ee a4 83 f0 2f 55 f7 ab 37 dc 09 e5 df 69 c2 43 40 e1 4d 7b a3 39 58 c3 5b 8e 0c 4e b8 7a b1 55 7c 48 a6 0b 9f c7 97 c8 71 78 5a 0f 2d 1a 23 47 4d 18 0e 32 61 a7 bd 4c 2d 3f 7d 6c 18 b2 3f 4d c1 a5 20 d1 6d 9b 61 27 ae 09 4e
                                                                                                                                                                                                                                                                                                                Data Ascii: +j-H^G-=4R6moL_%0 <%I@_J?fS"Y5;:vjG*o=b'rk[sWmTB#!(YIW>{,n5lWeE01S/U7iC@M{9X[NzU|HqxZ-#GM2aL-?}l?M ma'N
                                                                                                                                                                                                                                                                                                                2024-10-04 14:00:22 UTC16384INData Raw: 70 d9 db 2f d1 0b 2a 4b 98 23 a8 b6 8c ba de 55 05 13 20 5b a5 19 a8 ad 05 58 42 91 3c 60 61 6a 5d e1 da 38 1b 22 c2 24 d0 d3 ac 2c 65 e1 26 86 f1 73 91 88 ad bb 3b b3 d4 b3 31 03 3d 2b c3 49 f0 7f 37 45 33 bd 31 09 5e 0e 4e 39 51 2f 03 55 b1 63 b8 92 9b 63 7f 87 cf f5 43 87 9a 8a 50 b6 65 b3 5e f4 93 3c 33 0f 14 e4 6a 89 b9 1a 48 30 5a 1d c3 bd 6e f7 6f 6f 04 ac 60 d8 63 f8 56 01 31 35 c4 44 72 bf 51 9d ac 15 87 ef 63 0a 9e f4 75 60 2b 42 a4 35 a3 05 6c 81 cf 42 ae c0 37 b8 dd fd 6f 10 fd 79 1f 2f 09 ef 47 a3 bf 08 54 92 8e 5e 87 f8 93 f7 70 28 82 d3 73 8d 56 c3 92 0f cc 29 18 ef 18 51 57 ed db 23 32 1e fa c5 49 67 e3 d8 f2 e6 d2 8a db ad 9c 37 bd 0e 69 0e 1f f6 15 99 96 c9 b8 9a 9a c5 dd 55 fd 94 fe 45 ef 4c 20 0e f7 6a a3 d0 71 b9 fd d3 db e8 04 57 e1
                                                                                                                                                                                                                                                                                                                Data Ascii: p/*K#U [XB<`aj]8"$,e&s;1=+I7E31^N9Q/UccCPe^<3jH0Znoo`cV15DrQcu`+B5lB7oy/GT^p(sV)QW#2Ig7iUEL jqW
                                                                                                                                                                                                                                                                                                                2024-10-04 14:00:22 UTC16384INData Raw: 36 63 3a 64 b6 99 3d 11 ed ce fd f5 63 e5 37 c4 d9 43 34 c1 bd 39 ad e8 e2 28 e3 08 0e 22 22 50 9a f9 8a 9e 44 15 dc 35 5f 33 a1 e7 92 30 4b 5d 17 15 18 d4 f8 b7 e8 d4 90 70 01 6e 83 28 6c 30 46 ce ad 39 a5 a1 03 3a 1e ef 81 57 d2 7c ad 16 49 ca 5b fd 18 0c 83 22 3e 9f 72 bc d9 42 b0 d5 76 92 10 3f 50 5e de 52 c1 8a c5 7d 73 ba ab dd 21 ea ee 88 25 93 a7 82 ce bc 1e e4 c5 4d e7 f4 21 4e 4e b9 81 10 b4 25 3f 1f 64 1f 8f 7a f7 4b 62 d0 fa 5f 36 01 e6 64 0f b9 0f 3c 81 6a d8 a7 60 34 32 82 1c 21 e8 27 74 66 2a de 1d a1 c6 0c 2e 58 4d dc 04 2a 69 e2 48 1d b3 5a 04 f9 27 ff d6 d4 78 af 8e f8 81 e2 17 e0 78 cd e0 dd 61 95 de d6 4d 40 f7 88 b8 f9 f9 dd 16 97 f8 19 cd 4d 93 0a 78 64 c8 1c c0 e8 82 6b f1 11 33 f4 46 dd ed 95 82 dd a4 ed 82 9e 47 80 c5 47 8b d9 48
                                                                                                                                                                                                                                                                                                                Data Ascii: 6c:d=c7C49(""PD5_30K]pn(l0F9:W|I[">rBv?P^R}s!%M!NN%?dzKb_6d<j`42!'tf*.XM*iHZ'xxaM@Mxdk3FGGH


                                                                                                                                                                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                                7192.168.2.449741104.248.126.2254437872C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                2024-10-04 14:00:21 UTC770OUTGET /?p=lpd_installing_r2&guid=71434D56-1548-ED3D-AEE6-C75AECD93BF0&_fcid=1728048003008516&_winver=19045&version=fa.1091x HTTP/1.1
                                                                                                                                                                                                                                                                                                                Host: pcapp.store
                                                                                                                                                                                                                                                                                                                Connection: keep-alive
                                                                                                                                                                                                                                                                                                                Upgrade-Insecure-Requests: 1
                                                                                                                                                                                                                                                                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36
                                                                                                                                                                                                                                                                                                                Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                                                                                                                                                                                                                                                                                                Sec-Fetch-Site: none
                                                                                                                                                                                                                                                                                                                Sec-Fetch-Mode: navigate
                                                                                                                                                                                                                                                                                                                Sec-Fetch-User: ?1
                                                                                                                                                                                                                                                                                                                Sec-Fetch-Dest: document
                                                                                                                                                                                                                                                                                                                sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"
                                                                                                                                                                                                                                                                                                                sec-ch-ua-mobile: ?0
                                                                                                                                                                                                                                                                                                                sec-ch-ua-platform: "Windows"
                                                                                                                                                                                                                                                                                                                Accept-Encoding: gzip, deflate, br
                                                                                                                                                                                                                                                                                                                Accept-Language: en-US,en;q=0.9
                                                                                                                                                                                                                                                                                                                2024-10-04 14:00:22 UTC585INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                Server: nginx
                                                                                                                                                                                                                                                                                                                Date: Fri, 04 Oct 2024 14:00:21 GMT
                                                                                                                                                                                                                                                                                                                Content-Type: text/html; charset=UTF-8
                                                                                                                                                                                                                                                                                                                Transfer-Encoding: chunked
                                                                                                                                                                                                                                                                                                                Connection: close
                                                                                                                                                                                                                                                                                                                Vary: Accept-Encoding
                                                                                                                                                                                                                                                                                                                Vary: Accept-Encoding
                                                                                                                                                                                                                                                                                                                Set-Cookie: srcr=deleted; expires=Thu, 01-Jan-1970 00:00:01 GMT; Max-Age=0
                                                                                                                                                                                                                                                                                                                Access-Control-Allow-Credentials: true
                                                                                                                                                                                                                                                                                                                Access-Control-Allow-Methods: GET, POST, OPTIONS
                                                                                                                                                                                                                                                                                                                Access-Control-Allow-Headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
                                                                                                                                                                                                                                                                                                                Cache-Control: no-store, no-cache, must-revalidate, proxy-revalidate, max-age=0
                                                                                                                                                                                                                                                                                                                2024-10-04 14:00:22 UTC15799INData Raw: 31 65 33 62 0d 0a 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 3e 0a 20 20 3c 68 65 61 64 3e 0a 20 20 20 20 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 55 54 46 2d 38 22 20 2f 3e 0a 20 20 20 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2e 30 22 20 2f 3e 0a 20 20 20 20 3c 74 69 74 6c 65 3e 41 50 50 20 53 54 4f 52 45 3a 20 49 6e 73 74 61 6c 6c 69 6e 67 3c 2f 74 69 74 6c 65 3e 0a 20 20 20 20 3c 6c 69 6e 6b 20 72 65 6c 3d 22 69 63 6f 6e 22 20 68 72 65 66 3d 22 2f 6c 70 2f 61 70 70 73 74 6f 72 65 2f 69 6d 67 2f 66 61 76 69 63 6f 6e 2e 69 63 6f 22 20 2f 3e 0a
                                                                                                                                                                                                                                                                                                                Data Ascii: 1e3b<!DOCTYPE html><html lang="en"> <head> <meta charset="UTF-8" /> <meta name="viewport" content="width=device-width, initial-scale=1.0" /> <title>APP STORE: Installing</title> <link rel="icon" href="/lp/appstore/img/favicon.ico" />
                                                                                                                                                                                                                                                                                                                2024-10-04 14:00:22 UTC12661INData Raw: 72 69 6e 67 28 31 2c 20 63 2e 6c 65 6e 67 74 68 29 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 69 66 20 28 63 2e 69 6e 64 65 78 4f 66 28 6e 61 6d 65 45 51 29 20 3d 3d 20 30 29 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 72 65 74 75 72 6e 20 63 2e 73 75 62 73 74 72 69 6e 67 28 6e 61 6d 65 45 51 2e 6c 65 6e 67 74 68 2c 20 63 2e 6c 65 6e 67 74 68 29 3b 0a 20 20 20 20 20 20 20 20 20 20 7d 0a 20 20 20 20 20 20 20 20 20 20 72 65 74 75 72 6e 0d 0a 31 30 30 30 0d 0a 20 6e 75 6c 6c 3b 0a 20 20 20 20 20 20 20 20 7d 0a 20 20 20 20 20 20 7d 0a 20 20 20 20 20 20 0a 20 20 20 20 20 20 69 66 28 20 74 79 70 65 6f 66 28 6d 61 6b 65 50 6f 73 74 52 65 71 75 65 73 74 29 20 3d 3d 3d 20 27 75 6e 64 65 66 69 6e 65 64 27 29 20 7b 0a 20 20 20 20 20 20 20 20 76 61 72 20 6d 61 6b 65
                                                                                                                                                                                                                                                                                                                Data Ascii: ring(1, c.length); if (c.indexOf(nameEQ) == 0) return c.substring(nameEQ.length, c.length); } return1000 null; } } if( typeof(makePostRequest) === 'undefined') { var make


                                                                                                                                                                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                                8192.168.2.449746104.248.126.2254437872C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                2024-10-04 14:00:22 UTC709OUTGET /lp/lpd_installing_r2/src/lpd_installing_r2.min.css?nocache=1709636059406 HTTP/1.1
                                                                                                                                                                                                                                                                                                                Host: pcapp.store
                                                                                                                                                                                                                                                                                                                Connection: keep-alive
                                                                                                                                                                                                                                                                                                                sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"
                                                                                                                                                                                                                                                                                                                sec-ch-ua-mobile: ?0
                                                                                                                                                                                                                                                                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36
                                                                                                                                                                                                                                                                                                                sec-ch-ua-platform: "Windows"
                                                                                                                                                                                                                                                                                                                Accept: text/css,*/*;q=0.1
                                                                                                                                                                                                                                                                                                                Sec-Fetch-Site: same-origin
                                                                                                                                                                                                                                                                                                                Sec-Fetch-Mode: no-cors
                                                                                                                                                                                                                                                                                                                Sec-Fetch-Dest: style
                                                                                                                                                                                                                                                                                                                Referer: https://pcapp.store/?p=lpd_installing_r2&guid=71434D56-1548-ED3D-AEE6-C75AECD93BF0&_fcid=1728048003008516&_winver=19045&version=fa.1091x
                                                                                                                                                                                                                                                                                                                Accept-Encoding: gzip, deflate, br
                                                                                                                                                                                                                                                                                                                Accept-Language: en-US,en;q=0.9
                                                                                                                                                                                                                                                                                                                2024-10-04 14:00:22 UTC350INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                Server: nginx
                                                                                                                                                                                                                                                                                                                Date: Fri, 04 Oct 2024 14:00:22 GMT
                                                                                                                                                                                                                                                                                                                Content-Type: text/css
                                                                                                                                                                                                                                                                                                                Content-Length: 65638
                                                                                                                                                                                                                                                                                                                Connection: close
                                                                                                                                                                                                                                                                                                                Vary: Accept-Encoding
                                                                                                                                                                                                                                                                                                                Vary: Accept-Encoding
                                                                                                                                                                                                                                                                                                                Strict-Transport-Security: max-age=31536000; includeSubDomains
                                                                                                                                                                                                                                                                                                                Accept-Ranges: bytes
                                                                                                                                                                                                                                                                                                                Cache-Control: no-store, no-cache, must-revalidate, proxy-revalidate, max-age=0
                                                                                                                                                                                                                                                                                                                2024-10-04 14:00:22 UTC16034INData Raw: 2f 2a 21 20 6e 6f 72 6d 61 6c 69 7a 65 2e 63 73 73 20 76 38 2e 30 2e 31 20 7c 20 4d 49 54 20 4c 69 63 65 6e 73 65 20 7c 20 67 69 74 68 75 62 2e 63 6f 6d 2f 6e 65 63 6f 6c 61 73 2f 6e 6f 72 6d 61 6c 69 7a 65 2e 63 73 73 20 2a 2f 68 74 6d 6c 7b 6c 69 6e 65 2d 68 65 69 67 68 74 3a 31 2e 31 35 3b 2d 77 65 62 6b 69 74 2d 74 65 78 74 2d 73 69 7a 65 2d 61 64 6a 75 73 74 3a 31 30 30 25 7d 62 6f 64 79 7b 6d 61 72 67 69 6e 3a 30 7d 6d 61 69 6e 7b 64 69 73 70 6c 61 79 3a 62 6c 6f 63 6b 7d 68 31 7b 66 6f 6e 74 2d 73 69 7a 65 3a 32 65 6d 3b 6d 61 72 67 69 6e 3a 30 2e 36 37 65 6d 20 30 7d 68 72 7b 2d 77 65 62 6b 69 74 2d 62 6f 78 2d 73 69 7a 69 6e 67 3a 63 6f 6e 74 65 6e 74 2d 62 6f 78 3b 62 6f 78 2d 73 69 7a 69 6e 67 3a 63 6f 6e 74 65 6e 74 2d 62 6f 78 3b 68 65 69 67
                                                                                                                                                                                                                                                                                                                Data Ascii: /*! normalize.css v8.0.1 | MIT License | github.com/necolas/normalize.css */html{line-height:1.15;-webkit-text-size-adjust:100%}body{margin:0}main{display:block}h1{font-size:2em;margin:0.67em 0}hr{-webkit-box-sizing:content-box;box-sizing:content-box;heig
                                                                                                                                                                                                                                                                                                                2024-10-04 14:00:22 UTC16384INData Raw: 74 72 61 6e 73 66 6f 72 6d 3a 74 72 61 6e 73 6c 61 74 65 58 28 30 25 29 3b 77 69 64 74 68 3a 30 3b 68 65 69 67 68 74 3a 31 30 70 78 3b 62 61 63 6b 67 72 6f 75 6e 64 3a 2d 77 65 62 6b 69 74 2d 67 72 61 64 69 65 6e 74 28 6c 69 6e 65 61 72 2c 20 6c 65 66 74 20 74 6f 70 2c 20 72 69 67 68 74 20 74 6f 70 2c 20 66 72 6f 6d 28 72 67 62 61 28 32 2c 30 2c 33 36 2c 30 29 29 2c 20 74 6f 28 23 33 36 38 33 66 37 29 29 3b 62 61 63 6b 67 72 6f 75 6e 64 3a 6c 69 6e 65 61 72 2d 67 72 61 64 69 65 6e 74 28 39 30 64 65 67 2c 20 72 67 62 61 28 32 2c 30 2c 33 36 2c 30 29 20 30 25 2c 20 23 33 36 38 33 66 37 20 31 30 30 25 29 3b 7a 2d 69 6e 64 65 78 3a 31 30 3b 2d 77 65 62 6b 69 74 2d 61 6e 69 6d 61 74 69 6f 6e 2d 6e 61 6d 65 3a 64 6f 77 6e 6c 6f 61 64 69 6e 67 2d 73 70 69 6e 6e
                                                                                                                                                                                                                                                                                                                Data Ascii: transform:translateX(0%);width:0;height:10px;background:-webkit-gradient(linear, left top, right top, from(rgba(2,0,36,0)), to(#3683f7));background:linear-gradient(90deg, rgba(2,0,36,0) 0%, #3683f7 100%);z-index:10;-webkit-animation-name:downloading-spinn
                                                                                                                                                                                                                                                                                                                2024-10-04 14:00:22 UTC16384INData Raw: 34 3b 2d 77 65 62 6b 69 74 2d 62 6f 78 2d 6f 72 64 69 6e 61 6c 2d 67 72 6f 75 70 3a 35 3b 6f 72 64 65 72 3a 34 7d 2e 6f 72 64 65 72 2d 6d 64 2d 35 7b 2d 6d 73 2d 66 6c 65 78 2d 6f 72 64 65 72 3a 35 3b 2d 77 65 62 6b 69 74 2d 62 6f 78 2d 6f 72 64 69 6e 61 6c 2d 67 72 6f 75 70 3a 36 3b 6f 72 64 65 72 3a 35 7d 2e 6f 72 64 65 72 2d 6d 64 2d 36 7b 2d 6d 73 2d 66 6c 65 78 2d 6f 72 64 65 72 3a 36 3b 2d 77 65 62 6b 69 74 2d 62 6f 78 2d 6f 72 64 69 6e 61 6c 2d 67 72 6f 75 70 3a 37 3b 6f 72 64 65 72 3a 36 7d 2e 6f 72 64 65 72 2d 6d 64 2d 37 7b 2d 6d 73 2d 66 6c 65 78 2d 6f 72 64 65 72 3a 37 3b 2d 77 65 62 6b 69 74 2d 62 6f 78 2d 6f 72 64 69 6e 61 6c 2d 67 72 6f 75 70 3a 38 3b 6f 72 64 65 72 3a 37 7d 2e 6f 72 64 65 72 2d 6d 64 2d 38 7b 2d 6d 73 2d 66 6c 65 78 2d 6f
                                                                                                                                                                                                                                                                                                                Data Ascii: 4;-webkit-box-ordinal-group:5;order:4}.order-md-5{-ms-flex-order:5;-webkit-box-ordinal-group:6;order:5}.order-md-6{-ms-flex-order:6;-webkit-box-ordinal-group:7;order:6}.order-md-7{-ms-flex-order:7;-webkit-box-ordinal-group:8;order:7}.order-md-8{-ms-flex-o
                                                                                                                                                                                                                                                                                                                2024-10-04 14:00:23 UTC16384INData Raw: 6e 3a 61 75 74 6f 20 21 69 6d 70 6f 72 74 61 6e 74 3b 61 6c 69 67 6e 2d 73 65 6c 66 3a 61 75 74 6f 20 21 69 6d 70 6f 72 74 61 6e 74 7d 2e 61 6c 69 67 6e 2d 73 65 6c 66 2d 6c 67 2d 73 74 61 72 74 7b 2d 6d 73 2d 66 6c 65 78 2d 69 74 65 6d 2d 61 6c 69 67 6e 3a 73 74 61 72 74 20 21 69 6d 70 6f 72 74 61 6e 74 3b 61 6c 69 67 6e 2d 73 65 6c 66 3a 66 6c 65 78 2d 73 74 61 72 74 20 21 69 6d 70 6f 72 74 61 6e 74 7d 2e 61 6c 69 67 6e 2d 73 65 6c 66 2d 6c 67 2d 65 6e 64 7b 2d 6d 73 2d 66 6c 65 78 2d 69 74 65 6d 2d 61 6c 69 67 6e 3a 65 6e 64 20 21 69 6d 70 6f 72 74 61 6e 74 3b 61 6c 69 67 6e 2d 73 65 6c 66 3a 66 6c 65 78 2d 65 6e 64 20 21 69 6d 70 6f 72 74 61 6e 74 7d 2e 61 6c 69 67 6e 2d 73 65 6c 66 2d 6c 67 2d 63 65 6e 74 65 72 7b 2d 6d 73 2d 66 6c 65 78 2d 69 74 65
                                                                                                                                                                                                                                                                                                                Data Ascii: n:auto !important;align-self:auto !important}.align-self-lg-start{-ms-flex-item-align:start !important;align-self:flex-start !important}.align-self-lg-end{-ms-flex-item-align:end !important;align-self:flex-end !important}.align-self-lg-center{-ms-flex-ite
                                                                                                                                                                                                                                                                                                                2024-10-04 14:00:23 UTC452INData Raw: 6e 6c 69 6e 65 2d 62 6c 6f 63 6b 7b 64 69 73 70 6c 61 79 3a 69 6e 6c 69 6e 65 2d 62 6c 6f 63 6b 20 21 69 6d 70 6f 72 74 61 6e 74 7d 2e 64 2d 70 72 69 6e 74 2d 62 6c 6f 63 6b 7b 64 69 73 70 6c 61 79 3a 62 6c 6f 63 6b 20 21 69 6d 70 6f 72 74 61 6e 74 7d 2e 64 2d 70 72 69 6e 74 2d 74 61 62 6c 65 7b 64 69 73 70 6c 61 79 3a 74 61 62 6c 65 20 21 69 6d 70 6f 72 74 61 6e 74 7d 2e 64 2d 70 72 69 6e 74 2d 74 61 62 6c 65 2d 72 6f 77 7b 64 69 73 70 6c 61 79 3a 74 61 62 6c 65 2d 72 6f 77 20 21 69 6d 70 6f 72 74 61 6e 74 7d 2e 64 2d 70 72 69 6e 74 2d 74 61 62 6c 65 2d 63 65 6c 6c 7b 64 69 73 70 6c 61 79 3a 74 61 62 6c 65 2d 63 65 6c 6c 20 21 69 6d 70 6f 72 74 61 6e 74 7d 2e 64 2d 70 72 69 6e 74 2d 66 6c 65 78 7b 64 69 73 70 6c 61 79 3a 2d 6d 73 2d 66 6c 65 78 62 6f 78
                                                                                                                                                                                                                                                                                                                Data Ascii: nline-block{display:inline-block !important}.d-print-block{display:block !important}.d-print-table{display:table !important}.d-print-table-row{display:table-row !important}.d-print-table-cell{display:table-cell !important}.d-print-flex{display:-ms-flexbox


                                                                                                                                                                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                                9192.168.2.449751104.248.126.2254437872C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                2024-10-04 14:00:23 UTC746OUTGET /images/front_img/lp/lpd_installing_r2/img/done_windows_icon.svg HTTP/1.1
                                                                                                                                                                                                                                                                                                                Host: pcapp.store
                                                                                                                                                                                                                                                                                                                Connection: keep-alive
                                                                                                                                                                                                                                                                                                                sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"
                                                                                                                                                                                                                                                                                                                sec-ch-ua-mobile: ?0
                                                                                                                                                                                                                                                                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36
                                                                                                                                                                                                                                                                                                                sec-ch-ua-platform: "Windows"
                                                                                                                                                                                                                                                                                                                Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
                                                                                                                                                                                                                                                                                                                Sec-Fetch-Site: same-origin
                                                                                                                                                                                                                                                                                                                Sec-Fetch-Mode: no-cors
                                                                                                                                                                                                                                                                                                                Sec-Fetch-Dest: image
                                                                                                                                                                                                                                                                                                                Referer: https://pcapp.store/?p=lpd_installing_r2&guid=71434D56-1548-ED3D-AEE6-C75AECD93BF0&_fcid=1728048003008516&_winver=19045&version=fa.1091x
                                                                                                                                                                                                                                                                                                                Accept-Encoding: gzip, deflate, br
                                                                                                                                                                                                                                                                                                                Accept-Language: en-US,en;q=0.9
                                                                                                                                                                                                                                                                                                                2024-10-04 14:00:23 UTC327INHTTP/1.1 301 Moved Permanently
                                                                                                                                                                                                                                                                                                                Server: nginx
                                                                                                                                                                                                                                                                                                                Date: Fri, 04 Oct 2024 14:00:23 GMT
                                                                                                                                                                                                                                                                                                                Content-Type: text/html
                                                                                                                                                                                                                                                                                                                Content-Length: 162
                                                                                                                                                                                                                                                                                                                Connection: close
                                                                                                                                                                                                                                                                                                                Location: https://repository.pcapp.store/pcapp/images/front_img/lp/lpd_installing_r2/img/done_windows_icon.svg
                                                                                                                                                                                                                                                                                                                Strict-Transport-Security: max-age=31536000; includeSubDomains
                                                                                                                                                                                                                                                                                                                2024-10-04 14:00:23 UTC162INData Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 33 30 31 20 4d 6f 76 65 64 20 50 65 72 6d 61 6e 65 6e 74 6c 79 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 33 30 31 20 4d 6f 76 65 64 20 50 65 72 6d 61 6e 65 6e 74 6c 79 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                                                                                                                                                                                                                                                                                                                Data Ascii: <html><head><title>301 Moved Permanently</title></head><body><center><h1>301 Moved Permanently</h1></center><hr><center>nginx</center></body></html>


                                                                                                                                                                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                                10192.168.2.449750104.248.126.2254437872C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                2024-10-04 14:00:23 UTC634OUTGET /src/main.js HTTP/1.1
                                                                                                                                                                                                                                                                                                                Host: pcapp.store
                                                                                                                                                                                                                                                                                                                Connection: keep-alive
                                                                                                                                                                                                                                                                                                                sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"
                                                                                                                                                                                                                                                                                                                sec-ch-ua-mobile: ?0
                                                                                                                                                                                                                                                                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36
                                                                                                                                                                                                                                                                                                                sec-ch-ua-platform: "Windows"
                                                                                                                                                                                                                                                                                                                Accept: */*
                                                                                                                                                                                                                                                                                                                Sec-Fetch-Site: same-origin
                                                                                                                                                                                                                                                                                                                Sec-Fetch-Mode: no-cors
                                                                                                                                                                                                                                                                                                                Sec-Fetch-Dest: script
                                                                                                                                                                                                                                                                                                                Referer: https://pcapp.store/?p=lpd_installing_r2&guid=71434D56-1548-ED3D-AEE6-C75AECD93BF0&_fcid=1728048003008516&_winver=19045&version=fa.1091x
                                                                                                                                                                                                                                                                                                                Accept-Encoding: gzip, deflate, br
                                                                                                                                                                                                                                                                                                                Accept-Language: en-US,en;q=0.9
                                                                                                                                                                                                                                                                                                                2024-10-04 14:00:23 UTC362INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                Server: nginx
                                                                                                                                                                                                                                                                                                                Date: Fri, 04 Oct 2024 14:00:23 GMT
                                                                                                                                                                                                                                                                                                                Content-Type: application/javascript
                                                                                                                                                                                                                                                                                                                Content-Length: 234
                                                                                                                                                                                                                                                                                                                Connection: close
                                                                                                                                                                                                                                                                                                                Vary: Accept-Encoding
                                                                                                                                                                                                                                                                                                                Vary: Accept-Encoding
                                                                                                                                                                                                                                                                                                                Strict-Transport-Security: max-age=31536000; includeSubDomains
                                                                                                                                                                                                                                                                                                                Accept-Ranges: bytes
                                                                                                                                                                                                                                                                                                                Cache-Control: no-store, no-cache, must-revalidate, proxy-revalidate, max-age=0
                                                                                                                                                                                                                                                                                                                2024-10-04 14:00:23 UTC234INData Raw: 69 66 20 28 74 79 70 65 6f 66 20 70 69 78 65 6c 45 76 65 6e 74 20 21 3d 20 22 66 75 6e 63 74 69 6f 6e 22 29 20 7b 0a 20 20 76 61 72 20 73 31 20 3d 20 64 6f 63 75 6d 65 6e 74 2e 63 72 65 61 74 65 45 6c 65 6d 65 6e 74 28 22 73 63 72 69 70 74 22 29 2c 0a 20 20 20 20 73 30 20 3d 20 64 6f 63 75 6d 65 6e 74 2e 67 65 74 45 6c 65 6d 65 6e 74 73 42 79 54 61 67 4e 61 6d 65 28 22 73 63 72 69 70 74 22 29 5b 30 5d 3b 0a 20 20 73 31 2e 73 72 63 20 3d 20 22 2f 73 72 63 2f 6d 61 69 6e 5f 63 6f 64 65 2e 6a 73 3f 6e 6f 63 61 63 68 65 3d 31 36 35 33 32 38 31 32 33 31 36 39 32 35 34 33 22 3b 0a 20 20 73 30 2e 70 61 72 65 6e 74 4e 6f 64 65 2e 69 6e 73 65 72 74 42 65 66 6f 72 65 28 73 31 2c 20 73 30 29 3b 0a 7d 0a
                                                                                                                                                                                                                                                                                                                Data Ascii: if (typeof pixelEvent != "function") { var s1 = document.createElement("script"), s0 = document.getElementsByTagName("script")[0]; s1.src = "/src/main_code.js?nocache=1653281231692543"; s0.parentNode.insertBefore(s1, s0);}


                                                                                                                                                                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                                11192.168.2.449752104.248.126.2254437872C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                2024-10-04 14:00:23 UTC694OUTGET /lp/lpd_installing_r2/src/lpd_installing_r2.min.js?nocache=1709636059406 HTTP/1.1
                                                                                                                                                                                                                                                                                                                Host: pcapp.store
                                                                                                                                                                                                                                                                                                                Connection: keep-alive
                                                                                                                                                                                                                                                                                                                sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"
                                                                                                                                                                                                                                                                                                                sec-ch-ua-mobile: ?0
                                                                                                                                                                                                                                                                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36
                                                                                                                                                                                                                                                                                                                sec-ch-ua-platform: "Windows"
                                                                                                                                                                                                                                                                                                                Accept: */*
                                                                                                                                                                                                                                                                                                                Sec-Fetch-Site: same-origin
                                                                                                                                                                                                                                                                                                                Sec-Fetch-Mode: no-cors
                                                                                                                                                                                                                                                                                                                Sec-Fetch-Dest: script
                                                                                                                                                                                                                                                                                                                Referer: https://pcapp.store/?p=lpd_installing_r2&guid=71434D56-1548-ED3D-AEE6-C75AECD93BF0&_fcid=1728048003008516&_winver=19045&version=fa.1091x
                                                                                                                                                                                                                                                                                                                Accept-Encoding: gzip, deflate, br
                                                                                                                                                                                                                                                                                                                Accept-Language: en-US,en;q=0.9
                                                                                                                                                                                                                                                                                                                2024-10-04 14:00:23 UTC363INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                Server: nginx
                                                                                                                                                                                                                                                                                                                Date: Fri, 04 Oct 2024 14:00:23 GMT
                                                                                                                                                                                                                                                                                                                Content-Type: application/javascript
                                                                                                                                                                                                                                                                                                                Content-Length: 9559
                                                                                                                                                                                                                                                                                                                Connection: close
                                                                                                                                                                                                                                                                                                                Vary: Accept-Encoding
                                                                                                                                                                                                                                                                                                                Vary: Accept-Encoding
                                                                                                                                                                                                                                                                                                                Strict-Transport-Security: max-age=31536000; includeSubDomains
                                                                                                                                                                                                                                                                                                                Accept-Ranges: bytes
                                                                                                                                                                                                                                                                                                                Cache-Control: no-store, no-cache, must-revalidate, proxy-revalidate, max-age=0
                                                                                                                                                                                                                                                                                                                2024-10-04 14:00:23 UTC9559INData Raw: 22 75 73 65 20 73 74 72 69 63 74 22 3b 0a 0a 66 75 6e 63 74 69 6f 6e 20 5f 74 79 70 65 6f 66 28 6f 62 6a 29 20 7b 20 22 40 62 61 62 65 6c 2f 68 65 6c 70 65 72 73 20 2d 20 74 79 70 65 6f 66 22 3b 20 72 65 74 75 72 6e 20 5f 74 79 70 65 6f 66 20 3d 20 22 66 75 6e 63 74 69 6f 6e 22 20 3d 3d 20 74 79 70 65 6f 66 20 53 79 6d 62 6f 6c 20 26 26 20 22 73 79 6d 62 6f 6c 22 20 3d 3d 20 74 79 70 65 6f 66 20 53 79 6d 62 6f 6c 2e 69 74 65 72 61 74 6f 72 20 3f 20 66 75 6e 63 74 69 6f 6e 20 28 6f 62 6a 29 20 7b 20 72 65 74 75 72 6e 20 74 79 70 65 6f 66 20 6f 62 6a 3b 20 7d 20 3a 20 66 75 6e 63 74 69 6f 6e 20 28 6f 62 6a 29 20 7b 20 72 65 74 75 72 6e 20 6f 62 6a 20 26 26 20 22 66 75 6e 63 74 69 6f 6e 22 20 3d 3d 20 74 79 70 65 6f 66 20 53 79 6d 62 6f 6c 20 26 26 20 6f 62
                                                                                                                                                                                                                                                                                                                Data Ascii: "use strict";function _typeof(obj) { "@babel/helpers - typeof"; return _typeof = "function" == typeof Symbol && "symbol" == typeof Symbol.iterator ? function (obj) { return typeof obj; } : function (obj) { return obj && "function" == typeof Symbol && ob


                                                                                                                                                                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                                12192.168.2.449753104.248.126.2254437872C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                2024-10-04 14:00:23 UTC733OUTGET /images/front_img/lp/lpd_installing_r2/img/done_cursor_icon.svg HTTP/1.1
                                                                                                                                                                                                                                                                                                                Host: pcapp.store
                                                                                                                                                                                                                                                                                                                Connection: keep-alive
                                                                                                                                                                                                                                                                                                                sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"
                                                                                                                                                                                                                                                                                                                sec-ch-ua-mobile: ?0
                                                                                                                                                                                                                                                                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36
                                                                                                                                                                                                                                                                                                                sec-ch-ua-platform: "Windows"
                                                                                                                                                                                                                                                                                                                Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
                                                                                                                                                                                                                                                                                                                Sec-Fetch-Site: same-origin
                                                                                                                                                                                                                                                                                                                Sec-Fetch-Mode: no-cors
                                                                                                                                                                                                                                                                                                                Sec-Fetch-Dest: image
                                                                                                                                                                                                                                                                                                                Referer: https://pcapp.store/lp/lpd_installing_r2/src/lpd_installing_r2.min.css?nocache=1709636059406
                                                                                                                                                                                                                                                                                                                Accept-Encoding: gzip, deflate, br
                                                                                                                                                                                                                                                                                                                Accept-Language: en-US,en;q=0.9
                                                                                                                                                                                                                                                                                                                Cookie: _fcid=1728048003008516
                                                                                                                                                                                                                                                                                                                2024-10-04 14:00:23 UTC326INHTTP/1.1 301 Moved Permanently
                                                                                                                                                                                                                                                                                                                Server: nginx
                                                                                                                                                                                                                                                                                                                Date: Fri, 04 Oct 2024 14:00:23 GMT
                                                                                                                                                                                                                                                                                                                Content-Type: text/html
                                                                                                                                                                                                                                                                                                                Content-Length: 162
                                                                                                                                                                                                                                                                                                                Connection: close
                                                                                                                                                                                                                                                                                                                Location: https://repository.pcapp.store/pcapp/images/front_img/lp/lpd_installing_r2/img/done_cursor_icon.svg
                                                                                                                                                                                                                                                                                                                Strict-Transport-Security: max-age=31536000; includeSubDomains
                                                                                                                                                                                                                                                                                                                2024-10-04 14:00:23 UTC162INData Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 33 30 31 20 4d 6f 76 65 64 20 50 65 72 6d 61 6e 65 6e 74 6c 79 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 33 30 31 20 4d 6f 76 65 64 20 50 65 72 6d 61 6e 65 6e 74 6c 79 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                                                                                                                                                                                                                                                                                                                Data Ascii: <html><head><title>301 Moved Permanently</title></head><body><center><h1>301 Moved Permanently</h1></center><hr><center>nginx</center></body></html>


                                                                                                                                                                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                                13192.168.2.44975745.32.1.234437872C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                2024-10-04 14:00:24 UTC378OUTGET /src/main.js HTTP/1.1
                                                                                                                                                                                                                                                                                                                Host: pcapp.store
                                                                                                                                                                                                                                                                                                                Connection: keep-alive
                                                                                                                                                                                                                                                                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36
                                                                                                                                                                                                                                                                                                                Accept: */*
                                                                                                                                                                                                                                                                                                                Sec-Fetch-Site: none
                                                                                                                                                                                                                                                                                                                Sec-Fetch-Mode: cors
                                                                                                                                                                                                                                                                                                                Sec-Fetch-Dest: empty
                                                                                                                                                                                                                                                                                                                Accept-Encoding: gzip, deflate, br
                                                                                                                                                                                                                                                                                                                Accept-Language: en-US,en;q=0.9
                                                                                                                                                                                                                                                                                                                Cookie: _fcid=1728048003008516
                                                                                                                                                                                                                                                                                                                2024-10-04 14:00:24 UTC362INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                Server: nginx
                                                                                                                                                                                                                                                                                                                Date: Fri, 04 Oct 2024 14:00:24 GMT
                                                                                                                                                                                                                                                                                                                Content-Type: application/javascript
                                                                                                                                                                                                                                                                                                                Content-Length: 234
                                                                                                                                                                                                                                                                                                                Connection: close
                                                                                                                                                                                                                                                                                                                Vary: Accept-Encoding
                                                                                                                                                                                                                                                                                                                Vary: Accept-Encoding
                                                                                                                                                                                                                                                                                                                Strict-Transport-Security: max-age=31536000; includeSubDomains
                                                                                                                                                                                                                                                                                                                Accept-Ranges: bytes
                                                                                                                                                                                                                                                                                                                Cache-Control: no-store, no-cache, must-revalidate, proxy-revalidate, max-age=0
                                                                                                                                                                                                                                                                                                                2024-10-04 14:00:24 UTC234INData Raw: 69 66 20 28 74 79 70 65 6f 66 20 70 69 78 65 6c 45 76 65 6e 74 20 21 3d 20 22 66 75 6e 63 74 69 6f 6e 22 29 20 7b 0a 20 20 76 61 72 20 73 31 20 3d 20 64 6f 63 75 6d 65 6e 74 2e 63 72 65 61 74 65 45 6c 65 6d 65 6e 74 28 22 73 63 72 69 70 74 22 29 2c 0a 20 20 20 20 73 30 20 3d 20 64 6f 63 75 6d 65 6e 74 2e 67 65 74 45 6c 65 6d 65 6e 74 73 42 79 54 61 67 4e 61 6d 65 28 22 73 63 72 69 70 74 22 29 5b 30 5d 3b 0a 20 20 73 31 2e 73 72 63 20 3d 20 22 2f 73 72 63 2f 6d 61 69 6e 5f 63 6f 64 65 2e 6a 73 3f 6e 6f 63 61 63 68 65 3d 31 36 35 33 32 38 31 32 33 31 36 39 32 35 34 33 22 3b 0a 20 20 73 30 2e 70 61 72 65 6e 74 4e 6f 64 65 2e 69 6e 73 65 72 74 42 65 66 6f 72 65 28 73 31 2c 20 73 30 29 3b 0a 7d 0a
                                                                                                                                                                                                                                                                                                                Data Ascii: if (typeof pixelEvent != "function") { var s1 = document.createElement("script"), s0 = document.getElementsByTagName("script")[0]; s1.src = "/src/main_code.js?nocache=1653281231692543"; s0.parentNode.insertBefore(s1, s0);}


                                                                                                                                                                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                                14192.168.2.44975845.32.1.234437872C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                2024-10-04 14:00:24 UTC438OUTGET /lp/lpd_installing_r2/src/lpd_installing_r2.min.js?nocache=1709636059406 HTTP/1.1
                                                                                                                                                                                                                                                                                                                Host: pcapp.store
                                                                                                                                                                                                                                                                                                                Connection: keep-alive
                                                                                                                                                                                                                                                                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36
                                                                                                                                                                                                                                                                                                                Accept: */*
                                                                                                                                                                                                                                                                                                                Sec-Fetch-Site: none
                                                                                                                                                                                                                                                                                                                Sec-Fetch-Mode: cors
                                                                                                                                                                                                                                                                                                                Sec-Fetch-Dest: empty
                                                                                                                                                                                                                                                                                                                Accept-Encoding: gzip, deflate, br
                                                                                                                                                                                                                                                                                                                Accept-Language: en-US,en;q=0.9
                                                                                                                                                                                                                                                                                                                Cookie: _fcid=1728048003008516
                                                                                                                                                                                                                                                                                                                2024-10-04 14:00:24 UTC363INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                Server: nginx
                                                                                                                                                                                                                                                                                                                Date: Fri, 04 Oct 2024 14:00:24 GMT
                                                                                                                                                                                                                                                                                                                Content-Type: application/javascript
                                                                                                                                                                                                                                                                                                                Content-Length: 9559
                                                                                                                                                                                                                                                                                                                Connection: close
                                                                                                                                                                                                                                                                                                                Vary: Accept-Encoding
                                                                                                                                                                                                                                                                                                                Vary: Accept-Encoding
                                                                                                                                                                                                                                                                                                                Strict-Transport-Security: max-age=31536000; includeSubDomains
                                                                                                                                                                                                                                                                                                                Accept-Ranges: bytes
                                                                                                                                                                                                                                                                                                                Cache-Control: no-store, no-cache, must-revalidate, proxy-revalidate, max-age=0
                                                                                                                                                                                                                                                                                                                2024-10-04 14:00:24 UTC9559INData Raw: 22 75 73 65 20 73 74 72 69 63 74 22 3b 0a 0a 66 75 6e 63 74 69 6f 6e 20 5f 74 79 70 65 6f 66 28 6f 62 6a 29 20 7b 20 22 40 62 61 62 65 6c 2f 68 65 6c 70 65 72 73 20 2d 20 74 79 70 65 6f 66 22 3b 20 72 65 74 75 72 6e 20 5f 74 79 70 65 6f 66 20 3d 20 22 66 75 6e 63 74 69 6f 6e 22 20 3d 3d 20 74 79 70 65 6f 66 20 53 79 6d 62 6f 6c 20 26 26 20 22 73 79 6d 62 6f 6c 22 20 3d 3d 20 74 79 70 65 6f 66 20 53 79 6d 62 6f 6c 2e 69 74 65 72 61 74 6f 72 20 3f 20 66 75 6e 63 74 69 6f 6e 20 28 6f 62 6a 29 20 7b 20 72 65 74 75 72 6e 20 74 79 70 65 6f 66 20 6f 62 6a 3b 20 7d 20 3a 20 66 75 6e 63 74 69 6f 6e 20 28 6f 62 6a 29 20 7b 20 72 65 74 75 72 6e 20 6f 62 6a 20 26 26 20 22 66 75 6e 63 74 69 6f 6e 22 20 3d 3d 20 74 79 70 65 6f 66 20 53 79 6d 62 6f 6c 20 26 26 20 6f 62
                                                                                                                                                                                                                                                                                                                Data Ascii: "use strict";function _typeof(obj) { "@babel/helpers - typeof"; return _typeof = "function" == typeof Symbol && "symbol" == typeof Symbol.iterator ? function (obj) { return typeof obj; } : function (obj) { return obj && "function" == typeof Symbol && ob


                                                                                                                                                                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                                15192.168.2.449774104.248.126.2254437872C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                2024-10-04 14:00:25 UTC924OUTPOST /api/api.php HTTP/1.1
                                                                                                                                                                                                                                                                                                                Host: pcapp.store
                                                                                                                                                                                                                                                                                                                Connection: keep-alive
                                                                                                                                                                                                                                                                                                                Content-Length: 74
                                                                                                                                                                                                                                                                                                                sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"
                                                                                                                                                                                                                                                                                                                sec-ch-ua-platform: "Windows"
                                                                                                                                                                                                                                                                                                                sec-ch-ua-mobile: ?0
                                                                                                                                                                                                                                                                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36
                                                                                                                                                                                                                                                                                                                Content-Type: application/json;charset=UTF-8
                                                                                                                                                                                                                                                                                                                Accept: */*
                                                                                                                                                                                                                                                                                                                Origin: https://pcapp.store
                                                                                                                                                                                                                                                                                                                Sec-Fetch-Site: same-origin
                                                                                                                                                                                                                                                                                                                Sec-Fetch-Mode: cors
                                                                                                                                                                                                                                                                                                                Sec-Fetch-Dest: empty
                                                                                                                                                                                                                                                                                                                Referer: https://pcapp.store/?p=lpd_installing_r2&guid=71434D56-1548-ED3D-AEE6-C75AECD93BF0&_fcid=1728048003008516&_winver=19045&version=fa.1091x
                                                                                                                                                                                                                                                                                                                Accept-Encoding: gzip, deflate, br
                                                                                                                                                                                                                                                                                                                Accept-Language: en-US,en;q=0.9
                                                                                                                                                                                                                                                                                                                Cookie: _fcid=1728048003008516; _gcl_au=1.1.1413056622.1728050423; _ga_VFQWFX3X1C=GS1.1.1728050423.1.0.1728050423.60.0.0; _ga=GA1.1.1613511744.1728050423; guid=71434D56-1548-ED3D-AEE6-C75AECD93BF0
                                                                                                                                                                                                                                                                                                                2024-10-04 14:00:25 UTC74OUTData Raw: 7b 22 63 22 3a 22 66 72 6f 6e 74 22 2c 22 61 22 3a 22 74 72 69 67 67 65 72 22 2c 22 70 22 3a 7b 22 74 22 3a 22 66 69 6e 69 73 68 49 6e 73 74 61 6c 6c 46 61 22 2c 22 77 73 22 3a 74 72 75 65 2c 22 61 64 64 22 3a 7b 7d 7d 7d
                                                                                                                                                                                                                                                                                                                Data Ascii: {"c":"front","a":"trigger","p":{"t":"finishInstallFa","ws":true,"add":{}}}
                                                                                                                                                                                                                                                                                                                2024-10-04 14:00:25 UTC551INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                Server: nginx
                                                                                                                                                                                                                                                                                                                Date: Fri, 04 Oct 2024 14:00:25 GMT
                                                                                                                                                                                                                                                                                                                Content-Type: application/json
                                                                                                                                                                                                                                                                                                                Transfer-Encoding: chunked
                                                                                                                                                                                                                                                                                                                Connection: close
                                                                                                                                                                                                                                                                                                                Vary: Accept-Encoding
                                                                                                                                                                                                                                                                                                                Vary: Accept-Encoding
                                                                                                                                                                                                                                                                                                                Access-Control-Allow-Origin: https://pcapp.store
                                                                                                                                                                                                                                                                                                                Access-Control-Allow-Credentials: true
                                                                                                                                                                                                                                                                                                                Access-Control-Allow-Methods: GET, POST, OPTIONS
                                                                                                                                                                                                                                                                                                                Access-Control-Allow-Headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
                                                                                                                                                                                                                                                                                                                Cache-Control: no-store, no-cache, must-revalidate, proxy-revalidate, max-age=0
                                                                                                                                                                                                                                                                                                                2024-10-04 14:00:25 UTC215INData Raw: 63 63 0d 0a 7b 22 73 74 61 74 65 22 3a 22 6f 6b 22 2c 22 72 65 73 75 6c 74 22 3a 22 5c 6e 20 20 67 74 61 67 28 27 65 76 65 6e 74 27 2c 20 27 63 6f 6e 76 65 72 73 69 6f 6e 27 2c 20 7b 5c 6e 20 20 20 20 20 20 27 73 65 6e 64 5f 74 6f 27 3a 20 27 41 57 2d 38 35 38 31 32 38 32 31 30 5c 2f 6b 54 61 46 43 49 75 71 30 59 59 5a 45 4e 4c 2d 6c 35 6b 44 27 2c 5c 6e 20 20 20 20 20 20 27 76 61 6c 75 65 27 3a 20 31 2e 30 2c 5c 6e 20 20 20 20 20 20 27 63 75 72 72 65 6e 63 79 27 3a 20 27 55 53 44 27 2c 5c 6e 20 20 20 20 20 20 27 61 77 5f 72 65 6d 61 72 6b 65 74 69 6e 67 5f 6f 6e 6c 79 27 3a 20 74 72 75 65 5c 6e 20 20 7d 29 3b 22 7d 0d 0a 30 0d 0a 0d 0a
                                                                                                                                                                                                                                                                                                                Data Ascii: cc{"state":"ok","result":"\n gtag('event', 'conversion', {\n 'send_to': 'AW-858128210\/kTaFCIuq0YYZENL-l5kD',\n 'value': 1.0,\n 'currency': 'USD',\n 'aw_remarketing_only': true\n });"}0


                                                                                                                                                                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                                16192.168.2.449762195.181.170.184437872C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                2024-10-04 14:00:25 UTC677OUTGET /pcapp/images/front_img/lp/lpd_installing_r2/img/done_windows_icon.svg HTTP/1.1
                                                                                                                                                                                                                                                                                                                Host: repository.pcapp.store
                                                                                                                                                                                                                                                                                                                Connection: keep-alive
                                                                                                                                                                                                                                                                                                                sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"
                                                                                                                                                                                                                                                                                                                sec-ch-ua-mobile: ?0
                                                                                                                                                                                                                                                                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36
                                                                                                                                                                                                                                                                                                                sec-ch-ua-platform: "Windows"
                                                                                                                                                                                                                                                                                                                Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
                                                                                                                                                                                                                                                                                                                Sec-Fetch-Site: same-site
                                                                                                                                                                                                                                                                                                                Sec-Fetch-Mode: no-cors
                                                                                                                                                                                                                                                                                                                Sec-Fetch-Dest: image
                                                                                                                                                                                                                                                                                                                Referer: https://pcapp.store/
                                                                                                                                                                                                                                                                                                                Accept-Encoding: gzip, deflate, br
                                                                                                                                                                                                                                                                                                                Accept-Language: en-US,en;q=0.9
                                                                                                                                                                                                                                                                                                                Cookie: _fcid=1728048003008516
                                                                                                                                                                                                                                                                                                                2024-10-04 14:00:25 UTC743INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                Date: Fri, 04 Oct 2024 14:00:25 GMT
                                                                                                                                                                                                                                                                                                                Content-Type: image/svg+xml
                                                                                                                                                                                                                                                                                                                Content-Length: 2118
                                                                                                                                                                                                                                                                                                                Connection: close
                                                                                                                                                                                                                                                                                                                x-amz-id-2: VnXbMdQrMnDZ7RxRcp9Z9nX5AOhWlZ7/zrE6KB6T0/LE6m3Vo4OpWV+2fZVthwSD1SjXgpKMgrE=
                                                                                                                                                                                                                                                                                                                x-amz-request-id: 0VTPN0WH96JBTFRZ
                                                                                                                                                                                                                                                                                                                Last-Modified: Wed, 28 Feb 2024 14:20:34 GMT
                                                                                                                                                                                                                                                                                                                ETag: "1039640cf0666a1621d55c9e9fa81439"
                                                                                                                                                                                                                                                                                                                x-amz-server-side-encryption: AES256
                                                                                                                                                                                                                                                                                                                x-amz-version-id: TOr7Qz1D1UcT8CbM_PbCtRSNYTOORIzt
                                                                                                                                                                                                                                                                                                                X-77-NZT: EggBw7WqEQFBDAHUZjgRAbdX2QsA
                                                                                                                                                                                                                                                                                                                X-77-NZT-Ray: 4c156224b6e35371f9f4ff660c2d2d16
                                                                                                                                                                                                                                                                                                                X-Accel-Expires: @1728310690
                                                                                                                                                                                                                                                                                                                X-Accel-Date: 1727273890
                                                                                                                                                                                                                                                                                                                X-Accel-Date-Max: 1709647894
                                                                                                                                                                                                                                                                                                                X-77-Cache: HIT
                                                                                                                                                                                                                                                                                                                X-77-Age: 776535
                                                                                                                                                                                                                                                                                                                Vary: Accept-Encoding
                                                                                                                                                                                                                                                                                                                Server: CDN77-Turbo
                                                                                                                                                                                                                                                                                                                X-Cache: MISS
                                                                                                                                                                                                                                                                                                                X-77-POP: frankfurtDE
                                                                                                                                                                                                                                                                                                                Accept-Ranges: bytes
                                                                                                                                                                                                                                                                                                                2024-10-04 14:00:25 UTC2118INData Raw: 3c 73 76 67 20 77 69 64 74 68 3d 22 31 33 32 22 20 68 65 69 67 68 74 3d 22 31 33 32 22 20 76 69 65 77 42 6f 78 3d 22 30 20 30 20 31 33 32 20 31 33 32 22 20 66 69 6c 6c 3d 22 6e 6f 6e 65 22 20 78 6d 6c 6e 73 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 32 30 30 30 2f 73 76 67 22 3e 3c 67 20 66 69 6c 74 65 72 3d 22 75 72 6c 28 23 66 69 6c 74 65 72 30 5f 64 5f 35 33 39 5f 32 37 39 29 22 3e 3c 70 61 74 68 20 64 3d 22 4d 31 36 20 31 32 2e 35 41 34 2e 35 20 34 2e 35 20 30 20 30 31 32 30 2e 35 20 38 68 39 31 61 34 2e 35 20 34 2e 35 20 30 20 30 31 34 2e 35 20 34 2e 35 76 39 31 61 34 2e 35 20 34 2e 35 20 30 20 30 31 2d 34 2e 35 20 34 2e 35 68 2d 39 31 61 34 2e 35 20 34 2e 35 20 30 20 30 31 2d 34 2e 35 2d 34 2e 35 76 2d 39 31 7a 22 20 66 69 6c 6c 3d
                                                                                                                                                                                                                                                                                                                Data Ascii: <svg width="132" height="132" viewBox="0 0 132 132" fill="none" xmlns="http://www.w3.org/2000/svg"><g filter="url(#filter0_d_539_279)"><path d="M16 12.5A4.5 4.5 0 0120.5 8h91a4.5 4.5 0 014.5 4.5v91a4.5 4.5 0 01-4.5 4.5h-91a4.5 4.5 0 01-4.5-4.5v-91z" fill=


                                                                                                                                                                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                                17192.168.2.449761195.181.170.184437872C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                2024-10-04 14:00:25 UTC676OUTGET /pcapp/images/front_img/lp/lpd_installing_r2/img/done_cursor_icon.svg HTTP/1.1
                                                                                                                                                                                                                                                                                                                Host: repository.pcapp.store
                                                                                                                                                                                                                                                                                                                Connection: keep-alive
                                                                                                                                                                                                                                                                                                                sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"
                                                                                                                                                                                                                                                                                                                sec-ch-ua-mobile: ?0
                                                                                                                                                                                                                                                                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36
                                                                                                                                                                                                                                                                                                                sec-ch-ua-platform: "Windows"
                                                                                                                                                                                                                                                                                                                Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
                                                                                                                                                                                                                                                                                                                Sec-Fetch-Site: same-site
                                                                                                                                                                                                                                                                                                                Sec-Fetch-Mode: no-cors
                                                                                                                                                                                                                                                                                                                Sec-Fetch-Dest: image
                                                                                                                                                                                                                                                                                                                Referer: https://pcapp.store/
                                                                                                                                                                                                                                                                                                                Accept-Encoding: gzip, deflate, br
                                                                                                                                                                                                                                                                                                                Accept-Language: en-US,en;q=0.9
                                                                                                                                                                                                                                                                                                                Cookie: _fcid=1728048003008516
                                                                                                                                                                                                                                                                                                                2024-10-04 14:00:25 UTC743INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                Date: Fri, 04 Oct 2024 14:00:25 GMT
                                                                                                                                                                                                                                                                                                                Content-Type: image/svg+xml
                                                                                                                                                                                                                                                                                                                Content-Length: 3592
                                                                                                                                                                                                                                                                                                                Connection: close
                                                                                                                                                                                                                                                                                                                x-amz-id-2: nywV2cgHdFC+5xdm9q5od60Stg3WCOzqeJiCQmh/9pi5qHGFAVqmwlT3LQzNI89CByuRyfZdrqs=
                                                                                                                                                                                                                                                                                                                x-amz-request-id: 2BFZWZG0VPK7E67M
                                                                                                                                                                                                                                                                                                                Last-Modified: Tue, 05 Mar 2024 14:14:52 GMT
                                                                                                                                                                                                                                                                                                                ETag: "0ffc071bc5af33d2be224cf147670471"
                                                                                                                                                                                                                                                                                                                x-amz-server-side-encryption: AES256
                                                                                                                                                                                                                                                                                                                x-amz-version-id: FNnKBFIISaAEe.nB17r6I4sGtXdi_uy2
                                                                                                                                                                                                                                                                                                                X-77-NZT: EggBw7WqEQFBDAHDta8GAbej0AYA
                                                                                                                                                                                                                                                                                                                X-77-NZT-Ray: 4c156224c1d75870f9f4ff66d6cd3916
                                                                                                                                                                                                                                                                                                                X-Accel-Expires: @1728640598
                                                                                                                                                                                                                                                                                                                X-Accel-Date: 1727603798
                                                                                                                                                                                                                                                                                                                X-Accel-Date-Max: 1726566987
                                                                                                                                                                                                                                                                                                                X-77-Cache: HIT
                                                                                                                                                                                                                                                                                                                X-77-Age: 446627
                                                                                                                                                                                                                                                                                                                Vary: Accept-Encoding
                                                                                                                                                                                                                                                                                                                Server: CDN77-Turbo
                                                                                                                                                                                                                                                                                                                X-Cache: MISS
                                                                                                                                                                                                                                                                                                                X-77-POP: frankfurtDE
                                                                                                                                                                                                                                                                                                                Accept-Ranges: bytes
                                                                                                                                                                                                                                                                                                                2024-10-04 14:00:25 UTC3592INData Raw: 3c 73 76 67 20 77 69 64 74 68 3d 22 31 30 37 22 20 68 65 69 67 68 74 3d 22 31 30 39 22 20 76 69 65 77 42 6f 78 3d 22 30 20 30 20 31 30 37 20 31 30 39 22 20 66 69 6c 6c 3d 22 6e 6f 6e 65 22 20 78 6d 6c 6e 73 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 32 30 30 30 2f 73 76 67 22 3e 3c 67 20 66 69 6c 74 65 72 3d 22 75 72 6c 28 23 66 69 6c 74 65 72 30 5f 64 5f 35 33 39 5f 32 38 36 29 22 3e 3c 70 61 74 68 20 64 3d 22 4d 37 38 2e 38 35 36 20 34 31 2e 36 31 34 63 2e 30 34 38 2d 2e 30 34 38 2e 30 39 36 2d 2e 30 34 38 2e 30 39 36 2d 2e 30 39 36 2e 30 34 38 2d 2e 30 34 38 2e 30 34 38 2d 2e 30 39 36 2e 30 34 38 2d 2e 31 34 33 76 2d 2e 31 39 32 63 30 2d 2e 30 39 36 2d 2e 30 34 38 2d 2e 31 34 34 2d 2e 30 39 36 2d 2e 32 34 61 2e 38 34 2e 38 34 20 30 20
                                                                                                                                                                                                                                                                                                                Data Ascii: <svg width="107" height="109" viewBox="0 0 107 109" fill="none" xmlns="http://www.w3.org/2000/svg"><g filter="url(#filter0_d_539_286)"><path d="M78.856 41.614c.048-.048.096-.048.096-.096.048-.048.048-.096.048-.143v-.192c0-.096-.048-.144-.096-.24a.84.84 0


                                                                                                                                                                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                                18192.168.2.449773104.248.126.2254437872C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                2024-10-04 14:00:25 UTC926OUTPOST /pixelgif.php HTTP/1.1
                                                                                                                                                                                                                                                                                                                Host: pcapp.store
                                                                                                                                                                                                                                                                                                                Connection: keep-alive
                                                                                                                                                                                                                                                                                                                Content-Length: 351
                                                                                                                                                                                                                                                                                                                sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"
                                                                                                                                                                                                                                                                                                                sec-ch-ua-platform: "Windows"
                                                                                                                                                                                                                                                                                                                sec-ch-ua-mobile: ?0
                                                                                                                                                                                                                                                                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36
                                                                                                                                                                                                                                                                                                                Content-Type: application/json;charset=UTF-8
                                                                                                                                                                                                                                                                                                                Accept: */*
                                                                                                                                                                                                                                                                                                                Origin: https://pcapp.store
                                                                                                                                                                                                                                                                                                                Sec-Fetch-Site: same-origin
                                                                                                                                                                                                                                                                                                                Sec-Fetch-Mode: cors
                                                                                                                                                                                                                                                                                                                Sec-Fetch-Dest: empty
                                                                                                                                                                                                                                                                                                                Referer: https://pcapp.store/?p=lpd_installing_r2&guid=71434D56-1548-ED3D-AEE6-C75AECD93BF0&_fcid=1728048003008516&_winver=19045&version=fa.1091x
                                                                                                                                                                                                                                                                                                                Accept-Encoding: gzip, deflate, br
                                                                                                                                                                                                                                                                                                                Accept-Language: en-US,en;q=0.9
                                                                                                                                                                                                                                                                                                                Cookie: _fcid=1728048003008516; _gcl_au=1.1.1413056622.1728050423; _ga=GA1.1.1613511744.1728050423; guid=71434D56-1548-ED3D-AEE6-C75AECD93BF0; _ga_VFQWFX3X1C=GS1.1.1728050423.1.0.1728050423.60.0.0
                                                                                                                                                                                                                                                                                                                2024-10-04 14:00:25 UTC351OUTData Raw: 7b 22 65 76 74 5f 73 72 63 22 3a 22 77 65 62 22 2c 22 65 76 74 5f 61 63 74 69 6f 6e 22 3a 22 76 69 73 74 79 70 65 22 2c 22 67 70 75 22 3a 22 47 6f 6f 67 6c 65 2c 20 56 75 6c 6b 61 6e 20 31 2e 33 2e 30 20 28 53 77 69 66 74 53 68 61 64 65 72 20 44 65 76 69 63 65 20 28 53 75 62 7a 65 72 6f 29 20 28 30 78 30 30 30 30 43 30 44 45 29 29 2c 20 53 77 69 66 74 53 68 61 64 65 72 20 64 72 69 76 65 72 29 22 2c 22 68 65 69 67 68 74 22 3a 31 32 38 30 2c 22 77 69 64 74 68 22 3a 31 30 32 34 2c 22 62 72 6f 77 73 65 72 22 3a 22 43 48 22 2c 22 62 72 6f 77 73 65 72 76 65 72 22 3a 31 31 37 2c 22 6f 73 22 3a 22 31 30 22 2c 22 63 6f 6f 6b 69 65 73 22 3a 31 2c 22 6d 65 6d 6f 72 79 22 3a 38 2c 22 7a 6f 6f 6d 22 3a 31 30 30 2c 22 76 69 64 65 6f 5f 69 6e 70 75 74 22 3a 30 2c 22 61
                                                                                                                                                                                                                                                                                                                Data Ascii: {"evt_src":"web","evt_action":"vistype","gpu":"Google, Vulkan 1.3.0 (SwiftShader Device (Subzero) (0x0000C0DE)), SwiftShader driver)","height":1280,"width":1024,"browser":"CH","browserver":117,"os":"10","cookies":1,"memory":8,"zoom":100,"video_input":0,"a
                                                                                                                                                                                                                                                                                                                2024-10-04 14:00:25 UTC498INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                Server: nginx
                                                                                                                                                                                                                                                                                                                Date: Fri, 04 Oct 2024 14:00:25 GMT
                                                                                                                                                                                                                                                                                                                Content-Type: image/png
                                                                                                                                                                                                                                                                                                                Transfer-Encoding: chunked
                                                                                                                                                                                                                                                                                                                Connection: close
                                                                                                                                                                                                                                                                                                                Access-Control-Allow-Origin: https://pcapp.store
                                                                                                                                                                                                                                                                                                                Access-Control-Allow-Credentials: true
                                                                                                                                                                                                                                                                                                                Access-Control-Allow-Methods: GET, POST, OPTIONS
                                                                                                                                                                                                                                                                                                                Access-Control-Allow-Headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
                                                                                                                                                                                                                                                                                                                Cache-Control: no-store, no-cache, must-revalidate, proxy-revalidate, max-age=0
                                                                                                                                                                                                                                                                                                                2024-10-04 14:00:25 UTC106INData Raw: 35 66 0d 0a 89 50 4e 47 0d 0a 1a 0a 00 00 00 0d 49 48 44 52 00 00 00 01 00 00 00 01 01 03 00 00 00 25 db 56 ca 00 00 00 03 50 4c 54 45 00 00 00 a7 7a 3d da 00 00 00 01 74 52 4e 53 00 40 e6 d8 66 00 00 00 0a 49 44 41 54 08 d7 63 60 00 00 00 02 00 01 e2 21 bc 33 00 00 00 00 49 45 4e 44 ae 42 60 82 0d 0a 30 0d 0a 0d 0a
                                                                                                                                                                                                                                                                                                                Data Ascii: 5fPNGIHDR%VPLTEz=tRNS@fIDATc`!3IENDB`0


                                                                                                                                                                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                                19192.168.2.449769104.248.126.2254437872C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                2024-10-04 14:00:25 UTC924OUTPOST /api/api.php HTTP/1.1
                                                                                                                                                                                                                                                                                                                Host: pcapp.store
                                                                                                                                                                                                                                                                                                                Connection: keep-alive
                                                                                                                                                                                                                                                                                                                Content-Length: 96
                                                                                                                                                                                                                                                                                                                sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"
                                                                                                                                                                                                                                                                                                                sec-ch-ua-platform: "Windows"
                                                                                                                                                                                                                                                                                                                sec-ch-ua-mobile: ?0
                                                                                                                                                                                                                                                                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36
                                                                                                                                                                                                                                                                                                                Content-Type: application/json;charset=UTF-8
                                                                                                                                                                                                                                                                                                                Accept: */*
                                                                                                                                                                                                                                                                                                                Origin: https://pcapp.store
                                                                                                                                                                                                                                                                                                                Sec-Fetch-Site: same-origin
                                                                                                                                                                                                                                                                                                                Sec-Fetch-Mode: cors
                                                                                                                                                                                                                                                                                                                Sec-Fetch-Dest: empty
                                                                                                                                                                                                                                                                                                                Referer: https://pcapp.store/?p=lpd_installing_r2&guid=71434D56-1548-ED3D-AEE6-C75AECD93BF0&_fcid=1728048003008516&_winver=19045&version=fa.1091x
                                                                                                                                                                                                                                                                                                                Accept-Encoding: gzip, deflate, br
                                                                                                                                                                                                                                                                                                                Accept-Language: en-US,en;q=0.9
                                                                                                                                                                                                                                                                                                                Cookie: _fcid=1728048003008516; _gcl_au=1.1.1413056622.1728050423; _ga=GA1.1.1613511744.1728050423; guid=71434D56-1548-ED3D-AEE6-C75AECD93BF0; _ga_VFQWFX3X1C=GS1.1.1728050423.1.0.1728050423.60.0.0
                                                                                                                                                                                                                                                                                                                2024-10-04 14:00:25 UTC96OUTData Raw: 7b 22 63 22 3a 22 66 72 6f 6e 74 2f 69 6e 73 74 61 6c 6c 69 6e 67 22 2c 22 61 22 3a 22 69 6e 73 74 61 6c 6c 53 74 61 74 75 73 22 2c 22 70 22 3a 7b 22 67 75 69 64 22 3a 22 37 31 34 33 34 44 35 36 2d 31 35 34 38 2d 45 44 33 44 2d 41 45 45 36 2d 43 37 35 41 45 43 44 39 33 42 46 30 22 7d 7d
                                                                                                                                                                                                                                                                                                                Data Ascii: {"c":"front/installing","a":"installStatus","p":{"guid":"71434D56-1548-ED3D-AEE6-C75AECD93BF0"}}
                                                                                                                                                                                                                                                                                                                2024-10-04 14:00:25 UTC551INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                Server: nginx
                                                                                                                                                                                                                                                                                                                Date: Fri, 04 Oct 2024 14:00:25 GMT
                                                                                                                                                                                                                                                                                                                Content-Type: application/json
                                                                                                                                                                                                                                                                                                                Transfer-Encoding: chunked
                                                                                                                                                                                                                                                                                                                Connection: close
                                                                                                                                                                                                                                                                                                                Vary: Accept-Encoding
                                                                                                                                                                                                                                                                                                                Vary: Accept-Encoding
                                                                                                                                                                                                                                                                                                                Access-Control-Allow-Origin: https://pcapp.store
                                                                                                                                                                                                                                                                                                                Access-Control-Allow-Credentials: true
                                                                                                                                                                                                                                                                                                                Access-Control-Allow-Methods: GET, POST, OPTIONS
                                                                                                                                                                                                                                                                                                                Access-Control-Allow-Headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
                                                                                                                                                                                                                                                                                                                Cache-Control: no-store, no-cache, must-revalidate, proxy-revalidate, max-age=0
                                                                                                                                                                                                                                                                                                                2024-10-04 14:00:25 UTC44INData Raw: 32 31 0d 0a 7b 22 73 74 61 74 65 22 3a 22 6f 6b 22 2c 22 72 65 73 75 6c 74 22 3a 22 6e 6f 20 69 6e 66 6f 22 7d 0d 0a 30 0d 0a 0d 0a
                                                                                                                                                                                                                                                                                                                Data Ascii: 21{"state":"ok","result":"no info"}0


                                                                                                                                                                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                                20192.168.2.44977164.233.167.1544437872C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                2024-10-04 14:00:25 UTC816OUTPOST /g/collect?v=2&tid=G-VFQWFX3X1C&cid=1613511744.1728050423&gtm=45je4a20v898645365za200&aip=1&dma=0&gcd=13l3l3l3l1l1&npa=0&frm=0&tag_exp=101671035~101747727 HTTP/1.1
                                                                                                                                                                                                                                                                                                                Host: stats.g.doubleclick.net
                                                                                                                                                                                                                                                                                                                Connection: keep-alive
                                                                                                                                                                                                                                                                                                                Content-Length: 0
                                                                                                                                                                                                                                                                                                                sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"
                                                                                                                                                                                                                                                                                                                sec-ch-ua-mobile: ?0
                                                                                                                                                                                                                                                                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36
                                                                                                                                                                                                                                                                                                                sec-ch-ua-platform: "Windows"
                                                                                                                                                                                                                                                                                                                Accept: */*
                                                                                                                                                                                                                                                                                                                Origin: https://pcapp.store
                                                                                                                                                                                                                                                                                                                X-Client-Data: CKq1yQEIi7bJAQiktskBCKmdygEIoOHKAQiWocsBCJz+zAEIhaDNAQi5ys0BCIrTzQEY9snNARjrjaUX
                                                                                                                                                                                                                                                                                                                Sec-Fetch-Site: cross-site
                                                                                                                                                                                                                                                                                                                Sec-Fetch-Mode: no-cors
                                                                                                                                                                                                                                                                                                                Sec-Fetch-Dest: empty
                                                                                                                                                                                                                                                                                                                Referer: https://pcapp.store/
                                                                                                                                                                                                                                                                                                                Accept-Encoding: gzip, deflate, br
                                                                                                                                                                                                                                                                                                                Accept-Language: en-US,en;q=0.9
                                                                                                                                                                                                                                                                                                                2024-10-04 14:00:25 UTC842INHTTP/1.1 204 No Content
                                                                                                                                                                                                                                                                                                                Access-Control-Allow-Origin: https://pcapp.store
                                                                                                                                                                                                                                                                                                                Date: Fri, 04 Oct 2024 14:00:25 GMT
                                                                                                                                                                                                                                                                                                                Pragma: no-cache
                                                                                                                                                                                                                                                                                                                Expires: Fri, 01 Jan 1990 00:00:00 GMT
                                                                                                                                                                                                                                                                                                                Cache-Control: no-cache, no-store, must-revalidate
                                                                                                                                                                                                                                                                                                                Access-Control-Allow-Credentials: true
                                                                                                                                                                                                                                                                                                                Content-Type: text/plain
                                                                                                                                                                                                                                                                                                                Cross-Origin-Resource-Policy: cross-origin
                                                                                                                                                                                                                                                                                                                Content-Security-Policy-Report-Only: script-src 'none'; form-action 'none'; frame-src 'none'; report-uri https://csp.withgoogle.com/csp/scaffolding/ascnsrsggc:111:0
                                                                                                                                                                                                                                                                                                                Cross-Origin-Opener-Policy-Report-Only: same-origin; report-to=coop_reporting
                                                                                                                                                                                                                                                                                                                Report-To: {"group":"coop_reporting","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/scaffolding/ascnsrsggc:111:0"}],}
                                                                                                                                                                                                                                                                                                                Server: Golfe2
                                                                                                                                                                                                                                                                                                                Content-Length: 0
                                                                                                                                                                                                                                                                                                                Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                                                                                                                                                                                                                                                Connection: close


                                                                                                                                                                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                                21192.168.2.449770216.239.32.1814437872C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                2024-10-04 14:00:25 UTC1313OUTPOST /g/collect?v=2&tid=G-VFQWFX3X1C&gtm=45je4a20v898645365za200&_p=1728050422277&_gaz=1&gcd=13l3l3l3l1l1&npa=0&dma=0&tag_exp=101671035~101747727&cid=1613511744.1728050423&ul=en-us&sr=1280x1024&uaa=x86&uab=64&uafvl=Google%2520Chrome%3B117.0.5938.132%7CNot%253BA%253DBrand%3B8.0.0.0%7CChromium%3B117.0.5938.132&uamb=0&uam=&uap=Windows&uapv=10.0.0&uaw=0&are=1&pae=1&frm=0&pscdl=noapi&_s=1&sid=1728050423&sct=1&seg=0&dl=https%3A%2F%2Fpcapp.store%2F%3Fp%3Dlpd_installing_r2%26guid%3D71434D56-1548-ED3D-AEE6-C75AECD93BF0%26_fcid%3D1728048003008516%26_winver%3D19045%26version%3Dfa.1091x&dt=APP%20STORE%3A%20Installing&en=page_view&_fv=1&_nsi=1&_ss=1&_ee=1&tfd=4274 HTTP/1.1
                                                                                                                                                                                                                                                                                                                Host: analytics.google.com
                                                                                                                                                                                                                                                                                                                Connection: keep-alive
                                                                                                                                                                                                                                                                                                                Content-Length: 0
                                                                                                                                                                                                                                                                                                                sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"
                                                                                                                                                                                                                                                                                                                sec-ch-ua-mobile: ?0
                                                                                                                                                                                                                                                                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36
                                                                                                                                                                                                                                                                                                                sec-ch-ua-platform: "Windows"
                                                                                                                                                                                                                                                                                                                Accept: */*
                                                                                                                                                                                                                                                                                                                Origin: https://pcapp.store
                                                                                                                                                                                                                                                                                                                X-Client-Data: CKq1yQEIi7bJAQiktskBCKmdygEIoOHKAQiWocsBCJz+zAEIhaDNAQi5ys0BCIrTzQEY9snNARjrjaUX
                                                                                                                                                                                                                                                                                                                Sec-Fetch-Site: cross-site
                                                                                                                                                                                                                                                                                                                Sec-Fetch-Mode: no-cors
                                                                                                                                                                                                                                                                                                                Sec-Fetch-Dest: empty
                                                                                                                                                                                                                                                                                                                Referer: https://pcapp.store/
                                                                                                                                                                                                                                                                                                                Accept-Encoding: gzip, deflate, br
                                                                                                                                                                                                                                                                                                                Accept-Language: en-US,en;q=0.9
                                                                                                                                                                                                                                                                                                                2024-10-04 14:00:25 UTC842INHTTP/1.1 204 No Content
                                                                                                                                                                                                                                                                                                                Access-Control-Allow-Origin: https://pcapp.store
                                                                                                                                                                                                                                                                                                                Date: Fri, 04 Oct 2024 14:00:25 GMT
                                                                                                                                                                                                                                                                                                                Pragma: no-cache
                                                                                                                                                                                                                                                                                                                Expires: Fri, 01 Jan 1990 00:00:00 GMT
                                                                                                                                                                                                                                                                                                                Cache-Control: no-cache, no-store, must-revalidate
                                                                                                                                                                                                                                                                                                                Access-Control-Allow-Credentials: true
                                                                                                                                                                                                                                                                                                                Content-Type: text/plain
                                                                                                                                                                                                                                                                                                                Cross-Origin-Resource-Policy: cross-origin
                                                                                                                                                                                                                                                                                                                Content-Security-Policy-Report-Only: script-src 'none'; form-action 'none'; frame-src 'none'; report-uri https://csp.withgoogle.com/csp/scaffolding/ascnsrsggc:136:0
                                                                                                                                                                                                                                                                                                                Cross-Origin-Opener-Policy-Report-Only: same-origin; report-to=coop_reporting
                                                                                                                                                                                                                                                                                                                Report-To: {"group":"coop_reporting","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/scaffolding/ascnsrsggc:136:0"}],}
                                                                                                                                                                                                                                                                                                                Server: Golfe2
                                                                                                                                                                                                                                                                                                                Content-Length: 0
                                                                                                                                                                                                                                                                                                                Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                                                                                                                                                                                                                                                Connection: close


                                                                                                                                                                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                                22192.168.2.449768142.250.185.984437872C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                2024-10-04 14:00:25 UTC1437OUTGET /td/rul/858128210?random=1728050423031&cv=11&fst=1728050423031&fmt=3&bg=ffffff&guid=ON&async=1&gtm=45be4a20v9103256652za200&gcd=13l3l3l3l1l1&dma=0&tag_exp=101671035~101747727&u_w=1280&u_h=1024&url=https%3A%2F%2Fpcapp.store%2F%3Fp%3Dlpd_installing_r2%26guid%3D71434D56-1548-ED3D-AEE6-C75AECD93BF0%26_fcid%3D1728048003008516%26_winver%3D19045%26version%3Dfa.1091x&hn=www.googleadservices.com&frm=0&tiba=APP%20STORE%3A%20Installing&npa=0&pscdl=noapi&auid=1413056622.1728050423&uaa=x86&uab=64&uafvl=Google%2520Chrome%3B117.0.5938.132%7CNot%253BA%253DBrand%3B8.0.0.0%7CChromium%3B117.0.5938.132&uamb=0&uam=&uap=Windows&uapv=10.0.0&uaw=0&fledge=1&data=event%3Dgtag.config HTTP/1.1
                                                                                                                                                                                                                                                                                                                Host: td.doubleclick.net
                                                                                                                                                                                                                                                                                                                Connection: keep-alive
                                                                                                                                                                                                                                                                                                                sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"
                                                                                                                                                                                                                                                                                                                sec-ch-ua-mobile: ?0
                                                                                                                                                                                                                                                                                                                sec-ch-ua-platform: "Windows"
                                                                                                                                                                                                                                                                                                                Upgrade-Insecure-Requests: 1
                                                                                                                                                                                                                                                                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36
                                                                                                                                                                                                                                                                                                                Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                                                                                                                                                                                                                                                                                                X-Client-Data: CKq1yQEIi7bJAQiktskBCKmdygEIoOHKAQiWocsBCJz+zAEIhaDNAQi5ys0BCIrTzQEY9snNARjrjaUX
                                                                                                                                                                                                                                                                                                                Sec-Fetch-Site: cross-site
                                                                                                                                                                                                                                                                                                                Sec-Fetch-Mode: navigate
                                                                                                                                                                                                                                                                                                                Sec-Fetch-Dest: iframe
                                                                                                                                                                                                                                                                                                                Referer: https://pcapp.store/
                                                                                                                                                                                                                                                                                                                Accept-Encoding: gzip, deflate, br
                                                                                                                                                                                                                                                                                                                Accept-Language: en-US,en;q=0.9
                                                                                                                                                                                                                                                                                                                2024-10-04 14:00:25 UTC785INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                P3P: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
                                                                                                                                                                                                                                                                                                                Timing-Allow-Origin: *
                                                                                                                                                                                                                                                                                                                Cross-Origin-Resource-Policy: cross-origin
                                                                                                                                                                                                                                                                                                                Date: Fri, 04 Oct 2024 14:00:25 GMT
                                                                                                                                                                                                                                                                                                                Pragma: no-cache
                                                                                                                                                                                                                                                                                                                Expires: Fri, 01 Jan 1990 00:00:00 GMT
                                                                                                                                                                                                                                                                                                                Cache-Control: no-cache, must-revalidate
                                                                                                                                                                                                                                                                                                                Content-Type: text/html; charset=UTF-8
                                                                                                                                                                                                                                                                                                                X-Content-Type-Options: nosniff
                                                                                                                                                                                                                                                                                                                Server: cafe
                                                                                                                                                                                                                                                                                                                X-XSS-Protection: 0
                                                                                                                                                                                                                                                                                                                Set-Cookie: test_cookie=CheckForPermission; expires=Fri, 04-Oct-2024 14:15:25 GMT; path=/; domain=.doubleclick.net; Secure; SameSite=none
                                                                                                                                                                                                                                                                                                                Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                                                                                                                                                                                                                                                Accept-Ranges: none
                                                                                                                                                                                                                                                                                                                Vary: Accept-Encoding
                                                                                                                                                                                                                                                                                                                Connection: close
                                                                                                                                                                                                                                                                                                                Transfer-Encoding: chunked
                                                                                                                                                                                                                                                                                                                2024-10-04 14:00:25 UTC605INData Raw: 38 30 30 30 0d 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 6f 72 69 67 69 6e 2d 74 72 69 61 6c 22 20 63 6f 6e 74 65 6e 74 3d 22 41 76 68 35 4e 79 30 58 45 46 43 79 51 37 2b 6f 4e 69 65 58 73 6b 55 72 71 59 38 65 64 55 7a 4c 35 2f 58 72 77 4b 6c 47 6a 41 52 51 48 57 34 54 46 52 4b 2b 6a 56 64 35 48 6e 44 49 70 59 32 30 6e 35 4f 4c 48 66 67 55 34 6b 75 37 78 34 38 4e 33 75 68 47 2f 41 30 41 41 41 42 78 65 79 4a 76 63 6d 6c 6e 61 57 34 69 4f 69 4a 6f 64 48 52 77 63 7a 6f 76 4c 32 52 76 64 57 4a 73 5a 57 4e 73 61 57 4e 72 4c 6d 35 6c 64 44 6f 30 4e 44 4d 69 4c 43 4a 6d 5a 57 46 30 64 58 4a 6c 49 6a 6f 69 55 48 4a 70 64 6d 46 6a 65 56 4e 68 62 6d 52 69 62 33 68 42 5a 48 4e 42 55 45 6c 7a 49 69 77 69 5a 58 68 77
                                                                                                                                                                                                                                                                                                                Data Ascii: 8000<html><head><meta http-equiv="origin-trial" content="Avh5Ny0XEFCyQ7+oNieXskUrqY8edUzL5/XrwKlGjARQHW4TFRK+jVd5HnDIpY20n5OLHfgU4ku7x48N3uhG/A0AAABxeyJvcmlnaW4iOiJodHRwczovL2RvdWJsZWNsaWNrLm5ldDo0NDMiLCJmZWF0dXJlIjoiUHJpdmFjeVNhbmRib3hBZHNBUElzIiwiZXhw
                                                                                                                                                                                                                                                                                                                2024-10-04 14:00:25 UTC1390INData Raw: 61 74 65 3f 69 67 5f 6e 61 6d 65 3d 34 73 31 34 31 33 30 35 36 36 32 32 2e 31 37 32 38 30 35 30 34 32 33 5c 75 30 30 32 36 69 67 5f 6b 65 79 3d 31 73 4e 48 4d 78 4e 44 45 7a 4d 44 55 32 4e 6a 49 79 4c 6a 45 33 4d 6a 67 77 4e 54 41 30 4d 6a 4d 21 32 73 5a 30 38 4f 2d 51 21 33 73 41 41 70 74 44 56 37 33 72 6c 56 53 22 2c 22 74 72 75 73 74 65 64 42 69 64 64 69 6e 67 53 69 67 6e 61 6c 73 55 72 6c 22 3a 22 68 74 74 70 73 3a 2f 2f 74 64 2e 64 6f 75 62 6c 65 63 6c 69 63 6b 2e 6e 65 74 2f 74 64 2f 62 74 73 22 2c 22 74 72 75 73 74 65 64 42 69 64 64 69 6e 67 53 69 67 6e 61 6c 73 4b 65 79 73 22 3a 5b 22 31 73 4f 78 77 4c 4a 67 21 32 73 5a 30 38 4f 2d 51 21 33 73 41 41 70 74 44 56 37 33 72 6c 56 53 22 5d 2c 22 75 73 65 72 42 69 64 64 69 6e 67 53 69 67 6e 61 6c 73 22
                                                                                                                                                                                                                                                                                                                Data Ascii: ate?ig_name=4s1413056622.1728050423\u0026ig_key=1sNHMxNDEzMDU2NjIyLjE3MjgwNTA0MjM!2sZ08O-Q!3sAAptDV73rlVS","trustedBiddingSignalsUrl":"https://td.doubleclick.net/td/bts","trustedBiddingSignalsKeys":["1sOxwLJg!2sZ08O-Q!3sAAptDV73rlVS"],"userBiddingSignals"
                                                                                                                                                                                                                                                                                                                2024-10-04 14:00:25 UTC1390INData Raw: 38 38 30 37 39 38 38 37 22 2c 6e 75 6c 6c 2c 6e 75 6c 6c 2c 6e 75 6c 6c 2c 6e 75 6c 6c 2c 6e 75 6c 6c 2c 6e 75 6c 6c 2c 22 34 37 35 38 31 36 31 36 35 22 5d 2c 22 61 64 52 65 6e 64 65 72 49 64 22 3a 22 64 71 66 2d 31 69 72 5a 42 62 41 22 2c 22 62 75 79 65 72 52 65 70 6f 72 74 69 6e 67 49 64 22 3a 22 31 6a 34 37 35 38 31 36 31 36 35 21 34 73 2a 32 41 22 7d 2c 7b 22 72 65 6e 64 65 72 55 72 6c 22 3a 22 68 74 74 70 73 3a 2f 2f 74 64 73 66 2e 64 6f 75 62 6c 65 63 6c 69 63 6b 2e 6e 65 74 2f 74 64 2f 61 64 66 65 74 63 68 2f 67 64 61 3f 61 64 67 5f 69 64 3d 31 35 36 37 38 36 34 31 31 32 35 38 5c 75 30 30 32 36 63 72 5f 69 64 3d 36 38 31 31 36 34 33 32 36 30 36 30 5c 75 30 30 32 36 63 76 5f 69 64 3d 31 5c 75 30 30 32 36 66 6f 72 6d 61 74 3d 24 7b 41 44 5f 57 49 44
                                                                                                                                                                                                                                                                                                                Data Ascii: 88079887",null,null,null,null,null,null,"475816165"],"adRenderId":"dqf-1irZBbA","buyerReportingId":"1j475816165!4s*2A"},{"renderUrl":"https://tdsf.doubleclick.net/td/adfetch/gda?adg_id=156786411258\u0026cr_id=681164326060\u0026cv_id=1\u0026format=${AD_WID
                                                                                                                                                                                                                                                                                                                2024-10-04 14:00:25 UTC1390INData Raw: 35 37 31 31 37 35 36 30 5c 75 30 30 32 36 63 76 5f 69 64 3d 30 5c 75 30 30 32 36 66 6f 72 6d 61 74 3d 24 7b 41 44 5f 57 49 44 54 48 7d 78 24 7b 41 44 5f 48 45 49 47 48 54 7d 5c 75 30 30 32 36 72 64 73 3d 24 7b 52 45 4e 44 45 52 5f 44 41 54 41 7d 5c 75 30 30 32 36 73 65 61 74 3d 32 5c 75 30 30 32 36 72 70 5f 69 64 3d 72 31 6a 37 39 30 34 37 30 35 36 36 31 21 34 73 2a 32 41 22 2c 22 6d 65 74 61 64 61 74 61 22 3a 5b 22 31 35 38 39 34 32 38 36 30 30 37 38 22 2c 22 36 38 38 38 35 37 31 31 37 35 36 30 22 2c 6e 75 6c 6c 2c 22 32 30 38 31 31 33 38 30 33 30 31 22 2c 6e 75 6c 6c 2c 6e 75 6c 6c 2c 6e 75 6c 6c 2c 6e 75 6c 6c 2c 6e 75 6c 6c 2c 6e 75 6c 6c 2c 22 37 39 30 34 37 30 35 36 36 31 22 5d 2c 22 61 64 52 65 6e 64 65 72 49 64 22 3a 22 4c 74 61 4e 33 64 77 61 45
                                                                                                                                                                                                                                                                                                                Data Ascii: 57117560\u0026cv_id=0\u0026format=${AD_WIDTH}x${AD_HEIGHT}\u0026rds=${RENDER_DATA}\u0026seat=2\u0026rp_id=r1j7904705661!4s*2A","metadata":["158942860078","688857117560",null,"20811380301",null,null,null,null,null,null,"7904705661"],"adRenderId":"LtaN3dwaE
                                                                                                                                                                                                                                                                                                                2024-10-04 14:00:25 UTC1390INData Raw: 6c 2c 6e 75 6c 6c 2c 22 37 39 30 34 37 30 35 36 36 31 22 5d 2c 22 61 64 52 65 6e 64 65 72 49 64 22 3a 22 67 7a 48 48 44 55 31 41 4e 45 38 22 2c 22 62 75 79 65 72 52 65 70 6f 72 74 69 6e 67 49 64 22 3a 22 31 6a 37 39 30 34 37 30 35 36 36 31 21 34 73 2a 32 41 22 7d 2c 7b 22 72 65 6e 64 65 72 55 72 6c 22 3a 22 68 74 74 70 73 3a 2f 2f 74 64 73 66 2e 64 6f 75 62 6c 65 63 6c 69 63 6b 2e 6e 65 74 2f 74 64 2f 61 64 66 65 74 63 68 2f 67 64 61 3f 61 64 67 5f 69 64 3d 31 35 38 39 34 32 38 36 30 30 37 38 5c 75 30 30 32 36 63 72 5f 69 64 3d 36 38 38 38 35 37 31 31 37 35 39 33 5c 75 30 30 32 36 63 76 5f 69 64 3d 30 5c 75 30 30 32 36 66 6f 72 6d 61 74 3d 24 7b 41 44 5f 57 49 44 54 48 7d 78 24 7b 41 44 5f 48 45 49 47 48 54 7d 5c 75 30 30 32 36 72 64 73 3d 24 7b 52 45 4e
                                                                                                                                                                                                                                                                                                                Data Ascii: l,null,"7904705661"],"adRenderId":"gzHHDU1ANE8","buyerReportingId":"1j7904705661!4s*2A"},{"renderUrl":"https://tdsf.doubleclick.net/td/adfetch/gda?adg_id=158942860078\u0026cr_id=688857117593\u0026cv_id=0\u0026format=${AD_WIDTH}x${AD_HEIGHT}\u0026rds=${REN
                                                                                                                                                                                                                                                                                                                2024-10-04 14:00:25 UTC1390INData Raw: 72 6d 61 74 3d 24 7b 41 44 5f 57 49 44 54 48 7d 78 24 7b 41 44 5f 48 45 49 47 48 54 7d 5c 75 30 30 32 36 72 64 73 3d 24 7b 52 45 4e 44 45 52 5f 44 41 54 41 7d 5c 75 30 30 32 36 73 65 61 74 3d 32 5c 75 30 30 32 36 72 70 5f 69 64 3d 72 31 6a 37 39 30 34 37 30 35 36 36 31 21 34 73 2a 32 41 22 2c 22 6d 65 74 61 64 61 74 61 22 3a 5b 22 31 35 38 39 34 32 38 36 30 30 37 38 22 2c 22 36 38 38 38 35 37 31 31 37 37 32 32 22 2c 6e 75 6c 6c 2c 22 32 30 38 31 31 33 38 30 33 30 31 22 2c 6e 75 6c 6c 2c 6e 75 6c 6c 2c 6e 75 6c 6c 2c 6e 75 6c 6c 2c 6e 75 6c 6c 2c 6e 75 6c 6c 2c 22 37 39 30 34 37 30 35 36 36 31 22 5d 2c 22 61 64 52 65 6e 64 65 72 49 64 22 3a 22 73 33 32 76 51 54 39 69 48 67 30 22 2c 22 62 75 79 65 72 52 65 70 6f 72 74 69 6e 67 49 64 22 3a 22 31 6a 37 39 30
                                                                                                                                                                                                                                                                                                                Data Ascii: rmat=${AD_WIDTH}x${AD_HEIGHT}\u0026rds=${RENDER_DATA}\u0026seat=2\u0026rp_id=r1j7904705661!4s*2A","metadata":["158942860078","688857117722",null,"20811380301",null,null,null,null,null,null,"7904705661"],"adRenderId":"s32vQT9iHg0","buyerReportingId":"1j790
                                                                                                                                                                                                                                                                                                                2024-10-04 14:00:25 UTC1390INData Raw: 72 49 64 22 3a 22 66 62 44 70 34 44 6a 4d 4c 56 77 22 2c 22 62 75 79 65 72 52 65 70 6f 72 74 69 6e 67 49 64 22 3a 22 31 6a 37 39 30 34 37 30 35 36 36 31 21 34 73 2a 32 41 22 7d 2c 7b 22 72 65 6e 64 65 72 55 72 6c 22 3a 22 68 74 74 70 73 3a 2f 2f 74 64 73 66 2e 64 6f 75 62 6c 65 63 6c 69 63 6b 2e 6e 65 74 2f 74 64 2f 61 64 66 65 74 63 68 2f 67 64 61 3f 61 64 67 5f 69 64 3d 31 36 33 37 36 36 35 39 37 39 32 38 5c 75 30 30 32 36 63 72 5f 69 64 3d 36 38 38 37 39 35 31 37 35 30 31 39 5c 75 30 30 32 36 63 76 5f 69 64 3d 30 5c 75 30 30 32 36 66 6f 72 6d 61 74 3d 24 7b 41 44 5f 57 49 44 54 48 7d 78 24 7b 41 44 5f 48 45 49 47 48 54 7d 5c 75 30 30 32 36 72 64 73 3d 24 7b 52 45 4e 44 45 52 5f 44 41 54 41 7d 5c 75 30 30 32 36 73 65 61 74 3d 32 5c 75 30 30 32 36 72 70
                                                                                                                                                                                                                                                                                                                Data Ascii: rId":"fbDp4DjMLVw","buyerReportingId":"1j7904705661!4s*2A"},{"renderUrl":"https://tdsf.doubleclick.net/td/adfetch/gda?adg_id=163766597928\u0026cr_id=688795175019\u0026cv_id=0\u0026format=${AD_WIDTH}x${AD_HEIGHT}\u0026rds=${RENDER_DATA}\u0026seat=2\u0026rp
                                                                                                                                                                                                                                                                                                                2024-10-04 14:00:25 UTC1390INData Raw: 3d 24 7b 52 45 4e 44 45 52 5f 44 41 54 41 7d 5c 75 30 30 32 36 73 65 61 74 3d 32 5c 75 30 30 32 36 72 70 5f 69 64 3d 72 31 6a 34 37 35 38 31 36 31 36 35 21 34 73 2a 32 41 22 2c 22 6d 65 74 61 64 61 74 61 22 3a 5b 22 31 36 33 37 36 36 35 39 37 39 32 38 22 2c 22 36 38 38 37 36 36 38 32 30 34 35 30 22 2c 6e 75 6c 6c 2c 22 32 30 37 38 38 30 37 39 38 38 37 22 2c 6e 75 6c 6c 2c 6e 75 6c 6c 2c 6e 75 6c 6c 2c 6e 75 6c 6c 2c 6e 75 6c 6c 2c 6e 75 6c 6c 2c 22 34 37 35 38 31 36 31 36 35 22 5d 2c 22 61 64 52 65 6e 64 65 72 49 64 22 3a 22 6b 6a 54 45 44 57 71 4d 45 61 6b 22 2c 22 62 75 79 65 72 52 65 70 6f 72 74 69 6e 67 49 64 22 3a 22 31 6a 34 37 35 38 31 36 31 36 35 21 34 73 2a 32 41 22 7d 2c 7b 22 72 65 6e 64 65 72 55 72 6c 22 3a 22 68 74 74 70 73 3a 2f 2f 74 64 73
                                                                                                                                                                                                                                                                                                                Data Ascii: =${RENDER_DATA}\u0026seat=2\u0026rp_id=r1j475816165!4s*2A","metadata":["163766597928","688766820450",null,"20788079887",null,null,null,null,null,null,"475816165"],"adRenderId":"kjTEDWqMEak","buyerReportingId":"1j475816165!4s*2A"},{"renderUrl":"https://tds
                                                                                                                                                                                                                                                                                                                2024-10-04 14:00:25 UTC1390INData Raw: 35 21 34 73 2a 32 41 22 7d 2c 7b 22 72 65 6e 64 65 72 55 72 6c 22 3a 22 68 74 74 70 73 3a 2f 2f 74 64 73 66 2e 64 6f 75 62 6c 65 63 6c 69 63 6b 2e 6e 65 74 2f 74 64 2f 61 64 66 65 74 63 68 2f 67 64 61 3f 61 64 67 5f 69 64 3d 31 36 33 37 36 36 35 39 37 39 32 38 5c 75 30 30 32 36 63 72 5f 69 64 3d 36 38 38 37 36 36 38 32 30 34 31 34 5c 75 30 30 32 36 63 76 5f 69 64 3d 30 5c 75 30 30 32 36 66 6f 72 6d 61 74 3d 24 7b 41 44 5f 57 49 44 54 48 7d 78 24 7b 41 44 5f 48 45 49 47 48 54 7d 5c 75 30 30 32 36 72 64 73 3d 24 7b 52 45 4e 44 45 52 5f 44 41 54 41 7d 5c 75 30 30 32 36 73 65 61 74 3d 32 5c 75 30 30 32 36 72 70 5f 69 64 3d 72 31 6a 34 37 35 38 31 36 31 36 35 21 34 73 2a 32 41 22 2c 22 6d 65 74 61 64 61 74 61 22 3a 5b 22 31 36 33 37 36 36 35 39 37 39 32 38 22
                                                                                                                                                                                                                                                                                                                Data Ascii: 5!4s*2A"},{"renderUrl":"https://tdsf.doubleclick.net/td/adfetch/gda?adg_id=163766597928\u0026cr_id=688766820414\u0026cv_id=0\u0026format=${AD_WIDTH}x${AD_HEIGHT}\u0026rds=${RENDER_DATA}\u0026seat=2\u0026rp_id=r1j475816165!4s*2A","metadata":["163766597928"
                                                                                                                                                                                                                                                                                                                2024-10-04 14:00:25 UTC1390INData Raw: 36 31 21 34 73 2a 32 41 22 2c 22 6d 65 74 61 64 61 74 61 22 3a 5b 22 31 36 33 37 36 36 35 39 37 39 32 38 22 2c 22 36 38 38 37 36 36 38 32 30 34 31 31 22 2c 6e 75 6c 6c 2c 22 32 30 37 38 38 30 37 39 38 38 37 22 2c 6e 75 6c 6c 2c 6e 75 6c 6c 2c 6e 75 6c 6c 2c 6e 75 6c 6c 2c 6e 75 6c 6c 2c 6e 75 6c 6c 2c 22 37 39 30 34 37 30 35 36 36 31 22 5d 2c 22 61 64 52 65 6e 64 65 72 49 64 22 3a 22 33 43 59 78 43 6a 48 32 46 6a 38 22 2c 22 62 75 79 65 72 52 65 70 6f 72 74 69 6e 67 49 64 22 3a 22 31 6a 37 39 30 34 37 30 35 36 36 31 21 34 73 2a 32 41 22 7d 2c 7b 22 72 65 6e 64 65 72 55 72 6c 22 3a 22 68 74 74 70 73 3a 2f 2f 74 64 73 66 2e 64 6f 75 62 6c 65 63 6c 69 63 6b 2e 6e 65 74 2f 74 64 2f 61 64 66 65 74 63 68 2f 67 64 61 3f 61 64 67 5f 69 64 3d 31 36 33 37 36 36 35
                                                                                                                                                                                                                                                                                                                Data Ascii: 61!4s*2A","metadata":["163766597928","688766820411",null,"20788079887",null,null,null,null,null,null,"7904705661"],"adRenderId":"3CYxCjH2Fj8","buyerReportingId":"1j7904705661!4s*2A"},{"renderUrl":"https://tdsf.doubleclick.net/td/adfetch/gda?adg_id=1637665


                                                                                                                                                                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                                23192.168.2.449767142.250.185.984437872C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                2024-10-04 14:00:25 UTC1435OUTGET /td/rul/858128210?random=1728050423090&cv=11&fst=1728050423090&fmt=3&bg=ffffff&guid=ON&async=1&gtm=45be4a20v9103256652za200&gcd=13l3l3l3l1l1&dma=0&tag_exp=101671035~101747727&u_w=1280&u_h=1024&url=https%3A%2F%2Fpcapp.store%2F%3Fp%3Dlpd_installing_r2%26guid%3D71434D56-1548-ED3D-AEE6-C75AECD93BF0%26_fcid%3D1728048003008516%26_winver%3D19045%26version%3Dfa.1091x&hn=www.googleadservices.com&frm=0&tiba=APP%20STORE%3A%20Installing&npa=0&pscdl=noapi&auid=1413056622.1728050423&uaa=x86&uab=64&uafvl=Google%2520Chrome%3B117.0.5938.132%7CNot%253BA%253DBrand%3B8.0.0.0%7CChromium%3B117.0.5938.132&uamb=0&uam=&uap=Windows&uapv=10.0.0&uaw=0&fledge=1&data=event%3Dpage_view HTTP/1.1
                                                                                                                                                                                                                                                                                                                Host: td.doubleclick.net
                                                                                                                                                                                                                                                                                                                Connection: keep-alive
                                                                                                                                                                                                                                                                                                                sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"
                                                                                                                                                                                                                                                                                                                sec-ch-ua-mobile: ?0
                                                                                                                                                                                                                                                                                                                sec-ch-ua-platform: "Windows"
                                                                                                                                                                                                                                                                                                                Upgrade-Insecure-Requests: 1
                                                                                                                                                                                                                                                                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36
                                                                                                                                                                                                                                                                                                                Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                                                                                                                                                                                                                                                                                                X-Client-Data: CKq1yQEIi7bJAQiktskBCKmdygEIoOHKAQiWocsBCJz+zAEIhaDNAQi5ys0BCIrTzQEY9snNARjrjaUX
                                                                                                                                                                                                                                                                                                                Sec-Fetch-Site: cross-site
                                                                                                                                                                                                                                                                                                                Sec-Fetch-Mode: navigate
                                                                                                                                                                                                                                                                                                                Sec-Fetch-Dest: iframe
                                                                                                                                                                                                                                                                                                                Referer: https://pcapp.store/
                                                                                                                                                                                                                                                                                                                Accept-Encoding: gzip, deflate, br
                                                                                                                                                                                                                                                                                                                Accept-Language: en-US,en;q=0.9
                                                                                                                                                                                                                                                                                                                2024-10-04 14:00:25 UTC785INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                P3P: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
                                                                                                                                                                                                                                                                                                                Timing-Allow-Origin: *
                                                                                                                                                                                                                                                                                                                Cross-Origin-Resource-Policy: cross-origin
                                                                                                                                                                                                                                                                                                                Date: Fri, 04 Oct 2024 14:00:25 GMT
                                                                                                                                                                                                                                                                                                                Pragma: no-cache
                                                                                                                                                                                                                                                                                                                Expires: Fri, 01 Jan 1990 00:00:00 GMT
                                                                                                                                                                                                                                                                                                                Cache-Control: no-cache, must-revalidate
                                                                                                                                                                                                                                                                                                                Content-Type: text/html; charset=UTF-8
                                                                                                                                                                                                                                                                                                                X-Content-Type-Options: nosniff
                                                                                                                                                                                                                                                                                                                Server: cafe
                                                                                                                                                                                                                                                                                                                X-XSS-Protection: 0
                                                                                                                                                                                                                                                                                                                Set-Cookie: test_cookie=CheckForPermission; expires=Fri, 04-Oct-2024 14:15:25 GMT; path=/; domain=.doubleclick.net; Secure; SameSite=none
                                                                                                                                                                                                                                                                                                                Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                                                                                                                                                                                                                                                Accept-Ranges: none
                                                                                                                                                                                                                                                                                                                Vary: Accept-Encoding
                                                                                                                                                                                                                                                                                                                Connection: close
                                                                                                                                                                                                                                                                                                                Transfer-Encoding: chunked
                                                                                                                                                                                                                                                                                                                2024-10-04 14:00:25 UTC605INData Raw: 38 30 30 30 0d 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 6f 72 69 67 69 6e 2d 74 72 69 61 6c 22 20 63 6f 6e 74 65 6e 74 3d 22 41 76 68 35 4e 79 30 58 45 46 43 79 51 37 2b 6f 4e 69 65 58 73 6b 55 72 71 59 38 65 64 55 7a 4c 35 2f 58 72 77 4b 6c 47 6a 41 52 51 48 57 34 54 46 52 4b 2b 6a 56 64 35 48 6e 44 49 70 59 32 30 6e 35 4f 4c 48 66 67 55 34 6b 75 37 78 34 38 4e 33 75 68 47 2f 41 30 41 41 41 42 78 65 79 4a 76 63 6d 6c 6e 61 57 34 69 4f 69 4a 6f 64 48 52 77 63 7a 6f 76 4c 32 52 76 64 57 4a 73 5a 57 4e 73 61 57 4e 72 4c 6d 35 6c 64 44 6f 30 4e 44 4d 69 4c 43 4a 6d 5a 57 46 30 64 58 4a 6c 49 6a 6f 69 55 48 4a 70 64 6d 46 6a 65 56 4e 68 62 6d 52 69 62 33 68 42 5a 48 4e 42 55 45 6c 7a 49 69 77 69 5a 58 68 77
                                                                                                                                                                                                                                                                                                                Data Ascii: 8000<html><head><meta http-equiv="origin-trial" content="Avh5Ny0XEFCyQ7+oNieXskUrqY8edUzL5/XrwKlGjARQHW4TFRK+jVd5HnDIpY20n5OLHfgU4ku7x48N3uhG/A0AAABxeyJvcmlnaW4iOiJodHRwczovL2RvdWJsZWNsaWNrLm5ldDo0NDMiLCJmZWF0dXJlIjoiUHJpdmFjeVNhbmRib3hBZHNBUElzIiwiZXhw
                                                                                                                                                                                                                                                                                                                2024-10-04 14:00:25 UTC1390INData Raw: 61 74 65 3f 69 67 5f 6e 61 6d 65 3d 34 73 31 34 31 33 30 35 36 36 32 32 2e 31 37 32 38 30 35 30 34 32 33 5c 75 30 30 32 36 69 67 5f 6b 65 79 3d 31 73 4e 48 4d 78 4e 44 45 7a 4d 44 55 32 4e 6a 49 79 4c 6a 45 33 4d 6a 67 77 4e 54 41 30 4d 6a 4d 21 32 73 5a 30 38 4f 2d 51 21 33 73 41 41 70 74 44 56 37 33 72 6c 56 53 22 2c 22 74 72 75 73 74 65 64 42 69 64 64 69 6e 67 53 69 67 6e 61 6c 73 55 72 6c 22 3a 22 68 74 74 70 73 3a 2f 2f 74 64 2e 64 6f 75 62 6c 65 63 6c 69 63 6b 2e 6e 65 74 2f 74 64 2f 62 74 73 22 2c 22 74 72 75 73 74 65 64 42 69 64 64 69 6e 67 53 69 67 6e 61 6c 73 4b 65 79 73 22 3a 5b 22 31 73 4f 78 77 4c 4a 67 21 32 73 5a 30 38 4f 2d 51 21 33 73 41 41 70 74 44 56 37 33 72 6c 56 53 22 5d 2c 22 75 73 65 72 42 69 64 64 69 6e 67 53 69 67 6e 61 6c 73 22
                                                                                                                                                                                                                                                                                                                Data Ascii: ate?ig_name=4s1413056622.1728050423\u0026ig_key=1sNHMxNDEzMDU2NjIyLjE3MjgwNTA0MjM!2sZ08O-Q!3sAAptDV73rlVS","trustedBiddingSignalsUrl":"https://td.doubleclick.net/td/bts","trustedBiddingSignalsKeys":["1sOxwLJg!2sZ08O-Q!3sAAptDV73rlVS"],"userBiddingSignals"
                                                                                                                                                                                                                                                                                                                2024-10-04 14:00:25 UTC1390INData Raw: 32 30 37 38 38 30 37 39 38 38 37 22 2c 6e 75 6c 6c 2c 6e 75 6c 6c 2c 6e 75 6c 6c 2c 6e 75 6c 6c 2c 6e 75 6c 6c 2c 6e 75 6c 6c 2c 22 37 39 30 30 34 36 36 38 39 32 22 5d 2c 22 61 64 52 65 6e 64 65 72 49 64 22 3a 22 51 34 4d 4f 49 6b 38 33 47 75 6b 22 2c 22 62 75 79 65 72 52 65 70 6f 72 74 69 6e 67 49 64 22 3a 22 31 6a 37 39 30 30 34 36 36 38 39 32 21 34 73 2a 32 41 22 7d 2c 7b 22 72 65 6e 64 65 72 55 72 6c 22 3a 22 68 74 74 70 73 3a 2f 2f 74 64 73 66 2e 64 6f 75 62 6c 65 63 6c 69 63 6b 2e 6e 65 74 2f 74 64 2f 61 64 66 65 74 63 68 2f 67 64 61 3f 61 64 67 5f 69 64 3d 31 35 36 37 38 36 34 31 31 32 35 38 5c 75 30 30 32 36 63 72 5f 69 64 3d 36 38 31 31 36 34 33 32 36 30 36 30 5c 75 30 30 32 36 63 76 5f 69 64 3d 31 5c 75 30 30 32 36 66 6f 72 6d 61 74 3d 24 7b 41
                                                                                                                                                                                                                                                                                                                Data Ascii: 20788079887",null,null,null,null,null,null,"7900466892"],"adRenderId":"Q4MOIk83Guk","buyerReportingId":"1j7900466892!4s*2A"},{"renderUrl":"https://tdsf.doubleclick.net/td/adfetch/gda?adg_id=156786411258\u0026cr_id=681164326060\u0026cv_id=1\u0026format=${A
                                                                                                                                                                                                                                                                                                                2024-10-04 14:00:25 UTC1390INData Raw: 3d 36 38 38 38 35 37 31 31 37 35 38 31 5c 75 30 30 32 36 63 76 5f 69 64 3d 30 5c 75 30 30 32 36 66 6f 72 6d 61 74 3d 24 7b 41 44 5f 57 49 44 54 48 7d 78 24 7b 41 44 5f 48 45 49 47 48 54 7d 5c 75 30 30 32 36 72 64 73 3d 24 7b 52 45 4e 44 45 52 5f 44 41 54 41 7d 5c 75 30 30 32 36 73 65 61 74 3d 32 5c 75 30 30 32 36 72 70 5f 69 64 3d 72 31 6a 34 37 35 38 31 36 31 36 35 21 34 73 2a 32 41 22 2c 22 6d 65 74 61 64 61 74 61 22 3a 5b 22 31 35 38 39 34 32 38 36 30 30 37 38 22 2c 22 36 38 38 38 35 37 31 31 37 35 38 31 22 2c 6e 75 6c 6c 2c 22 32 30 38 31 31 33 38 30 33 30 31 22 2c 6e 75 6c 6c 2c 6e 75 6c 6c 2c 6e 75 6c 6c 2c 6e 75 6c 6c 2c 6e 75 6c 6c 2c 6e 75 6c 6c 2c 22 34 37 35 38 31 36 31 36 35 22 5d 2c 22 61 64 52 65 6e 64 65 72 49 64 22 3a 22 4e 69 74 35 55 61
                                                                                                                                                                                                                                                                                                                Data Ascii: =688857117581\u0026cv_id=0\u0026format=${AD_WIDTH}x${AD_HEIGHT}\u0026rds=${RENDER_DATA}\u0026seat=2\u0026rp_id=r1j475816165!4s*2A","metadata":["158942860078","688857117581",null,"20811380301",null,null,null,null,null,null,"475816165"],"adRenderId":"Nit5Ua
                                                                                                                                                                                                                                                                                                                2024-10-04 14:00:25 UTC1390INData Raw: 75 6c 6c 2c 6e 75 6c 6c 2c 22 37 39 30 34 37 30 35 36 36 31 22 5d 2c 22 61 64 52 65 6e 64 65 72 49 64 22 3a 22 67 7a 48 48 44 55 31 41 4e 45 38 22 2c 22 62 75 79 65 72 52 65 70 6f 72 74 69 6e 67 49 64 22 3a 22 31 6a 37 39 30 34 37 30 35 36 36 31 21 34 73 2a 32 41 22 7d 2c 7b 22 72 65 6e 64 65 72 55 72 6c 22 3a 22 68 74 74 70 73 3a 2f 2f 74 64 73 66 2e 64 6f 75 62 6c 65 63 6c 69 63 6b 2e 6e 65 74 2f 74 64 2f 61 64 66 65 74 63 68 2f 67 64 61 3f 61 64 67 5f 69 64 3d 31 35 38 39 34 32 38 36 30 30 37 38 5c 75 30 30 32 36 63 72 5f 69 64 3d 36 38 38 38 35 37 31 31 37 35 39 33 5c 75 30 30 32 36 63 76 5f 69 64 3d 30 5c 75 30 30 32 36 66 6f 72 6d 61 74 3d 24 7b 41 44 5f 57 49 44 54 48 7d 78 24 7b 41 44 5f 48 45 49 47 48 54 7d 5c 75 30 30 32 36 72 64 73 3d 24 7b 52
                                                                                                                                                                                                                                                                                                                Data Ascii: ull,null,"7904705661"],"adRenderId":"gzHHDU1ANE8","buyerReportingId":"1j7904705661!4s*2A"},{"renderUrl":"https://tdsf.doubleclick.net/td/adfetch/gda?adg_id=158942860078\u0026cr_id=688857117593\u0026cv_id=0\u0026format=${AD_WIDTH}x${AD_HEIGHT}\u0026rds=${R
                                                                                                                                                                                                                                                                                                                2024-10-04 14:00:25 UTC1390INData Raw: 66 6f 72 6d 61 74 3d 24 7b 41 44 5f 57 49 44 54 48 7d 78 24 7b 41 44 5f 48 45 49 47 48 54 7d 5c 75 30 30 32 36 72 64 73 3d 24 7b 52 45 4e 44 45 52 5f 44 41 54 41 7d 5c 75 30 30 32 36 73 65 61 74 3d 32 5c 75 30 30 32 36 72 70 5f 69 64 3d 72 31 6a 37 39 30 34 37 30 35 36 36 31 21 34 73 2a 32 41 22 2c 22 6d 65 74 61 64 61 74 61 22 3a 5b 22 31 35 38 39 34 32 38 36 30 30 37 38 22 2c 22 36 38 38 38 35 37 31 31 37 37 32 32 22 2c 6e 75 6c 6c 2c 22 32 30 38 31 31 33 38 30 33 30 31 22 2c 6e 75 6c 6c 2c 6e 75 6c 6c 2c 6e 75 6c 6c 2c 6e 75 6c 6c 2c 6e 75 6c 6c 2c 6e 75 6c 6c 2c 22 37 39 30 34 37 30 35 36 36 31 22 5d 2c 22 61 64 52 65 6e 64 65 72 49 64 22 3a 22 73 33 32 76 51 54 39 69 48 67 30 22 2c 22 62 75 79 65 72 52 65 70 6f 72 74 69 6e 67 49 64 22 3a 22 31 6a 37
                                                                                                                                                                                                                                                                                                                Data Ascii: format=${AD_WIDTH}x${AD_HEIGHT}\u0026rds=${RENDER_DATA}\u0026seat=2\u0026rp_id=r1j7904705661!4s*2A","metadata":["158942860078","688857117722",null,"20811380301",null,null,null,null,null,null,"7904705661"],"adRenderId":"s32vQT9iHg0","buyerReportingId":"1j7
                                                                                                                                                                                                                                                                                                                2024-10-04 14:00:25 UTC1390INData Raw: 64 65 72 49 64 22 3a 22 66 62 44 70 34 44 6a 4d 4c 56 77 22 2c 22 62 75 79 65 72 52 65 70 6f 72 74 69 6e 67 49 64 22 3a 22 31 6a 37 39 30 34 37 30 35 36 36 31 21 34 73 2a 32 41 22 7d 2c 7b 22 72 65 6e 64 65 72 55 72 6c 22 3a 22 68 74 74 70 73 3a 2f 2f 74 64 73 66 2e 64 6f 75 62 6c 65 63 6c 69 63 6b 2e 6e 65 74 2f 74 64 2f 61 64 66 65 74 63 68 2f 67 64 61 3f 61 64 67 5f 69 64 3d 31 36 33 37 36 36 35 39 37 39 32 38 5c 75 30 30 32 36 63 72 5f 69 64 3d 36 38 38 37 36 36 38 32 30 34 31 31 5c 75 30 30 32 36 63 76 5f 69 64 3d 30 5c 75 30 30 32 36 66 6f 72 6d 61 74 3d 24 7b 41 44 5f 57 49 44 54 48 7d 78 24 7b 41 44 5f 48 45 49 47 48 54 7d 5c 75 30 30 32 36 72 64 73 3d 24 7b 52 45 4e 44 45 52 5f 44 41 54 41 7d 5c 75 30 30 32 36 73 65 61 74 3d 32 5c 75 30 30 32 36
                                                                                                                                                                                                                                                                                                                Data Ascii: derId":"fbDp4DjMLVw","buyerReportingId":"1j7904705661!4s*2A"},{"renderUrl":"https://tdsf.doubleclick.net/td/adfetch/gda?adg_id=163766597928\u0026cr_id=688766820411\u0026cv_id=0\u0026format=${AD_WIDTH}x${AD_HEIGHT}\u0026rds=${RENDER_DATA}\u0026seat=2\u0026
                                                                                                                                                                                                                                                                                                                2024-10-04 14:00:25 UTC1390INData Raw: 54 7d 5c 75 30 30 32 36 72 64 73 3d 24 7b 52 45 4e 44 45 52 5f 44 41 54 41 7d 5c 75 30 30 32 36 73 65 61 74 3d 32 5c 75 30 30 32 36 72 70 5f 69 64 3d 72 31 6a 37 39 30 34 37 30 35 36 36 31 21 34 73 2a 32 41 22 2c 22 6d 65 74 61 64 61 74 61 22 3a 5b 22 31 36 33 37 36 36 35 39 37 39 32 38 22 2c 22 36 38 38 37 36 36 38 32 30 34 33 32 22 2c 6e 75 6c 6c 2c 22 32 30 37 38 38 30 37 39 38 38 37 22 2c 6e 75 6c 6c 2c 6e 75 6c 6c 2c 6e 75 6c 6c 2c 6e 75 6c 6c 2c 6e 75 6c 6c 2c 6e 75 6c 6c 2c 22 37 39 30 34 37 30 35 36 36 31 22 5d 2c 22 61 64 52 65 6e 64 65 72 49 64 22 3a 22 52 64 5a 6e 4d 48 45 56 61 53 67 22 2c 22 62 75 79 65 72 52 65 70 6f 72 74 69 6e 67 49 64 22 3a 22 31 6a 37 39 30 34 37 30 35 36 36 31 21 34 73 2a 32 41 22 7d 2c 7b 22 72 65 6e 64 65 72 55 72 6c
                                                                                                                                                                                                                                                                                                                Data Ascii: T}\u0026rds=${RENDER_DATA}\u0026seat=2\u0026rp_id=r1j7904705661!4s*2A","metadata":["163766597928","688766820432",null,"20788079887",null,null,null,null,null,null,"7904705661"],"adRenderId":"RdZnMHEVaSg","buyerReportingId":"1j7904705661!4s*2A"},{"renderUrl
                                                                                                                                                                                                                                                                                                                2024-10-04 14:00:25 UTC1390INData Raw: 70 6f 72 74 69 6e 67 49 64 22 3a 22 31 6a 37 39 30 34 37 30 35 36 36 31 21 34 73 2a 32 41 22 7d 2c 7b 22 72 65 6e 64 65 72 55 72 6c 22 3a 22 68 74 74 70 73 3a 2f 2f 74 64 73 66 2e 64 6f 75 62 6c 65 63 6c 69 63 6b 2e 6e 65 74 2f 74 64 2f 61 64 66 65 74 63 68 2f 67 64 61 3f 61 64 67 5f 69 64 3d 31 36 33 37 36 36 35 39 37 39 32 38 5c 75 30 30 32 36 63 72 5f 69 64 3d 36 38 38 37 36 36 38 32 30 34 35 36 5c 75 30 30 32 36 63 76 5f 69 64 3d 30 5c 75 30 30 32 36 66 6f 72 6d 61 74 3d 24 7b 41 44 5f 57 49 44 54 48 7d 78 24 7b 41 44 5f 48 45 49 47 48 54 7d 5c 75 30 30 32 36 72 64 73 3d 24 7b 52 45 4e 44 45 52 5f 44 41 54 41 7d 5c 75 30 30 32 36 73 65 61 74 3d 32 5c 75 30 30 32 36 72 70 5f 69 64 3d 72 31 6a 37 39 30 34 37 30 35 36 36 31 21 34 73 2a 32 41 22 2c 22 6d
                                                                                                                                                                                                                                                                                                                Data Ascii: portingId":"1j7904705661!4s*2A"},{"renderUrl":"https://tdsf.doubleclick.net/td/adfetch/gda?adg_id=163766597928\u0026cr_id=688766820456\u0026cv_id=0\u0026format=${AD_WIDTH}x${AD_HEIGHT}\u0026rds=${RENDER_DATA}\u0026seat=2\u0026rp_id=r1j7904705661!4s*2A","m
                                                                                                                                                                                                                                                                                                                2024-10-04 14:00:25 UTC1390INData Raw: 30 32 36 73 65 61 74 3d 32 5c 75 30 30 32 36 72 70 5f 69 64 3d 72 31 6a 37 39 30 34 37 30 35 36 36 31 21 34 73 2a 32 41 22 2c 22 6d 65 74 61 64 61 74 61 22 3a 5b 22 31 35 37 30 30 39 35 37 38 32 32 30 22 2c 22 36 38 35 38 39 31 33 34 33 34 34 36 22 2c 6e 75 6c 6c 2c 22 32 30 38 31 31 33 38 30 33 30 31 22 2c 6e 75 6c 6c 2c 6e 75 6c 6c 2c 6e 75 6c 6c 2c 6e 75 6c 6c 2c 6e 75 6c 6c 2c 6e 75 6c 6c 2c 22 37 39 30 34 37 30 35 36 36 31 22 5d 2c 22 61 64 52 65 6e 64 65 72 49 64 22 3a 22 5a 36 75 6b 74 52 59 76 36 44 4d 22 2c 22 62 75 79 65 72 52 65 70 6f 72 74 69 6e 67 49 64 22 3a 22 31 6a 37 39 30 34 37 30 35 36 36 31 21 34 73 2a 32 41 22 7d 2c 7b 22 72 65 6e 64 65 72 55 72 6c 22 3a 22 68 74 74 70 73 3a 2f 2f 74 64 73 66 2e 64 6f 75 62 6c 65 63 6c 69 63 6b 2e 6e
                                                                                                                                                                                                                                                                                                                Data Ascii: 026seat=2\u0026rp_id=r1j7904705661!4s*2A","metadata":["157009578220","685891343446",null,"20811380301",null,null,null,null,null,null,"7904705661"],"adRenderId":"Z6uktRYv6DM","buyerReportingId":"1j7904705661!4s*2A"},{"renderUrl":"https://tdsf.doubleclick.n


                                                                                                                                                                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                                24192.168.2.449765142.250.181.2264437872C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                2024-10-04 14:00:25 UTC1313OUTGET /pagead/viewthroughconversion/858128210/?random=1728050423031&cv=11&fst=1728050423031&bg=ffffff&guid=ON&async=1&gtm=45be4a20v9103256652za200&gcd=13l3l3l3l1l1&dma=0&tag_exp=101671035~101747727&u_w=1280&u_h=1024&url=https%3A%2F%2Fpcapp.store%2F%3Fp%3Dlpd_installing_r2%26guid%3D71434D56-1548-ED3D-AEE6-C75AECD93BF0%26_fcid%3D1728048003008516%26_winver%3D19045%26version%3Dfa.1091x&hn=www.googleadservices.com&frm=0&tiba=APP%20STORE%3A%20Installing&npa=0&pscdl=noapi&auid=1413056622.1728050423&uaa=x86&uab=64&uafvl=Google%2520Chrome%3B117.0.5938.132%7CNot%253BA%253DBrand%3B8.0.0.0%7CChromium%3B117.0.5938.132&uamb=0&uam=&uap=Windows&uapv=10.0.0&uaw=0&fledge=1&data=event%3Dgtag.config&rfmt=3&fmt=4 HTTP/1.1
                                                                                                                                                                                                                                                                                                                Host: googleads.g.doubleclick.net
                                                                                                                                                                                                                                                                                                                Connection: keep-alive
                                                                                                                                                                                                                                                                                                                sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"
                                                                                                                                                                                                                                                                                                                sec-ch-ua-mobile: ?0
                                                                                                                                                                                                                                                                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36
                                                                                                                                                                                                                                                                                                                sec-ch-ua-platform: "Windows"
                                                                                                                                                                                                                                                                                                                Accept: */*
                                                                                                                                                                                                                                                                                                                X-Client-Data: CKq1yQEIi7bJAQiktskBCKmdygEIoOHKAQiWocsBCJz+zAEIhaDNAQi5ys0BCIrTzQEY9snNARjrjaUX
                                                                                                                                                                                                                                                                                                                Sec-Fetch-Site: cross-site
                                                                                                                                                                                                                                                                                                                Sec-Fetch-Mode: no-cors
                                                                                                                                                                                                                                                                                                                Sec-Fetch-Dest: script
                                                                                                                                                                                                                                                                                                                Referer: https://pcapp.store/
                                                                                                                                                                                                                                                                                                                Accept-Encoding: gzip, deflate, br
                                                                                                                                                                                                                                                                                                                Accept-Language: en-US,en;q=0.9
                                                                                                                                                                                                                                                                                                                2024-10-04 14:00:25 UTC842INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                P3P: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
                                                                                                                                                                                                                                                                                                                Timing-Allow-Origin: *
                                                                                                                                                                                                                                                                                                                Cross-Origin-Resource-Policy: cross-origin
                                                                                                                                                                                                                                                                                                                Date: Fri, 04 Oct 2024 14:00:25 GMT
                                                                                                                                                                                                                                                                                                                Pragma: no-cache
                                                                                                                                                                                                                                                                                                                Expires: Fri, 01 Jan 1990 00:00:00 GMT
                                                                                                                                                                                                                                                                                                                Cache-Control: no-cache, must-revalidate
                                                                                                                                                                                                                                                                                                                Content-Type: text/javascript; charset=UTF-8
                                                                                                                                                                                                                                                                                                                X-Content-Type-Options: nosniff
                                                                                                                                                                                                                                                                                                                Content-Disposition: attachment; filename="f.txt"
                                                                                                                                                                                                                                                                                                                Server: cafe
                                                                                                                                                                                                                                                                                                                X-XSS-Protection: 0
                                                                                                                                                                                                                                                                                                                Set-Cookie: test_cookie=CheckForPermission; expires=Fri, 04-Oct-2024 14:15:25 GMT; path=/; domain=.doubleclick.net; Secure; SameSite=none
                                                                                                                                                                                                                                                                                                                Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                                                                                                                                                                                                                                                Accept-Ranges: none
                                                                                                                                                                                                                                                                                                                Vary: Accept-Encoding
                                                                                                                                                                                                                                                                                                                Connection: close
                                                                                                                                                                                                                                                                                                                Transfer-Encoding: chunked
                                                                                                                                                                                                                                                                                                                2024-10-04 14:00:25 UTC548INData Raw: 31 32 65 32 0d 0a 28 66 75 6e 63 74 69 6f 6e 28 29 7b 76 61 72 20 73 20 3d 20 7b 7d 3b 28 66 75 6e 63 74 69 6f 6e 28 29 7b 76 61 72 20 68 3d 74 79 70 65 6f 66 20 4f 62 6a 65 63 74 2e 64 65 66 69 6e 65 50 72 6f 70 65 72 74 69 65 73 3d 3d 22 66 75 6e 63 74 69 6f 6e 22 3f 4f 62 6a 65 63 74 2e 64 65 66 69 6e 65 50 72 6f 70 65 72 74 79 3a 66 75 6e 63 74 69 6f 6e 28 61 2c 62 2c 64 29 7b 69 66 28 61 3d 3d 41 72 72 61 79 2e 70 72 6f 74 6f 74 79 70 65 7c 7c 61 3d 3d 4f 62 6a 65 63 74 2e 70 72 6f 74 6f 74 79 70 65 29 72 65 74 75 72 6e 20 61 3b 61 5b 62 5d 3d 64 2e 76 61 6c 75 65 3b 72 65 74 75 72 6e 20 61 7d 3b 66 75 6e 63 74 69 6f 6e 20 6b 28 61 29 7b 61 3d 5b 22 6f 62 6a 65 63 74 22 3d 3d 74 79 70 65 6f 66 20 67 6c 6f 62 61 6c 54 68 69 73 26 26 67 6c 6f 62 61 6c
                                                                                                                                                                                                                                                                                                                Data Ascii: 12e2(function(){var s = {};(function(){var h=typeof Object.defineProperties=="function"?Object.defineProperty:function(a,b,d){if(a==Array.prototype||a==Object.prototype)return a;a[b]=d.value;return a};function k(a){a=["object"==typeof globalThis&&global
                                                                                                                                                                                                                                                                                                                2024-10-04 14:00:25 UTC1390INData Raw: 3b 66 75 6e 63 74 69 6f 6e 20 77 28 61 2c 62 2c 64 29 7b 69 66 28 21 64 7c 7c 61 21 3d 6e 75 6c 6c 29 7b 64 3d 76 5b 62 5d 3b 69 66 28 64 3d 3d 6e 75 6c 6c 29 72 65 74 75 72 6e 20 61 5b 62 5d 3b 64 3d 61 5b 64 5d 3b 72 65 74 75 72 6e 20 64 21 3d 3d 76 6f 69 64 20 30 3f 64 3a 61 5b 62 5d 7d 7d 20 66 75 6e 63 74 69 6f 6e 20 78 28 61 2c 62 2c 64 29 7b 69 66 28 62 29 61 3a 7b 76 61 72 20 63 3d 61 2e 73 70 6c 69 74 28 22 2e 22 29 3b 61 3d 63 2e 6c 65 6e 67 74 68 3d 3d 3d 31 3b 76 61 72 20 65 3d 63 5b 30 5d 2c 67 3b 21 61 26 26 65 20 69 6e 20 74 3f 67 3d 74 3a 67 3d 6d 3b 66 6f 72 28 65 3d 30 3b 65 3c 63 2e 6c 65 6e 67 74 68 2d 31 3b 65 2b 2b 29 7b 76 61 72 20 66 3d 63 5b 65 5d 3b 69 66 28 21 28 66 20 69 6e 20 67 29 29 62 72 65 61 6b 20 61 3b 67 3d 67 5b 66 5d
                                                                                                                                                                                                                                                                                                                Data Ascii: ;function w(a,b,d){if(!d||a!=null){d=v[b];if(d==null)return a[b];d=a[d];return d!==void 0?d:a[b]}} function x(a,b,d){if(b)a:{var c=a.split(".");a=c.length===1;var e=c[0],g;!a&&e in t?g=t:g=m;for(e=0;e<c.length-1;e++){var f=c[e];if(!(f in g))break a;g=g[f]
                                                                                                                                                                                                                                                                                                                2024-10-04 14:00:25 UTC1390INData Raw: 2e 62 72 61 6e 64 29 26 26 62 2e 69 6e 64 65 78 4f 66 28 61 29 21 3d 2d 31 7d 29 3a 21 31 3a 21 31 7d 66 75 6e 63 74 69 6f 6e 20 52 28 61 29 7b 76 61 72 20 62 3b 61 3a 7b 69 66 28 62 3d 7a 2e 6e 61 76 69 67 61 74 6f 72 29 69 66 28 62 3d 62 2e 75 73 65 72 41 67 65 6e 74 29 62 72 65 61 6b 20 61 3b 62 3d 22 22 7d 72 65 74 75 72 6e 20 62 2e 69 6e 64 65 78 4f 66 28 61 29 21 3d 2d 31 7d 3b 66 75 6e 63 74 69 6f 6e 20 54 28 29 7b 72 65 74 75 72 6e 20 47 3f 21 21 4f 26 26 4f 2e 62 72 61 6e 64 73 2e 6c 65 6e 67 74 68 3e 30 3a 21 31 7d 66 75 6e 63 74 69 6f 6e 20 55 28 29 7b 72 65 74 75 72 6e 20 54 28 29 3f 51 28 22 43 68 72 6f 6d 69 75 6d 22 29 3a 28 52 28 22 43 68 72 6f 6d 65 22 29 7c 7c 52 28 22 43 72 69 4f 53 22 29 29 26 26 21 28 54 28 29 3f 30 3a 52 28 22 45 64
                                                                                                                                                                                                                                                                                                                Data Ascii: .brand)&&b.indexOf(a)!=-1}):!1:!1}function R(a){var b;a:{if(b=z.navigator)if(b=b.userAgent)break a;b=""}return b.indexOf(a)!=-1};function T(){return G?!!O&&O.brands.length>0:!1}function U(){return T()?Q("Chromium"):(R("Chrome")||R("CriOS"))&&!(T()?0:R("Ed
                                                                                                                                                                                                                                                                                                                2024-10-04 14:00:25 UTC1390INData Raw: 66 65 74 63 68 28 71 2c 49 29 3b 53 26 26 53 2e 63 61 74 63 68 28 42 29 3b 76 61 72 20 4a 3d 21 30 3b 62 72 65 61 6b 20 61 7d 63 61 74 63 68 28 62 61 29 7b 7d 7d 69 66 28 6e 26 26 6e 2e 6e 6f 46 61 6c 6c 62 61 63 6b 29 4a 3d 21 31 3b 65 6c 73 65 7b 74 72 79 7b 76 61 72 20 63 61 3d 44 2e 73 65 6e 64 42 65 61 63 6f 6e 26 26 44 2e 73 65 6e 64 42 65 61 63 6f 6e 28 71 29 7d 63 61 74 63 68 28 62 61 29 7b 41 2e 54 41 47 47 49 4e 47 3d 41 2e 54 41 47 47 49 4e 47 7c 7c 5b 5d 2c 41 2e 54 41 47 47 49 4e 47 5b 31 35 5d 3d 21 30 7d 63 61 7c 7c 45 28 71 29 3b 4a 3d 21 30 7d 7d 4a 26 26 65 28 29 7d 7d 28 66 29 29 29 3b 72 2e 6f 6e 6c 6f 61 64 3d 65 3b 72 2e 73 72 63 3d 64 5b 66 2e 67 5d 7d 65 28 29 7d 76 61 72 20 58 3d 5b 22 73 73 5f 22 5d 2c 59 3d 73 7c 7c 7a 3b 58 5b
                                                                                                                                                                                                                                                                                                                Data Ascii: fetch(q,I);S&&S.catch(B);var J=!0;break a}catch(ba){}}if(n&&n.noFallback)J=!1;else{try{var ca=D.sendBeacon&&D.sendBeacon(q)}catch(ba){A.TAGGING=A.TAGGING||[],A.TAGGING[15]=!0}ca||E(q);J=!0}}J&&e()}}(f)));r.onload=e;r.src=d[f.g]}e()}var X=["ss_"],Y=s||z;X[
                                                                                                                                                                                                                                                                                                                2024-10-04 14:00:25 UTC124INData Raw: 5c 78 33 64 31 5c 78 32 36 63 69 64 5c 78 33 64 43 41 51 53 47 77 44 70 61 58 6e 66 4d 79 4a 68 72 44 68 61 42 33 65 78 54 47 72 38 51 69 41 62 6b 72 49 39 64 68 6e 74 62 41 5c 78 32 36 72 61 6e 64 6f 6d 5c 78 33 64 34 31 32 30 38 31 37 34 33 5c 78 32 36 72 6d 74 5f 74 6c 64 5c 78 33 64 30 5c 78 32 36 69 70 72 5c 78 33 64 79 27 5d 2c 20 5b 5d 29 3b 7d 29 28 29 3b 0d 0a
                                                                                                                                                                                                                                                                                                                Data Ascii: \x3d1\x26cid\x3dCAQSGwDpaXnfMyJhrDhaB3exTGr8QiAbkrI9dhntbA\x26random\x3d412081743\x26rmt_tld\x3d0\x26ipr\x3dy'], []);})();
                                                                                                                                                                                                                                                                                                                2024-10-04 14:00:25 UTC5INData Raw: 30 0d 0a 0d 0a
                                                                                                                                                                                                                                                                                                                Data Ascii: 0


                                                                                                                                                                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                                25192.168.2.449772142.250.185.984437872C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                2024-10-04 14:00:25 UTC957OUTGET /td/ga/rul?tid=G-VFQWFX3X1C&gacid=1613511744.1728050423&gtm=45je4a20v898645365za200&dma=0&gcd=13l3l3l3l1l1&npa=0&pscdl=noapi&aip=1&fledge=1&frm=0&tag_exp=101671035~101747727&z=502626798 HTTP/1.1
                                                                                                                                                                                                                                                                                                                Host: td.doubleclick.net
                                                                                                                                                                                                                                                                                                                Connection: keep-alive
                                                                                                                                                                                                                                                                                                                sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"
                                                                                                                                                                                                                                                                                                                sec-ch-ua-mobile: ?0
                                                                                                                                                                                                                                                                                                                sec-ch-ua-platform: "Windows"
                                                                                                                                                                                                                                                                                                                Upgrade-Insecure-Requests: 1
                                                                                                                                                                                                                                                                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36
                                                                                                                                                                                                                                                                                                                Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                                                                                                                                                                                                                                                                                                X-Client-Data: CKq1yQEIi7bJAQiktskBCKmdygEIoOHKAQiWocsBCJz+zAEIhaDNAQi5ys0BCIrTzQEY9snNARjrjaUX
                                                                                                                                                                                                                                                                                                                Sec-Fetch-Site: cross-site
                                                                                                                                                                                                                                                                                                                Sec-Fetch-Mode: navigate
                                                                                                                                                                                                                                                                                                                Sec-Fetch-Dest: iframe
                                                                                                                                                                                                                                                                                                                Referer: https://pcapp.store/
                                                                                                                                                                                                                                                                                                                Accept-Encoding: gzip, deflate, br
                                                                                                                                                                                                                                                                                                                Accept-Language: en-US,en;q=0.9
                                                                                                                                                                                                                                                                                                                2024-10-04 14:00:25 UTC785INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                P3P: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
                                                                                                                                                                                                                                                                                                                Timing-Allow-Origin: *
                                                                                                                                                                                                                                                                                                                Cross-Origin-Resource-Policy: cross-origin
                                                                                                                                                                                                                                                                                                                Date: Fri, 04 Oct 2024 14:00:25 GMT
                                                                                                                                                                                                                                                                                                                Pragma: no-cache
                                                                                                                                                                                                                                                                                                                Expires: Fri, 01 Jan 1990 00:00:00 GMT
                                                                                                                                                                                                                                                                                                                Cache-Control: no-cache, must-revalidate
                                                                                                                                                                                                                                                                                                                Content-Type: text/html; charset=UTF-8
                                                                                                                                                                                                                                                                                                                X-Content-Type-Options: nosniff
                                                                                                                                                                                                                                                                                                                Server: cafe
                                                                                                                                                                                                                                                                                                                X-XSS-Protection: 0
                                                                                                                                                                                                                                                                                                                Set-Cookie: test_cookie=CheckForPermission; expires=Fri, 04-Oct-2024 14:15:25 GMT; path=/; domain=.doubleclick.net; Secure; SameSite=none
                                                                                                                                                                                                                                                                                                                Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                                                                                                                                                                                                                                                Accept-Ranges: none
                                                                                                                                                                                                                                                                                                                Vary: Accept-Encoding
                                                                                                                                                                                                                                                                                                                Connection: close
                                                                                                                                                                                                                                                                                                                Transfer-Encoding: chunked
                                                                                                                                                                                                                                                                                                                2024-10-04 14:00:25 UTC18INData Raw: 64 0d 0a 3c 68 74 6d 6c 3e 3c 2f 68 74 6d 6c 3e 0d 0a
                                                                                                                                                                                                                                                                                                                Data Ascii: d<html></html>
                                                                                                                                                                                                                                                                                                                2024-10-04 14:00:25 UTC5INData Raw: 30 0d 0a 0d 0a
                                                                                                                                                                                                                                                                                                                Data Ascii: 0


                                                                                                                                                                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                                26192.168.2.449766142.250.181.2264437872C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                2024-10-04 14:00:25 UTC1311OUTGET /pagead/viewthroughconversion/858128210/?random=1728050423090&cv=11&fst=1728050423090&bg=ffffff&guid=ON&async=1&gtm=45be4a20v9103256652za200&gcd=13l3l3l3l1l1&dma=0&tag_exp=101671035~101747727&u_w=1280&u_h=1024&url=https%3A%2F%2Fpcapp.store%2F%3Fp%3Dlpd_installing_r2%26guid%3D71434D56-1548-ED3D-AEE6-C75AECD93BF0%26_fcid%3D1728048003008516%26_winver%3D19045%26version%3Dfa.1091x&hn=www.googleadservices.com&frm=0&tiba=APP%20STORE%3A%20Installing&npa=0&pscdl=noapi&auid=1413056622.1728050423&uaa=x86&uab=64&uafvl=Google%2520Chrome%3B117.0.5938.132%7CNot%253BA%253DBrand%3B8.0.0.0%7CChromium%3B117.0.5938.132&uamb=0&uam=&uap=Windows&uapv=10.0.0&uaw=0&fledge=1&data=event%3Dpage_view&rfmt=3&fmt=4 HTTP/1.1
                                                                                                                                                                                                                                                                                                                Host: googleads.g.doubleclick.net
                                                                                                                                                                                                                                                                                                                Connection: keep-alive
                                                                                                                                                                                                                                                                                                                sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"
                                                                                                                                                                                                                                                                                                                sec-ch-ua-mobile: ?0
                                                                                                                                                                                                                                                                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36
                                                                                                                                                                                                                                                                                                                sec-ch-ua-platform: "Windows"
                                                                                                                                                                                                                                                                                                                Accept: */*
                                                                                                                                                                                                                                                                                                                X-Client-Data: CKq1yQEIi7bJAQiktskBCKmdygEIoOHKAQiWocsBCJz+zAEIhaDNAQi5ys0BCIrTzQEY9snNARjrjaUX
                                                                                                                                                                                                                                                                                                                Sec-Fetch-Site: cross-site
                                                                                                                                                                                                                                                                                                                Sec-Fetch-Mode: no-cors
                                                                                                                                                                                                                                                                                                                Sec-Fetch-Dest: script
                                                                                                                                                                                                                                                                                                                Referer: https://pcapp.store/
                                                                                                                                                                                                                                                                                                                Accept-Encoding: gzip, deflate, br
                                                                                                                                                                                                                                                                                                                Accept-Language: en-US,en;q=0.9
                                                                                                                                                                                                                                                                                                                2024-10-04 14:00:25 UTC842INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                P3P: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
                                                                                                                                                                                                                                                                                                                Timing-Allow-Origin: *
                                                                                                                                                                                                                                                                                                                Cross-Origin-Resource-Policy: cross-origin
                                                                                                                                                                                                                                                                                                                Date: Fri, 04 Oct 2024 14:00:25 GMT
                                                                                                                                                                                                                                                                                                                Pragma: no-cache
                                                                                                                                                                                                                                                                                                                Expires: Fri, 01 Jan 1990 00:00:00 GMT
                                                                                                                                                                                                                                                                                                                Cache-Control: no-cache, must-revalidate
                                                                                                                                                                                                                                                                                                                Content-Type: text/javascript; charset=UTF-8
                                                                                                                                                                                                                                                                                                                X-Content-Type-Options: nosniff
                                                                                                                                                                                                                                                                                                                Content-Disposition: attachment; filename="f.txt"
                                                                                                                                                                                                                                                                                                                Server: cafe
                                                                                                                                                                                                                                                                                                                X-XSS-Protection: 0
                                                                                                                                                                                                                                                                                                                Set-Cookie: test_cookie=CheckForPermission; expires=Fri, 04-Oct-2024 14:15:25 GMT; path=/; domain=.doubleclick.net; Secure; SameSite=none
                                                                                                                                                                                                                                                                                                                Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                                                                                                                                                                                                                                                Accept-Ranges: none
                                                                                                                                                                                                                                                                                                                Vary: Accept-Encoding
                                                                                                                                                                                                                                                                                                                Connection: close
                                                                                                                                                                                                                                                                                                                Transfer-Encoding: chunked
                                                                                                                                                                                                                                                                                                                2024-10-04 14:00:25 UTC548INData Raw: 31 32 65 31 0d 0a 28 66 75 6e 63 74 69 6f 6e 28 29 7b 76 61 72 20 73 20 3d 20 7b 7d 3b 28 66 75 6e 63 74 69 6f 6e 28 29 7b 76 61 72 20 68 3d 74 79 70 65 6f 66 20 4f 62 6a 65 63 74 2e 64 65 66 69 6e 65 50 72 6f 70 65 72 74 69 65 73 3d 3d 22 66 75 6e 63 74 69 6f 6e 22 3f 4f 62 6a 65 63 74 2e 64 65 66 69 6e 65 50 72 6f 70 65 72 74 79 3a 66 75 6e 63 74 69 6f 6e 28 61 2c 62 2c 64 29 7b 69 66 28 61 3d 3d 41 72 72 61 79 2e 70 72 6f 74 6f 74 79 70 65 7c 7c 61 3d 3d 4f 62 6a 65 63 74 2e 70 72 6f 74 6f 74 79 70 65 29 72 65 74 75 72 6e 20 61 3b 61 5b 62 5d 3d 64 2e 76 61 6c 75 65 3b 72 65 74 75 72 6e 20 61 7d 3b 66 75 6e 63 74 69 6f 6e 20 6b 28 61 29 7b 61 3d 5b 22 6f 62 6a 65 63 74 22 3d 3d 74 79 70 65 6f 66 20 67 6c 6f 62 61 6c 54 68 69 73 26 26 67 6c 6f 62 61 6c
                                                                                                                                                                                                                                                                                                                Data Ascii: 12e1(function(){var s = {};(function(){var h=typeof Object.defineProperties=="function"?Object.defineProperty:function(a,b,d){if(a==Array.prototype||a==Object.prototype)return a;a[b]=d.value;return a};function k(a){a=["object"==typeof globalThis&&global
                                                                                                                                                                                                                                                                                                                2024-10-04 14:00:25 UTC1390INData Raw: 3b 66 75 6e 63 74 69 6f 6e 20 77 28 61 2c 62 2c 64 29 7b 69 66 28 21 64 7c 7c 61 21 3d 6e 75 6c 6c 29 7b 64 3d 76 5b 62 5d 3b 69 66 28 64 3d 3d 6e 75 6c 6c 29 72 65 74 75 72 6e 20 61 5b 62 5d 3b 64 3d 61 5b 64 5d 3b 72 65 74 75 72 6e 20 64 21 3d 3d 76 6f 69 64 20 30 3f 64 3a 61 5b 62 5d 7d 7d 20 66 75 6e 63 74 69 6f 6e 20 78 28 61 2c 62 2c 64 29 7b 69 66 28 62 29 61 3a 7b 76 61 72 20 63 3d 61 2e 73 70 6c 69 74 28 22 2e 22 29 3b 61 3d 63 2e 6c 65 6e 67 74 68 3d 3d 3d 31 3b 76 61 72 20 65 3d 63 5b 30 5d 2c 67 3b 21 61 26 26 65 20 69 6e 20 74 3f 67 3d 74 3a 67 3d 6d 3b 66 6f 72 28 65 3d 30 3b 65 3c 63 2e 6c 65 6e 67 74 68 2d 31 3b 65 2b 2b 29 7b 76 61 72 20 66 3d 63 5b 65 5d 3b 69 66 28 21 28 66 20 69 6e 20 67 29 29 62 72 65 61 6b 20 61 3b 67 3d 67 5b 66 5d
                                                                                                                                                                                                                                                                                                                Data Ascii: ;function w(a,b,d){if(!d||a!=null){d=v[b];if(d==null)return a[b];d=a[d];return d!==void 0?d:a[b]}} function x(a,b,d){if(b)a:{var c=a.split(".");a=c.length===1;var e=c[0],g;!a&&e in t?g=t:g=m;for(e=0;e<c.length-1;e++){var f=c[e];if(!(f in g))break a;g=g[f]
                                                                                                                                                                                                                                                                                                                2024-10-04 14:00:25 UTC1390INData Raw: 2e 62 72 61 6e 64 29 26 26 62 2e 69 6e 64 65 78 4f 66 28 61 29 21 3d 2d 31 7d 29 3a 21 31 3a 21 31 7d 66 75 6e 63 74 69 6f 6e 20 52 28 61 29 7b 76 61 72 20 62 3b 61 3a 7b 69 66 28 62 3d 7a 2e 6e 61 76 69 67 61 74 6f 72 29 69 66 28 62 3d 62 2e 75 73 65 72 41 67 65 6e 74 29 62 72 65 61 6b 20 61 3b 62 3d 22 22 7d 72 65 74 75 72 6e 20 62 2e 69 6e 64 65 78 4f 66 28 61 29 21 3d 2d 31 7d 3b 66 75 6e 63 74 69 6f 6e 20 54 28 29 7b 72 65 74 75 72 6e 20 47 3f 21 21 4f 26 26 4f 2e 62 72 61 6e 64 73 2e 6c 65 6e 67 74 68 3e 30 3a 21 31 7d 66 75 6e 63 74 69 6f 6e 20 55 28 29 7b 72 65 74 75 72 6e 20 54 28 29 3f 51 28 22 43 68 72 6f 6d 69 75 6d 22 29 3a 28 52 28 22 43 68 72 6f 6d 65 22 29 7c 7c 52 28 22 43 72 69 4f 53 22 29 29 26 26 21 28 54 28 29 3f 30 3a 52 28 22 45 64
                                                                                                                                                                                                                                                                                                                Data Ascii: .brand)&&b.indexOf(a)!=-1}):!1:!1}function R(a){var b;a:{if(b=z.navigator)if(b=b.userAgent)break a;b=""}return b.indexOf(a)!=-1};function T(){return G?!!O&&O.brands.length>0:!1}function U(){return T()?Q("Chromium"):(R("Chrome")||R("CriOS"))&&!(T()?0:R("Ed
                                                                                                                                                                                                                                                                                                                2024-10-04 14:00:25 UTC1390INData Raw: 66 65 74 63 68 28 71 2c 49 29 3b 53 26 26 53 2e 63 61 74 63 68 28 42 29 3b 76 61 72 20 4a 3d 21 30 3b 62 72 65 61 6b 20 61 7d 63 61 74 63 68 28 62 61 29 7b 7d 7d 69 66 28 6e 26 26 6e 2e 6e 6f 46 61 6c 6c 62 61 63 6b 29 4a 3d 21 31 3b 65 6c 73 65 7b 74 72 79 7b 76 61 72 20 63 61 3d 44 2e 73 65 6e 64 42 65 61 63 6f 6e 26 26 44 2e 73 65 6e 64 42 65 61 63 6f 6e 28 71 29 7d 63 61 74 63 68 28 62 61 29 7b 41 2e 54 41 47 47 49 4e 47 3d 41 2e 54 41 47 47 49 4e 47 7c 7c 5b 5d 2c 41 2e 54 41 47 47 49 4e 47 5b 31 35 5d 3d 21 30 7d 63 61 7c 7c 45 28 71 29 3b 4a 3d 21 30 7d 7d 4a 26 26 65 28 29 7d 7d 28 66 29 29 29 3b 72 2e 6f 6e 6c 6f 61 64 3d 65 3b 72 2e 73 72 63 3d 64 5b 66 2e 67 5d 7d 65 28 29 7d 76 61 72 20 58 3d 5b 22 73 73 5f 22 5d 2c 59 3d 73 7c 7c 7a 3b 58 5b
                                                                                                                                                                                                                                                                                                                Data Ascii: fetch(q,I);S&&S.catch(B);var J=!0;break a}catch(ba){}}if(n&&n.noFallback)J=!1;else{try{var ca=D.sendBeacon&&D.sendBeacon(q)}catch(ba){A.TAGGING=A.TAGGING||[],A.TAGGING[15]=!0}ca||E(q);J=!0}}J&&e()}}(f)));r.onload=e;r.src=d[f.g]}e()}var X=["ss_"],Y=s||z;X[
                                                                                                                                                                                                                                                                                                                2024-10-04 14:00:25 UTC123INData Raw: 33 64 31 5c 78 32 36 63 69 64 5c 78 33 64 43 41 51 53 47 77 44 70 61 58 6e 66 48 43 35 4d 49 70 49 6c 54 43 54 4c 49 66 41 78 72 4f 78 68 6e 63 46 78 4f 69 68 52 73 77 5c 78 32 36 72 61 6e 64 6f 6d 5c 78 33 64 31 35 37 31 38 36 34 33 36 37 5c 78 32 36 72 6d 74 5f 74 6c 64 5c 78 33 64 30 5c 78 32 36 69 70 72 5c 78 33 64 79 27 5d 2c 20 5b 5d 29 3b 7d 29 28 29 3b 0d 0a
                                                                                                                                                                                                                                                                                                                Data Ascii: 3d1\x26cid\x3dCAQSGwDpaXnfHC5MIpIlTCTLIfAxrOxhncFxOihRsw\x26random\x3d1571864367\x26rmt_tld\x3d0\x26ipr\x3dy'], []);})();
                                                                                                                                                                                                                                                                                                                2024-10-04 14:00:25 UTC5INData Raw: 30 0d 0a 0d 0a
                                                                                                                                                                                                                                                                                                                Data Ascii: 0


                                                                                                                                                                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                                27192.168.2.449763142.250.185.1424437872C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                2024-10-04 14:00:25 UTC980OUTPOST /ccm/form-data/858128210?gtm=45be4a20v9103256652za200&gcd=13l3l3l3l1l1&dma=0&tag_exp=101671035~101747727&npa=0&frm=0&pscdl=noapi&auid=1413056622.1728050423&uaa=x86&uab=64&uafvl=Google%2520Chrome%3B117.0.5938.132%7CNot%253BA%253DBrand%3B8.0.0.0%7CChromium%3B117.0.5938.132&uamb=0&uam=&uap=Windows&uapv=10.0.0&uaw=0&ec_mode=a&em=tv.1 HTTP/1.1
                                                                                                                                                                                                                                                                                                                Host: google.com
                                                                                                                                                                                                                                                                                                                Connection: keep-alive
                                                                                                                                                                                                                                                                                                                Content-Length: 0
                                                                                                                                                                                                                                                                                                                sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"
                                                                                                                                                                                                                                                                                                                sec-ch-ua-mobile: ?0
                                                                                                                                                                                                                                                                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36
                                                                                                                                                                                                                                                                                                                sec-ch-ua-platform: "Windows"
                                                                                                                                                                                                                                                                                                                Accept: */*
                                                                                                                                                                                                                                                                                                                Origin: https://pcapp.store
                                                                                                                                                                                                                                                                                                                X-Client-Data: CKq1yQEIi7bJAQiktskBCKmdygEIoOHKAQiWocsBCJz+zAEIhaDNAQi5ys0BCIrTzQEY9snNARjrjaUX
                                                                                                                                                                                                                                                                                                                Sec-Fetch-Site: cross-site
                                                                                                                                                                                                                                                                                                                Sec-Fetch-Mode: no-cors
                                                                                                                                                                                                                                                                                                                Sec-Fetch-Dest: empty
                                                                                                                                                                                                                                                                                                                Referer: https://pcapp.store/
                                                                                                                                                                                                                                                                                                                Accept-Encoding: gzip, deflate, br
                                                                                                                                                                                                                                                                                                                Accept-Language: en-US,en;q=0.9
                                                                                                                                                                                                                                                                                                                2024-10-04 14:00:25 UTC840INHTTP/1.1 204 No Content
                                                                                                                                                                                                                                                                                                                Access-Control-Allow-Origin: https://pcapp.store
                                                                                                                                                                                                                                                                                                                Date: Fri, 04 Oct 2024 14:00:25 GMT
                                                                                                                                                                                                                                                                                                                Pragma: no-cache
                                                                                                                                                                                                                                                                                                                Expires: Fri, 01 Jan 1990 00:00:00 GMT
                                                                                                                                                                                                                                                                                                                Cache-Control: no-cache, no-store, must-revalidate
                                                                                                                                                                                                                                                                                                                Access-Control-Allow-Credentials: true
                                                                                                                                                                                                                                                                                                                Content-Type: text/plain
                                                                                                                                                                                                                                                                                                                Cross-Origin-Resource-Policy: cross-origin
                                                                                                                                                                                                                                                                                                                Content-Security-Policy-Report-Only: script-src 'none'; form-action 'none'; frame-src 'none'; report-uri https://csp.withgoogle.com/csp/scaffolding/ascnsrsgac:57:0
                                                                                                                                                                                                                                                                                                                Cross-Origin-Opener-Policy-Report-Only: same-origin; report-to=coop_reporting
                                                                                                                                                                                                                                                                                                                Report-To: {"group":"coop_reporting","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/scaffolding/ascnsrsgac:57:0"}],}
                                                                                                                                                                                                                                                                                                                Server: Golfe2
                                                                                                                                                                                                                                                                                                                Content-Length: 0
                                                                                                                                                                                                                                                                                                                Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                                                                                                                                                                                                                                                Connection: close


                                                                                                                                                                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                                28192.168.2.449776142.250.181.2264437872C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                2024-10-04 14:00:26 UTC1365OUTGET /pagead/viewthroughconversion/858128210/?random=1728050424541&cv=11&fst=1728050424541&bg=ffffff&guid=ON&async=1&gtm=45be4a20v9103256652za200&gcd=13l3l3l3l1l1&dma=0&tag_exp=101671035~101747727&u_w=1280&u_h=1024&url=https%3A%2F%2Fpcapp.store%2F%3Fp%3Dlpd_installing_r2%26guid%3D71434D56-1548-ED3D-AEE6-C75AECD93BF0%26_fcid%3D1728048003008516%26_winver%3D19045%26version%3Dfa.1091x&label=kTaFCIuq0YYZENL-l5kD&hn=www.googleadservices.com&frm=0&tiba=APP%20STORE%3A%20Installing&value=1&currency_code=USD&npa=0&pscdl=noapi&auid=1413056622.1728050423&uaa=x86&uab=64&uafvl=Google%2520Chrome%3B117.0.5938.132%7CNot%253BA%253DBrand%3B8.0.0.0%7CChromium%3B117.0.5938.132&uamb=0&uam=&uap=Windows&uapv=10.0.0&uaw=0&fledge=1&data=event%3Dconversion&rfmt=3&fmt=4 HTTP/1.1
                                                                                                                                                                                                                                                                                                                Host: googleads.g.doubleclick.net
                                                                                                                                                                                                                                                                                                                Connection: keep-alive
                                                                                                                                                                                                                                                                                                                sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"
                                                                                                                                                                                                                                                                                                                sec-ch-ua-mobile: ?0
                                                                                                                                                                                                                                                                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36
                                                                                                                                                                                                                                                                                                                sec-ch-ua-platform: "Windows"
                                                                                                                                                                                                                                                                                                                Accept: */*
                                                                                                                                                                                                                                                                                                                X-Client-Data: CKq1yQEIi7bJAQiktskBCKmdygEIoOHKAQiWocsBCJz+zAEIhaDNAQi5ys0BCIrTzQEY9snNARjrjaUX
                                                                                                                                                                                                                                                                                                                Sec-Fetch-Site: cross-site
                                                                                                                                                                                                                                                                                                                Sec-Fetch-Mode: no-cors
                                                                                                                                                                                                                                                                                                                Sec-Fetch-Dest: script
                                                                                                                                                                                                                                                                                                                Referer: https://pcapp.store/
                                                                                                                                                                                                                                                                                                                Accept-Encoding: gzip, deflate, br
                                                                                                                                                                                                                                                                                                                Accept-Language: en-US,en;q=0.9
                                                                                                                                                                                                                                                                                                                2024-10-04 14:00:26 UTC842INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                P3P: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
                                                                                                                                                                                                                                                                                                                Timing-Allow-Origin: *
                                                                                                                                                                                                                                                                                                                Cross-Origin-Resource-Policy: cross-origin
                                                                                                                                                                                                                                                                                                                Date: Fri, 04 Oct 2024 14:00:26 GMT
                                                                                                                                                                                                                                                                                                                Pragma: no-cache
                                                                                                                                                                                                                                                                                                                Expires: Fri, 01 Jan 1990 00:00:00 GMT
                                                                                                                                                                                                                                                                                                                Cache-Control: no-cache, must-revalidate
                                                                                                                                                                                                                                                                                                                Content-Type: text/javascript; charset=UTF-8
                                                                                                                                                                                                                                                                                                                X-Content-Type-Options: nosniff
                                                                                                                                                                                                                                                                                                                Content-Disposition: attachment; filename="f.txt"
                                                                                                                                                                                                                                                                                                                Server: cafe
                                                                                                                                                                                                                                                                                                                X-XSS-Protection: 0
                                                                                                                                                                                                                                                                                                                Set-Cookie: test_cookie=CheckForPermission; expires=Fri, 04-Oct-2024 14:15:26 GMT; path=/; domain=.doubleclick.net; Secure; SameSite=none
                                                                                                                                                                                                                                                                                                                Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                                                                                                                                                                                                                                                Accept-Ranges: none
                                                                                                                                                                                                                                                                                                                Vary: Accept-Encoding
                                                                                                                                                                                                                                                                                                                Connection: close
                                                                                                                                                                                                                                                                                                                Transfer-Encoding: chunked
                                                                                                                                                                                                                                                                                                                2024-10-04 14:00:26 UTC548INData Raw: 31 33 34 34 0d 0a 28 66 75 6e 63 74 69 6f 6e 28 29 7b 76 61 72 20 73 20 3d 20 7b 7d 3b 28 66 75 6e 63 74 69 6f 6e 28 29 7b 76 61 72 20 68 3d 74 79 70 65 6f 66 20 4f 62 6a 65 63 74 2e 64 65 66 69 6e 65 50 72 6f 70 65 72 74 69 65 73 3d 3d 22 66 75 6e 63 74 69 6f 6e 22 3f 4f 62 6a 65 63 74 2e 64 65 66 69 6e 65 50 72 6f 70 65 72 74 79 3a 66 75 6e 63 74 69 6f 6e 28 61 2c 62 2c 64 29 7b 69 66 28 61 3d 3d 41 72 72 61 79 2e 70 72 6f 74 6f 74 79 70 65 7c 7c 61 3d 3d 4f 62 6a 65 63 74 2e 70 72 6f 74 6f 74 79 70 65 29 72 65 74 75 72 6e 20 61 3b 61 5b 62 5d 3d 64 2e 76 61 6c 75 65 3b 72 65 74 75 72 6e 20 61 7d 3b 66 75 6e 63 74 69 6f 6e 20 6b 28 61 29 7b 61 3d 5b 22 6f 62 6a 65 63 74 22 3d 3d 74 79 70 65 6f 66 20 67 6c 6f 62 61 6c 54 68 69 73 26 26 67 6c 6f 62 61 6c
                                                                                                                                                                                                                                                                                                                Data Ascii: 1344(function(){var s = {};(function(){var h=typeof Object.defineProperties=="function"?Object.defineProperty:function(a,b,d){if(a==Array.prototype||a==Object.prototype)return a;a[b]=d.value;return a};function k(a){a=["object"==typeof globalThis&&global
                                                                                                                                                                                                                                                                                                                2024-10-04 14:00:26 UTC1390INData Raw: 3b 66 75 6e 63 74 69 6f 6e 20 77 28 61 2c 62 2c 64 29 7b 69 66 28 21 64 7c 7c 61 21 3d 6e 75 6c 6c 29 7b 64 3d 76 5b 62 5d 3b 69 66 28 64 3d 3d 6e 75 6c 6c 29 72 65 74 75 72 6e 20 61 5b 62 5d 3b 64 3d 61 5b 64 5d 3b 72 65 74 75 72 6e 20 64 21 3d 3d 76 6f 69 64 20 30 3f 64 3a 61 5b 62 5d 7d 7d 20 66 75 6e 63 74 69 6f 6e 20 78 28 61 2c 62 2c 64 29 7b 69 66 28 62 29 61 3a 7b 76 61 72 20 63 3d 61 2e 73 70 6c 69 74 28 22 2e 22 29 3b 61 3d 63 2e 6c 65 6e 67 74 68 3d 3d 3d 31 3b 76 61 72 20 65 3d 63 5b 30 5d 2c 67 3b 21 61 26 26 65 20 69 6e 20 74 3f 67 3d 74 3a 67 3d 6d 3b 66 6f 72 28 65 3d 30 3b 65 3c 63 2e 6c 65 6e 67 74 68 2d 31 3b 65 2b 2b 29 7b 76 61 72 20 66 3d 63 5b 65 5d 3b 69 66 28 21 28 66 20 69 6e 20 67 29 29 62 72 65 61 6b 20 61 3b 67 3d 67 5b 66 5d
                                                                                                                                                                                                                                                                                                                Data Ascii: ;function w(a,b,d){if(!d||a!=null){d=v[b];if(d==null)return a[b];d=a[d];return d!==void 0?d:a[b]}} function x(a,b,d){if(b)a:{var c=a.split(".");a=c.length===1;var e=c[0],g;!a&&e in t?g=t:g=m;for(e=0;e<c.length-1;e++){var f=c[e];if(!(f in g))break a;g=g[f]
                                                                                                                                                                                                                                                                                                                2024-10-04 14:00:26 UTC1390INData Raw: 2e 62 72 61 6e 64 29 26 26 62 2e 69 6e 64 65 78 4f 66 28 61 29 21 3d 2d 31 7d 29 3a 21 31 3a 21 31 7d 66 75 6e 63 74 69 6f 6e 20 52 28 61 29 7b 76 61 72 20 62 3b 61 3a 7b 69 66 28 62 3d 7a 2e 6e 61 76 69 67 61 74 6f 72 29 69 66 28 62 3d 62 2e 75 73 65 72 41 67 65 6e 74 29 62 72 65 61 6b 20 61 3b 62 3d 22 22 7d 72 65 74 75 72 6e 20 62 2e 69 6e 64 65 78 4f 66 28 61 29 21 3d 2d 31 7d 3b 66 75 6e 63 74 69 6f 6e 20 54 28 29 7b 72 65 74 75 72 6e 20 47 3f 21 21 4f 26 26 4f 2e 62 72 61 6e 64 73 2e 6c 65 6e 67 74 68 3e 30 3a 21 31 7d 66 75 6e 63 74 69 6f 6e 20 55 28 29 7b 72 65 74 75 72 6e 20 54 28 29 3f 51 28 22 43 68 72 6f 6d 69 75 6d 22 29 3a 28 52 28 22 43 68 72 6f 6d 65 22 29 7c 7c 52 28 22 43 72 69 4f 53 22 29 29 26 26 21 28 54 28 29 3f 30 3a 52 28 22 45 64
                                                                                                                                                                                                                                                                                                                Data Ascii: .brand)&&b.indexOf(a)!=-1}):!1:!1}function R(a){var b;a:{if(b=z.navigator)if(b=b.userAgent)break a;b=""}return b.indexOf(a)!=-1};function T(){return G?!!O&&O.brands.length>0:!1}function U(){return T()?Q("Chromium"):(R("Chrome")||R("CriOS"))&&!(T()?0:R("Ed
                                                                                                                                                                                                                                                                                                                2024-10-04 14:00:26 UTC1390INData Raw: 66 65 74 63 68 28 71 2c 49 29 3b 53 26 26 53 2e 63 61 74 63 68 28 42 29 3b 76 61 72 20 4a 3d 21 30 3b 62 72 65 61 6b 20 61 7d 63 61 74 63 68 28 62 61 29 7b 7d 7d 69 66 28 6e 26 26 6e 2e 6e 6f 46 61 6c 6c 62 61 63 6b 29 4a 3d 21 31 3b 65 6c 73 65 7b 74 72 79 7b 76 61 72 20 63 61 3d 44 2e 73 65 6e 64 42 65 61 63 6f 6e 26 26 44 2e 73 65 6e 64 42 65 61 63 6f 6e 28 71 29 7d 63 61 74 63 68 28 62 61 29 7b 41 2e 54 41 47 47 49 4e 47 3d 41 2e 54 41 47 47 49 4e 47 7c 7c 5b 5d 2c 41 2e 54 41 47 47 49 4e 47 5b 31 35 5d 3d 21 30 7d 63 61 7c 7c 45 28 71 29 3b 4a 3d 21 30 7d 7d 4a 26 26 65 28 29 7d 7d 28 66 29 29 29 3b 72 2e 6f 6e 6c 6f 61 64 3d 65 3b 72 2e 73 72 63 3d 64 5b 66 2e 67 5d 7d 65 28 29 7d 76 61 72 20 58 3d 5b 22 73 73 5f 22 5d 2c 59 3d 73 7c 7c 7a 3b 58 5b
                                                                                                                                                                                                                                                                                                                Data Ascii: fetch(q,I);S&&S.catch(B);var J=!0;break a}catch(ba){}}if(n&&n.noFallback)J=!1;else{try{var ca=D.sendBeacon&&D.sendBeacon(q)}catch(ba){A.TAGGING=A.TAGGING||[],A.TAGGING[15]=!0}ca||E(q);J=!0}}J&&e()}}(f)));r.onload=e;r.src=d[f.g]}e()}var X=["ss_"],Y=s||z;X[
                                                                                                                                                                                                                                                                                                                2024-10-04 14:00:26 UTC222INData Raw: 30 2e 30 2e 30 5c 78 32 36 75 61 77 5c 78 33 64 30 5c 78 32 36 66 6c 65 64 67 65 5c 78 33 64 31 5c 78 32 36 64 61 74 61 5c 78 33 64 65 76 65 6e 74 25 33 44 63 6f 6e 76 65 72 73 69 6f 6e 5c 78 32 36 72 66 6d 74 5c 78 33 64 33 5c 78 32 36 66 6d 74 5c 78 33 64 33 5c 78 32 36 69 73 5f 76 74 63 5c 78 33 64 31 5c 78 32 36 63 69 64 5c 78 33 64 43 41 51 53 47 77 44 70 61 58 6e 66 72 51 4b 4a 5a 71 68 62 77 43 5a 4c 2d 4a 6c 4d 44 61 6a 73 46 6b 74 45 61 75 4d 45 76 77 5c 78 32 36 72 61 6e 64 6f 6d 5c 78 33 64 31 32 38 38 38 34 33 33 38 33 5c 78 32 36 72 6d 74 5f 74 6c 64 5c 78 33 64 30 5c 78 32 36 69 70 72 5c 78 33 64 79 27 5d 2c 20 5b 5d 29 3b 7d 29 28 29 3b 0d 0a
                                                                                                                                                                                                                                                                                                                Data Ascii: 0.0.0\x26uaw\x3d0\x26fledge\x3d1\x26data\x3devent%3Dconversion\x26rfmt\x3d3\x26fmt\x3d3\x26is_vtc\x3d1\x26cid\x3dCAQSGwDpaXnfrQKJZqhbwCZL-JlMDajsFktEauMEvw\x26random\x3d1288843383\x26rmt_tld\x3d0\x26ipr\x3dy'], []);})();
                                                                                                                                                                                                                                                                                                                2024-10-04 14:00:26 UTC5INData Raw: 30 0d 0a 0d 0a
                                                                                                                                                                                                                                                                                                                Data Ascii: 0


                                                                                                                                                                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                                29192.168.2.449777142.250.185.984437872C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                2024-10-04 14:00:26 UTC1489OUTGET /td/rul/858128210?random=1728050424541&cv=11&fst=1728050424541&fmt=3&bg=ffffff&guid=ON&async=1&gtm=45be4a20v9103256652za200&gcd=13l3l3l3l1l1&dma=0&tag_exp=101671035~101747727&u_w=1280&u_h=1024&url=https%3A%2F%2Fpcapp.store%2F%3Fp%3Dlpd_installing_r2%26guid%3D71434D56-1548-ED3D-AEE6-C75AECD93BF0%26_fcid%3D1728048003008516%26_winver%3D19045%26version%3Dfa.1091x&label=kTaFCIuq0YYZENL-l5kD&hn=www.googleadservices.com&frm=0&tiba=APP%20STORE%3A%20Installing&value=1&currency_code=USD&npa=0&pscdl=noapi&auid=1413056622.1728050423&uaa=x86&uab=64&uafvl=Google%2520Chrome%3B117.0.5938.132%7CNot%253BA%253DBrand%3B8.0.0.0%7CChromium%3B117.0.5938.132&uamb=0&uam=&uap=Windows&uapv=10.0.0&uaw=0&fledge=1&data=event%3Dconversion HTTP/1.1
                                                                                                                                                                                                                                                                                                                Host: td.doubleclick.net
                                                                                                                                                                                                                                                                                                                Connection: keep-alive
                                                                                                                                                                                                                                                                                                                sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"
                                                                                                                                                                                                                                                                                                                sec-ch-ua-mobile: ?0
                                                                                                                                                                                                                                                                                                                sec-ch-ua-platform: "Windows"
                                                                                                                                                                                                                                                                                                                Upgrade-Insecure-Requests: 1
                                                                                                                                                                                                                                                                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36
                                                                                                                                                                                                                                                                                                                Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                                                                                                                                                                                                                                                                                                X-Client-Data: CKq1yQEIi7bJAQiktskBCKmdygEIoOHKAQiWocsBCJz+zAEIhaDNAQi5ys0BCIrTzQEY9snNARjrjaUX
                                                                                                                                                                                                                                                                                                                Sec-Fetch-Site: cross-site
                                                                                                                                                                                                                                                                                                                Sec-Fetch-Mode: navigate
                                                                                                                                                                                                                                                                                                                Sec-Fetch-Dest: iframe
                                                                                                                                                                                                                                                                                                                Referer: https://pcapp.store/
                                                                                                                                                                                                                                                                                                                Accept-Encoding: gzip, deflate, br
                                                                                                                                                                                                                                                                                                                Accept-Language: en-US,en;q=0.9
                                                                                                                                                                                                                                                                                                                2024-10-04 14:00:26 UTC785INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                P3P: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
                                                                                                                                                                                                                                                                                                                Timing-Allow-Origin: *
                                                                                                                                                                                                                                                                                                                Cross-Origin-Resource-Policy: cross-origin
                                                                                                                                                                                                                                                                                                                Date: Fri, 04 Oct 2024 14:00:26 GMT
                                                                                                                                                                                                                                                                                                                Pragma: no-cache
                                                                                                                                                                                                                                                                                                                Expires: Fri, 01 Jan 1990 00:00:00 GMT
                                                                                                                                                                                                                                                                                                                Cache-Control: no-cache, must-revalidate
                                                                                                                                                                                                                                                                                                                Content-Type: text/html; charset=UTF-8
                                                                                                                                                                                                                                                                                                                X-Content-Type-Options: nosniff
                                                                                                                                                                                                                                                                                                                Server: cafe
                                                                                                                                                                                                                                                                                                                X-XSS-Protection: 0
                                                                                                                                                                                                                                                                                                                Set-Cookie: test_cookie=CheckForPermission; expires=Fri, 04-Oct-2024 14:15:26 GMT; path=/; domain=.doubleclick.net; Secure; SameSite=none
                                                                                                                                                                                                                                                                                                                Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                                                                                                                                                                                                                                                Accept-Ranges: none
                                                                                                                                                                                                                                                                                                                Vary: Accept-Encoding
                                                                                                                                                                                                                                                                                                                Connection: close
                                                                                                                                                                                                                                                                                                                Transfer-Encoding: chunked
                                                                                                                                                                                                                                                                                                                2024-10-04 14:00:26 UTC605INData Raw: 38 30 30 30 0d 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 6f 72 69 67 69 6e 2d 74 72 69 61 6c 22 20 63 6f 6e 74 65 6e 74 3d 22 41 76 68 35 4e 79 30 58 45 46 43 79 51 37 2b 6f 4e 69 65 58 73 6b 55 72 71 59 38 65 64 55 7a 4c 35 2f 58 72 77 4b 6c 47 6a 41 52 51 48 57 34 54 46 52 4b 2b 6a 56 64 35 48 6e 44 49 70 59 32 30 6e 35 4f 4c 48 66 67 55 34 6b 75 37 78 34 38 4e 33 75 68 47 2f 41 30 41 41 41 42 78 65 79 4a 76 63 6d 6c 6e 61 57 34 69 4f 69 4a 6f 64 48 52 77 63 7a 6f 76 4c 32 52 76 64 57 4a 73 5a 57 4e 73 61 57 4e 72 4c 6d 35 6c 64 44 6f 30 4e 44 4d 69 4c 43 4a 6d 5a 57 46 30 64 58 4a 6c 49 6a 6f 69 55 48 4a 70 64 6d 46 6a 65 56 4e 68 62 6d 52 69 62 33 68 42 5a 48 4e 42 55 45 6c 7a 49 69 77 69 5a 58 68 77
                                                                                                                                                                                                                                                                                                                Data Ascii: 8000<html><head><meta http-equiv="origin-trial" content="Avh5Ny0XEFCyQ7+oNieXskUrqY8edUzL5/XrwKlGjARQHW4TFRK+jVd5HnDIpY20n5OLHfgU4ku7x48N3uhG/A0AAABxeyJvcmlnaW4iOiJodHRwczovL2RvdWJsZWNsaWNrLm5ldDo0NDMiLCJmZWF0dXJlIjoiUHJpdmFjeVNhbmRib3hBZHNBUElzIiwiZXhw
                                                                                                                                                                                                                                                                                                                2024-10-04 14:00:26 UTC1390INData Raw: 64 61 74 65 3f 69 67 5f 6e 61 6d 65 3d 34 73 31 34 31 33 30 35 36 36 32 32 2e 31 37 32 38 30 35 30 34 32 33 5c 75 30 30 32 36 69 67 5f 6b 65 79 3d 31 73 4e 48 4d 78 4e 44 45 7a 4d 44 55 32 4e 6a 49 79 4c 6a 45 33 4d 6a 67 77 4e 54 41 30 4d 6a 4d 21 32 73 61 4e 71 51 2d 67 21 33 73 41 41 70 74 44 56 37 39 71 76 47 4b 22 2c 22 74 72 75 73 74 65 64 42 69 64 64 69 6e 67 53 69 67 6e 61 6c 73 55 72 6c 22 3a 22 68 74 74 70 73 3a 2f 2f 74 64 2e 64 6f 75 62 6c 65 63 6c 69 63 6b 2e 6e 65 74 2f 74 64 2f 62 74 73 22 2c 22 74 72 75 73 74 65 64 42 69 64 64 69 6e 67 53 69 67 6e 61 6c 73 4b 65 79 73 22 3a 5b 22 31 73 4f 78 77 4c 4a 67 21 32 73 61 4e 71 51 2d 67 21 33 73 41 41 70 74 44 56 37 39 71 76 47 4b 22 5d 2c 22 75 73 65 72 42 69 64 64 69 6e 67 53 69 67 6e 61 6c 73
                                                                                                                                                                                                                                                                                                                Data Ascii: date?ig_name=4s1413056622.1728050423\u0026ig_key=1sNHMxNDEzMDU2NjIyLjE3MjgwNTA0MjM!2saNqQ-g!3sAAptDV79qvGK","trustedBiddingSignalsUrl":"https://td.doubleclick.net/td/bts","trustedBiddingSignalsKeys":["1sOxwLJg!2saNqQ-g!3sAAptDV79qvGK"],"userBiddingSignals
                                                                                                                                                                                                                                                                                                                2024-10-04 14:00:26 UTC1390INData Raw: 35 36 22 2c 6e 75 6c 6c 2c 22 32 30 37 38 38 30 37 39 38 38 37 22 2c 6e 75 6c 6c 2c 6e 75 6c 6c 2c 6e 75 6c 6c 2c 6e 75 6c 6c 2c 6e 75 6c 6c 2c 6e 75 6c 6c 2c 22 35 39 36 30 39 33 32 38 38 22 5d 2c 22 61 64 52 65 6e 64 65 72 49 64 22 3a 22 74 6c 6e 6a 42 73 54 57 52 49 41 22 2c 22 62 75 79 65 72 52 65 70 6f 72 74 69 6e 67 49 64 22 3a 22 31 6a 35 39 36 30 39 33 32 38 38 21 34 73 2a 32 41 22 7d 2c 7b 22 72 65 6e 64 65 72 55 72 6c 22 3a 22 68 74 74 70 73 3a 2f 2f 74 64 73 66 2e 64 6f 75 62 6c 65 63 6c 69 63 6b 2e 6e 65 74 2f 74 64 2f 61 64 66 65 74 63 68 2f 67 64 61 3f 61 64 67 5f 69 64 3d 31 36 33 37 36 36 35 39 37 39 32 38 5c 75 30 30 32 36 63 72 5f 69 64 3d 36 38 38 37 36 36 38 32 30 34 35 33 5c 75 30 30 32 36 63 76 5f 69 64 3d 30 5c 75 30 30 32 36 66 6f
                                                                                                                                                                                                                                                                                                                Data Ascii: 56",null,"20788079887",null,null,null,null,null,null,"596093288"],"adRenderId":"tlnjBsTWRIA","buyerReportingId":"1j596093288!4s*2A"},{"renderUrl":"https://tdsf.doubleclick.net/td/adfetch/gda?adg_id=163766597928\u0026cr_id=688766820453\u0026cv_id=0\u0026fo
                                                                                                                                                                                                                                                                                                                2024-10-04 14:00:26 UTC1390INData Raw: 64 3d 36 38 38 37 36 36 38 32 30 34 33 32 5c 75 30 30 32 36 63 76 5f 69 64 3d 30 5c 75 30 30 32 36 66 6f 72 6d 61 74 3d 24 7b 41 44 5f 57 49 44 54 48 7d 78 24 7b 41 44 5f 48 45 49 47 48 54 7d 5c 75 30 30 32 36 72 64 73 3d 24 7b 52 45 4e 44 45 52 5f 44 41 54 41 7d 5c 75 30 30 32 36 73 65 61 74 3d 32 5c 75 30 30 32 36 72 70 5f 69 64 3d 72 31 6a 35 39 36 30 39 33 32 38 38 21 34 73 2a 32 41 22 2c 22 6d 65 74 61 64 61 74 61 22 3a 5b 22 31 36 33 37 36 36 35 39 37 39 32 38 22 2c 22 36 38 38 37 36 36 38 32 30 34 33 32 22 2c 6e 75 6c 6c 2c 22 32 30 37 38 38 30 37 39 38 38 37 22 2c 6e 75 6c 6c 2c 6e 75 6c 6c 2c 6e 75 6c 6c 2c 6e 75 6c 6c 2c 6e 75 6c 6c 2c 6e 75 6c 6c 2c 22 35 39 36 30 39 33 32 38 38 22 5d 2c 22 61 64 52 65 6e 64 65 72 49 64 22 3a 22 66 69 31 6e 49
                                                                                                                                                                                                                                                                                                                Data Ascii: d=688766820432\u0026cv_id=0\u0026format=${AD_WIDTH}x${AD_HEIGHT}\u0026rds=${RENDER_DATA}\u0026seat=2\u0026rp_id=r1j596093288!4s*2A","metadata":["163766597928","688766820432",null,"20788079887",null,null,null,null,null,null,"596093288"],"adRenderId":"fi1nI
                                                                                                                                                                                                                                                                                                                2024-10-04 14:00:26 UTC1390INData Raw: 6c 6c 2c 22 35 39 36 30 39 33 32 38 38 22 5d 2c 22 61 64 52 65 6e 64 65 72 49 64 22 3a 22 4f 44 4d 69 75 35 66 71 48 39 59 22 2c 22 62 75 79 65 72 52 65 70 6f 72 74 69 6e 67 49 64 22 3a 22 31 6a 35 39 36 30 39 33 32 38 38 21 34 73 2a 32 41 22 7d 2c 7b 22 72 65 6e 64 65 72 55 72 6c 22 3a 22 68 74 74 70 73 3a 2f 2f 74 64 73 66 2e 64 6f 75 62 6c 65 63 6c 69 63 6b 2e 6e 65 74 2f 74 64 2f 61 64 66 65 74 63 68 2f 67 64 61 3f 61 64 67 5f 69 64 3d 31 35 36 37 38 36 34 31 31 32 35 38 5c 75 30 30 32 36 63 72 5f 69 64 3d 36 38 32 32 33 39 32 33 34 32 31 32 5c 75 30 30 32 36 63 76 5f 69 64 3d 30 5c 75 30 30 32 36 66 6f 72 6d 61 74 3d 24 7b 41 44 5f 57 49 44 54 48 7d 78 24 7b 41 44 5f 48 45 49 47 48 54 7d 5c 75 30 30 32 36 72 64 73 3d 24 7b 52 45 4e 44 45 52 5f 44 41
                                                                                                                                                                                                                                                                                                                Data Ascii: ll,"596093288"],"adRenderId":"ODMiu5fqH9Y","buyerReportingId":"1j596093288!4s*2A"},{"renderUrl":"https://tdsf.doubleclick.net/td/adfetch/gda?adg_id=156786411258\u0026cr_id=682239234212\u0026cv_id=0\u0026format=${AD_WIDTH}x${AD_HEIGHT}\u0026rds=${RENDER_DA
                                                                                                                                                                                                                                                                                                                2024-10-04 14:00:26 UTC1390INData Raw: 24 7b 41 44 5f 48 45 49 47 48 54 7d 5c 75 30 30 32 36 72 64 73 3d 24 7b 52 45 4e 44 45 52 5f 44 41 54 41 7d 5c 75 30 30 32 36 73 65 61 74 3d 32 5c 75 30 30 32 36 72 70 5f 69 64 3d 72 31 6a 38 35 35 32 33 33 33 34 38 31 21 34 73 2a 32 41 22 2c 22 6d 65 74 61 64 61 74 61 22 3a 5b 22 31 35 36 37 38 36 34 31 31 32 35 38 22 2c 22 36 38 31 31 36 34 33 32 36 30 36 30 22 2c 22 31 22 2c 22 32 30 37 38 38 30 37 39 38 38 37 22 2c 6e 75 6c 6c 2c 6e 75 6c 6c 2c 6e 75 6c 6c 2c 6e 75 6c 6c 2c 6e 75 6c 6c 2c 6e 75 6c 6c 2c 22 38 35 35 32 33 33 33 34 38 31 22 5d 2c 22 61 64 52 65 6e 64 65 72 49 64 22 3a 22 47 7a 7a 4d 65 50 6c 68 45 32 38 22 2c 22 62 75 79 65 72 52 65 70 6f 72 74 69 6e 67 49 64 22 3a 22 31 6a 38 35 35 32 33 33 33 34 38 31 21 34 73 2a 32 41 22 7d 2c 7b 22
                                                                                                                                                                                                                                                                                                                Data Ascii: ${AD_HEIGHT}\u0026rds=${RENDER_DATA}\u0026seat=2\u0026rp_id=r1j8552333481!4s*2A","metadata":["156786411258","681164326060","1","20788079887",null,null,null,null,null,null,"8552333481"],"adRenderId":"GzzMePlhE28","buyerReportingId":"1j8552333481!4s*2A"},{"
                                                                                                                                                                                                                                                                                                                2024-10-04 14:00:26 UTC1390INData Raw: 22 62 75 79 65 72 52 65 70 6f 72 74 69 6e 67 49 64 22 3a 22 31 6a 38 35 35 32 33 33 33 34 38 31 21 34 73 2a 32 41 22 7d 2c 7b 22 72 65 6e 64 65 72 55 72 6c 22 3a 22 68 74 74 70 73 3a 2f 2f 74 64 73 66 2e 64 6f 75 62 6c 65 63 6c 69 63 6b 2e 6e 65 74 2f 74 64 2f 61 64 66 65 74 63 68 2f 67 64 61 3f 61 64 67 5f 69 64 3d 31 35 38 39 34 32 38 36 30 30 37 38 5c 75 30 30 32 36 63 72 5f 69 64 3d 36 38 38 38 35 37 31 31 37 35 36 33 5c 75 30 30 32 36 63 76 5f 69 64 3d 30 5c 75 30 30 32 36 66 6f 72 6d 61 74 3d 24 7b 41 44 5f 57 49 44 54 48 7d 78 24 7b 41 44 5f 48 45 49 47 48 54 7d 5c 75 30 30 32 36 72 64 73 3d 24 7b 52 45 4e 44 45 52 5f 44 41 54 41 7d 5c 75 30 30 32 36 73 65 61 74 3d 32 5c 75 30 30 32 36 72 70 5f 69 64 3d 72 31 6a 38 35 35 32 33 33 33 34 38 31 21 34
                                                                                                                                                                                                                                                                                                                Data Ascii: "buyerReportingId":"1j8552333481!4s*2A"},{"renderUrl":"https://tdsf.doubleclick.net/td/adfetch/gda?adg_id=158942860078\u0026cr_id=688857117563\u0026cv_id=0\u0026format=${AD_WIDTH}x${AD_HEIGHT}\u0026rds=${RENDER_DATA}\u0026seat=2\u0026rp_id=r1j8552333481!4
                                                                                                                                                                                                                                                                                                                2024-10-04 14:00:26 UTC1390INData Raw: 44 41 54 41 7d 5c 75 30 30 32 36 73 65 61 74 3d 32 5c 75 30 30 32 36 72 70 5f 69 64 3d 72 31 6a 38 35 35 32 33 33 33 34 38 31 21 34 73 2a 32 41 22 2c 22 6d 65 74 61 64 61 74 61 22 3a 5b 22 31 35 38 39 34 32 38 36 30 30 37 38 22 2c 22 36 38 38 38 35 37 31 31 37 35 39 33 22 2c 6e 75 6c 6c 2c 22 32 30 38 31 31 33 38 30 33 30 31 22 2c 6e 75 6c 6c 2c 6e 75 6c 6c 2c 6e 75 6c 6c 2c 6e 75 6c 6c 2c 6e 75 6c 6c 2c 6e 75 6c 6c 2c 22 38 35 35 32 33 33 33 34 38 31 22 5d 2c 22 61 64 52 65 6e 64 65 72 49 64 22 3a 22 55 50 33 44 5a 50 39 57 70 30 63 22 2c 22 62 75 79 65 72 52 65 70 6f 72 74 69 6e 67 49 64 22 3a 22 31 6a 38 35 35 32 33 33 33 34 38 31 21 34 73 2a 32 41 22 7d 2c 7b 22 72 65 6e 64 65 72 55 72 6c 22 3a 22 68 74 74 70 73 3a 2f 2f 74 64 73 66 2e 64 6f 75 62 6c
                                                                                                                                                                                                                                                                                                                Data Ascii: DATA}\u0026seat=2\u0026rp_id=r1j8552333481!4s*2A","metadata":["158942860078","688857117593",null,"20811380301",null,null,null,null,null,null,"8552333481"],"adRenderId":"UP3DZP9Wp0c","buyerReportingId":"1j8552333481!4s*2A"},{"renderUrl":"https://tdsf.doubl
                                                                                                                                                                                                                                                                                                                2024-10-04 14:00:26 UTC1390INData Raw: 34 38 31 21 34 73 2a 32 41 22 7d 2c 7b 22 72 65 6e 64 65 72 55 72 6c 22 3a 22 68 74 74 70 73 3a 2f 2f 74 64 73 66 2e 64 6f 75 62 6c 65 63 6c 69 63 6b 2e 6e 65 74 2f 74 64 2f 61 64 66 65 74 63 68 2f 67 64 61 3f 61 64 67 5f 69 64 3d 31 35 38 39 34 32 38 36 30 30 37 38 5c 75 30 30 32 36 63 72 5f 69 64 3d 36 38 38 38 35 37 31 31 37 37 32 35 5c 75 30 30 32 36 63 76 5f 69 64 3d 30 5c 75 30 30 32 36 66 6f 72 6d 61 74 3d 24 7b 41 44 5f 57 49 44 54 48 7d 78 24 7b 41 44 5f 48 45 49 47 48 54 7d 5c 75 30 30 32 36 72 64 73 3d 24 7b 52 45 4e 44 45 52 5f 44 41 54 41 7d 5c 75 30 30 32 36 73 65 61 74 3d 32 5c 75 30 30 32 36 72 70 5f 69 64 3d 72 31 6a 38 35 35 32 33 33 33 34 38 31 21 34 73 2a 32 41 22 2c 22 6d 65 74 61 64 61 74 61 22 3a 5b 22 31 35 38 39 34 32 38 36 30 30
                                                                                                                                                                                                                                                                                                                Data Ascii: 481!4s*2A"},{"renderUrl":"https://tdsf.doubleclick.net/td/adfetch/gda?adg_id=158942860078\u0026cr_id=688857117725\u0026cv_id=0\u0026format=${AD_WIDTH}x${AD_HEIGHT}\u0026rds=${RENDER_DATA}\u0026seat=2\u0026rp_id=r1j8552333481!4s*2A","metadata":["1589428600
                                                                                                                                                                                                                                                                                                                2024-10-04 14:00:26 UTC1390INData Raw: 72 31 6a 38 35 35 32 33 33 33 34 38 31 21 34 73 2a 32 41 22 2c 22 6d 65 74 61 64 61 74 61 22 3a 5b 22 31 36 33 37 36 36 35 39 37 39 32 38 22 2c 22 36 38 38 37 36 36 38 32 30 34 31 31 22 2c 6e 75 6c 6c 2c 22 32 30 37 38 38 30 37 39 38 38 37 22 2c 6e 75 6c 6c 2c 6e 75 6c 6c 2c 6e 75 6c 6c 2c 6e 75 6c 6c 2c 6e 75 6c 6c 2c 6e 75 6c 6c 2c 22 38 35 35 32 33 33 33 34 38 31 22 5d 2c 22 61 64 52 65 6e 64 65 72 49 64 22 3a 22 36 4a 2d 44 71 51 53 5a 55 6d 45 22 2c 22 62 75 79 65 72 52 65 70 6f 72 74 69 6e 67 49 64 22 3a 22 31 6a 38 35 35 32 33 33 33 34 38 31 21 34 73 2a 32 41 22 7d 2c 7b 22 72 65 6e 64 65 72 55 72 6c 22 3a 22 68 74 74 70 73 3a 2f 2f 74 64 73 66 2e 64 6f 75 62 6c 65 63 6c 69 63 6b 2e 6e 65 74 2f 74 64 2f 61 64 66 65 74 63 68 2f 67 64 61 3f 61 64 67
                                                                                                                                                                                                                                                                                                                Data Ascii: r1j8552333481!4s*2A","metadata":["163766597928","688766820411",null,"20788079887",null,null,null,null,null,null,"8552333481"],"adRenderId":"6J-DqQSZUmE","buyerReportingId":"1j8552333481!4s*2A"},{"renderUrl":"https://tdsf.doubleclick.net/td/adfetch/gda?adg


                                                                                                                                                                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                                30192.168.2.449775142.250.185.1424437872C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                2024-10-04 14:00:26 UTC1007OUTPOST /ccm/form-data/858128210?gtm=45be4a20v9103256652za200&gcd=13l3l3l3l1l1&dma=0&tag_exp=101671035~101747727&label=kTaFCIuq0YYZENL-l5kD&npa=0&frm=0&pscdl=noapi&auid=1413056622.1728050423&uaa=x86&uab=64&uafvl=Google%2520Chrome%3B117.0.5938.132%7CNot%253BA%253DBrand%3B8.0.0.0%7CChromium%3B117.0.5938.132&uamb=0&uam=&uap=Windows&uapv=10.0.0&uaw=0&ec_mode=a&em=tv.1 HTTP/1.1
                                                                                                                                                                                                                                                                                                                Host: google.com
                                                                                                                                                                                                                                                                                                                Connection: keep-alive
                                                                                                                                                                                                                                                                                                                Content-Length: 0
                                                                                                                                                                                                                                                                                                                sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"
                                                                                                                                                                                                                                                                                                                sec-ch-ua-mobile: ?0
                                                                                                                                                                                                                                                                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36
                                                                                                                                                                                                                                                                                                                sec-ch-ua-platform: "Windows"
                                                                                                                                                                                                                                                                                                                Accept: */*
                                                                                                                                                                                                                                                                                                                Origin: https://pcapp.store
                                                                                                                                                                                                                                                                                                                X-Client-Data: CKq1yQEIi7bJAQiktskBCKmdygEIoOHKAQiWocsBCJz+zAEIhaDNAQi5ys0BCIrTzQEY9snNARjrjaUX
                                                                                                                                                                                                                                                                                                                Sec-Fetch-Site: cross-site
                                                                                                                                                                                                                                                                                                                Sec-Fetch-Mode: no-cors
                                                                                                                                                                                                                                                                                                                Sec-Fetch-Dest: empty
                                                                                                                                                                                                                                                                                                                Referer: https://pcapp.store/
                                                                                                                                                                                                                                                                                                                Accept-Encoding: gzip, deflate, br
                                                                                                                                                                                                                                                                                                                Accept-Language: en-US,en;q=0.9
                                                                                                                                                                                                                                                                                                                2024-10-04 14:00:26 UTC840INHTTP/1.1 204 No Content
                                                                                                                                                                                                                                                                                                                Access-Control-Allow-Origin: https://pcapp.store
                                                                                                                                                                                                                                                                                                                Date: Fri, 04 Oct 2024 14:00:26 GMT
                                                                                                                                                                                                                                                                                                                Pragma: no-cache
                                                                                                                                                                                                                                                                                                                Expires: Fri, 01 Jan 1990 00:00:00 GMT
                                                                                                                                                                                                                                                                                                                Cache-Control: no-cache, no-store, must-revalidate
                                                                                                                                                                                                                                                                                                                Access-Control-Allow-Credentials: true
                                                                                                                                                                                                                                                                                                                Content-Type: text/plain
                                                                                                                                                                                                                                                                                                                Cross-Origin-Resource-Policy: cross-origin
                                                                                                                                                                                                                                                                                                                Content-Security-Policy-Report-Only: script-src 'none'; form-action 'none'; frame-src 'none'; report-uri https://csp.withgoogle.com/csp/scaffolding/ascnsrsgac:57:0
                                                                                                                                                                                                                                                                                                                Cross-Origin-Opener-Policy-Report-Only: same-origin; report-to=coop_reporting
                                                                                                                                                                                                                                                                                                                Report-To: {"group":"coop_reporting","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/scaffolding/ascnsrsgac:57:0"}],}
                                                                                                                                                                                                                                                                                                                Server: Golfe2
                                                                                                                                                                                                                                                                                                                Content-Length: 0
                                                                                                                                                                                                                                                                                                                Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                                                                                                                                                                                                                                                Connection: close


                                                                                                                                                                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                                31192.168.2.4497604.245.163.56443
                                                                                                                                                                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                2024-10-04 14:00:26 UTC306OUTGET /SLS/%7B522D76A4-93E1-47F8-B8CE-07C937AD1A1E%7D/x64/10.0.19045.2006/0?CH=700&L=en-GB&P=&PT=0x30&WUA=10.0.19041.1949&MK=byR+Araygn2HoGg&MD=4T1WPHdf HTTP/1.1
                                                                                                                                                                                                                                                                                                                Connection: Keep-Alive
                                                                                                                                                                                                                                                                                                                Accept: */*
                                                                                                                                                                                                                                                                                                                User-Agent: Windows-Update-Agent/10.0.10011.16384 Client-Protocol/2.33
                                                                                                                                                                                                                                                                                                                Host: slscr.update.microsoft.com
                                                                                                                                                                                                                                                                                                                2024-10-04 14:00:26 UTC560INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                                Pragma: no-cache
                                                                                                                                                                                                                                                                                                                Content-Type: application/octet-stream
                                                                                                                                                                                                                                                                                                                Expires: -1
                                                                                                                                                                                                                                                                                                                Last-Modified: Mon, 01 Jan 0001 00:00:00 GMT
                                                                                                                                                                                                                                                                                                                ETag: "XAopazV00XDWnJCwkmEWRv6JkbjRA9QSSZ2+e/3MzEk=_2880"
                                                                                                                                                                                                                                                                                                                MS-CorrelationId: 7d300a1b-8309-4d4e-bd3e-cc17327f5207
                                                                                                                                                                                                                                                                                                                MS-RequestId: b52aeb7f-56c7-4fde-9f10-87f60fa3a094
                                                                                                                                                                                                                                                                                                                MS-CV: 2yPv56zm4kWDr5PD.0
                                                                                                                                                                                                                                                                                                                X-Microsoft-SLSClientCache: 2880
                                                                                                                                                                                                                                                                                                                Content-Disposition: attachment; filename=environment.cab
                                                                                                                                                                                                                                                                                                                X-Content-Type-Options: nosniff
                                                                                                                                                                                                                                                                                                                Date: Fri, 04 Oct 2024 14:00:25 GMT
                                                                                                                                                                                                                                                                                                                Connection: close
                                                                                                                                                                                                                                                                                                                Content-Length: 24490
                                                                                                                                                                                                                                                                                                                2024-10-04 14:00:26 UTC15824INData Raw: 4d 53 43 46 00 00 00 00 92 1e 00 00 00 00 00 00 44 00 00 00 00 00 00 00 03 01 01 00 01 00 04 00 23 d0 00 00 14 00 00 00 00 00 10 00 92 1e 00 00 18 41 00 00 00 00 00 00 00 00 00 00 64 00 00 00 01 00 01 00 e6 42 00 00 00 00 00 00 00 00 00 00 00 00 80 00 65 6e 76 69 72 6f 6e 6d 65 6e 74 2e 63 61 62 00 78 cf 8d 5c 26 1e e6 42 43 4b ed 5c 07 54 13 db d6 4e a3 f7 2e d5 d0 3b 4c 42 af 4a 57 10 e9 20 bd 77 21 94 80 88 08 24 2a 02 02 d2 55 10 a4 a8 88 97 22 8a 0a d2 11 04 95 ae d2 8b 20 28 0a 88 20 45 05 f4 9f 80 05 bd ed dd f7 ff 77 dd f7 bf 65 d6 4a 66 ce 99 33 67 4e d9 7b 7f fb db 7b 56 f4 4d 34 b4 21 e0 a7 03 0a d9 fc 68 6e 1d 20 70 28 14 02 85 20 20 ad 61 10 08 e3 66 0d ed 66 9b 1d 6a 90 af 1f 17 f0 4b 68 35 01 83 6c fb 44 42 5c 7d 83 3d 03 30 be 3e ae be 58
                                                                                                                                                                                                                                                                                                                Data Ascii: MSCFD#AdBenvironment.cabx\&BCK\TN.;LBJW w!$*U" ( EweJf3gN{{VM4!hn p( affjKh5lDB\}=0>X
                                                                                                                                                                                                                                                                                                                2024-10-04 14:00:26 UTC8666INData Raw: 04 01 31 2f 30 2d 30 0a 02 05 00 e1 2b 8a 50 02 01 00 30 0a 02 01 00 02 02 12 fe 02 01 ff 30 07 02 01 00 02 02 11 e6 30 0a 02 05 00 e1 2c db d0 02 01 00 30 36 06 0a 2b 06 01 04 01 84 59 0a 04 02 31 28 30 26 30 0c 06 0a 2b 06 01 04 01 84 59 0a 03 02 a0 0a 30 08 02 01 00 02 03 07 a1 20 a1 0a 30 08 02 01 00 02 03 01 86 a0 30 0d 06 09 2a 86 48 86 f7 0d 01 01 05 05 00 03 81 81 00 0c d9 08 df 48 94 57 65 3e ad e7 f2 17 9c 1f ca 3d 4d 6c cd 51 e1 ed 9c 17 a5 52 35 0f fd de 4b bd 22 92 c5 69 e5 d7 9f 29 23 72 40 7a ca 55 9d 8d 11 ad d5 54 00 bb 53 b4 87 7b 72 84 da 2d f6 e3 2c 4f 7e ba 1a 58 88 6e d6 b9 6d 16 ae 85 5b b5 c2 81 a8 e0 ee 0a 9c 60 51 3a 7b e4 61 f8 c3 e4 38 bd 7d 28 17 d6 79 f0 c8 58 c6 ef 1f f7 88 65 b1 ea 0a c0 df f7 ee 5c 23 c2 27 fd 98 63 08 31
                                                                                                                                                                                                                                                                                                                Data Ascii: 1/0-0+P000,06+Y1(0&0+Y0 00*HHWe>=MlQR5K"i)#r@zUTS{r-,O~Xnm[`Q:{a8}(yXe\#'c1


                                                                                                                                                                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                                32192.168.2.449779142.250.185.1004437872C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                2024-10-04 14:00:26 UTC1440OUTGET /pagead/1p-user-list/858128210/?random=1728050423031&cv=11&fst=1728050400000&bg=ffffff&guid=ON&async=1&gtm=45be4a20v9103256652za200&gcd=13l3l3l3l1l1&dma=0&tag_exp=101671035~101747727&u_w=1280&u_h=1024&url=https%3A%2F%2Fpcapp.store%2F%3Fp%3Dlpd_installing_r2%26guid%3D71434D56-1548-ED3D-AEE6-C75AECD93BF0%26_fcid%3D1728048003008516%26_winver%3D19045%26version%3Dfa.1091x&hn=www.googleadservices.com&frm=0&tiba=APP%20STORE%3A%20Installing&npa=0&pscdl=noapi&auid=1413056622.1728050423&uaa=x86&uab=64&uafvl=Google%2520Chrome%3B117.0.5938.132%7CNot%253BA%253DBrand%3B8.0.0.0%7CChromium%3B117.0.5938.132&uamb=0&uam=&uap=Windows&uapv=10.0.0&uaw=0&fledge=1&data=event%3Dgtag.config&rfmt=3&fmt=3&is_vtc=1&cid=CAQSGwDpaXnfMyJhrDhaB3exTGr8QiAbkrI9dhntbA&random=412081743&rmt_tld=0&ipr=y HTTP/1.1
                                                                                                                                                                                                                                                                                                                Host: www.google.com
                                                                                                                                                                                                                                                                                                                Connection: keep-alive
                                                                                                                                                                                                                                                                                                                sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"
                                                                                                                                                                                                                                                                                                                sec-ch-ua-mobile: ?0
                                                                                                                                                                                                                                                                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36
                                                                                                                                                                                                                                                                                                                sec-ch-ua-platform: "Windows"
                                                                                                                                                                                                                                                                                                                Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
                                                                                                                                                                                                                                                                                                                X-Client-Data: CKq1yQEIi7bJAQiktskBCKmdygEIoOHKAQiWocsBCJz+zAEIhaDNAQi5ys0BCIrTzQEY9snNARjrjaUX
                                                                                                                                                                                                                                                                                                                Sec-Fetch-Site: cross-site
                                                                                                                                                                                                                                                                                                                Sec-Fetch-Mode: no-cors
                                                                                                                                                                                                                                                                                                                Sec-Fetch-Dest: image
                                                                                                                                                                                                                                                                                                                Referer: https://pcapp.store/
                                                                                                                                                                                                                                                                                                                Accept-Encoding: gzip, deflate, br
                                                                                                                                                                                                                                                                                                                Accept-Language: en-US,en;q=0.9
                                                                                                                                                                                                                                                                                                                2024-10-04 14:00:26 UTC602INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                P3P: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
                                                                                                                                                                                                                                                                                                                Timing-Allow-Origin: *
                                                                                                                                                                                                                                                                                                                Cross-Origin-Resource-Policy: cross-origin
                                                                                                                                                                                                                                                                                                                Date: Fri, 04 Oct 2024 14:00:26 GMT
                                                                                                                                                                                                                                                                                                                Pragma: no-cache
                                                                                                                                                                                                                                                                                                                Expires: Fri, 01 Jan 1990 00:00:00 GMT
                                                                                                                                                                                                                                                                                                                Cache-Control: no-cache, no-store, must-revalidate
                                                                                                                                                                                                                                                                                                                Content-Type: image/gif
                                                                                                                                                                                                                                                                                                                Content-Security-Policy: script-src 'none'; object-src 'none'
                                                                                                                                                                                                                                                                                                                X-Content-Type-Options: nosniff
                                                                                                                                                                                                                                                                                                                Server: cafe
                                                                                                                                                                                                                                                                                                                Content-Length: 42
                                                                                                                                                                                                                                                                                                                X-XSS-Protection: 0
                                                                                                                                                                                                                                                                                                                Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                                                                                                                                                                                                                                                Connection: close
                                                                                                                                                                                                                                                                                                                2024-10-04 14:00:26 UTC42INData Raw: 47 49 46 38 39 61 01 00 01 00 80 00 00 00 00 00 ff ff ff 21 f9 04 01 00 00 00 00 2c 00 00 00 00 01 00 01 00 00 02 01 44 00 3b
                                                                                                                                                                                                                                                                                                                Data Ascii: GIF89a!,D;


                                                                                                                                                                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                                33192.168.2.449778142.250.185.1004437872C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                2024-10-04 14:00:26 UTC1439OUTGET /pagead/1p-user-list/858128210/?random=1728050423090&cv=11&fst=1728050400000&bg=ffffff&guid=ON&async=1&gtm=45be4a20v9103256652za200&gcd=13l3l3l3l1l1&dma=0&tag_exp=101671035~101747727&u_w=1280&u_h=1024&url=https%3A%2F%2Fpcapp.store%2F%3Fp%3Dlpd_installing_r2%26guid%3D71434D56-1548-ED3D-AEE6-C75AECD93BF0%26_fcid%3D1728048003008516%26_winver%3D19045%26version%3Dfa.1091x&hn=www.googleadservices.com&frm=0&tiba=APP%20STORE%3A%20Installing&npa=0&pscdl=noapi&auid=1413056622.1728050423&uaa=x86&uab=64&uafvl=Google%2520Chrome%3B117.0.5938.132%7CNot%253BA%253DBrand%3B8.0.0.0%7CChromium%3B117.0.5938.132&uamb=0&uam=&uap=Windows&uapv=10.0.0&uaw=0&fledge=1&data=event%3Dpage_view&rfmt=3&fmt=3&is_vtc=1&cid=CAQSGwDpaXnfHC5MIpIlTCTLIfAxrOxhncFxOihRsw&random=1571864367&rmt_tld=0&ipr=y HTTP/1.1
                                                                                                                                                                                                                                                                                                                Host: www.google.com
                                                                                                                                                                                                                                                                                                                Connection: keep-alive
                                                                                                                                                                                                                                                                                                                sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"
                                                                                                                                                                                                                                                                                                                sec-ch-ua-mobile: ?0
                                                                                                                                                                                                                                                                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36
                                                                                                                                                                                                                                                                                                                sec-ch-ua-platform: "Windows"
                                                                                                                                                                                                                                                                                                                Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
                                                                                                                                                                                                                                                                                                                X-Client-Data: CKq1yQEIi7bJAQiktskBCKmdygEIoOHKAQiWocsBCJz+zAEIhaDNAQi5ys0BCIrTzQEY9snNARjrjaUX
                                                                                                                                                                                                                                                                                                                Sec-Fetch-Site: cross-site
                                                                                                                                                                                                                                                                                                                Sec-Fetch-Mode: no-cors
                                                                                                                                                                                                                                                                                                                Sec-Fetch-Dest: image
                                                                                                                                                                                                                                                                                                                Referer: https://pcapp.store/
                                                                                                                                                                                                                                                                                                                Accept-Encoding: gzip, deflate, br
                                                                                                                                                                                                                                                                                                                Accept-Language: en-US,en;q=0.9
                                                                                                                                                                                                                                                                                                                2024-10-04 14:00:26 UTC602INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                P3P: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
                                                                                                                                                                                                                                                                                                                Timing-Allow-Origin: *
                                                                                                                                                                                                                                                                                                                Cross-Origin-Resource-Policy: cross-origin
                                                                                                                                                                                                                                                                                                                Date: Fri, 04 Oct 2024 14:00:26 GMT
                                                                                                                                                                                                                                                                                                                Pragma: no-cache
                                                                                                                                                                                                                                                                                                                Expires: Fri, 01 Jan 1990 00:00:00 GMT
                                                                                                                                                                                                                                                                                                                Cache-Control: no-cache, no-store, must-revalidate
                                                                                                                                                                                                                                                                                                                Content-Type: image/gif
                                                                                                                                                                                                                                                                                                                Content-Security-Policy: script-src 'none'; object-src 'none'
                                                                                                                                                                                                                                                                                                                X-Content-Type-Options: nosniff
                                                                                                                                                                                                                                                                                                                Server: cafe
                                                                                                                                                                                                                                                                                                                Content-Length: 42
                                                                                                                                                                                                                                                                                                                X-XSS-Protection: 0
                                                                                                                                                                                                                                                                                                                Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                                                                                                                                                                                                                                                Connection: close
                                                                                                                                                                                                                                                                                                                2024-10-04 14:00:26 UTC42INData Raw: 47 49 46 38 39 61 01 00 01 00 80 00 00 00 00 00 ff ff ff 21 f9 04 01 00 00 00 00 2c 00 00 00 00 01 00 01 00 00 02 01 44 00 3b
                                                                                                                                                                                                                                                                                                                Data Ascii: GIF89a!,D;


                                                                                                                                                                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                                34192.168.2.44978245.32.1.234437872C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                2024-10-04 14:00:26 UTC545OUTGET /pixelgif.php HTTP/1.1
                                                                                                                                                                                                                                                                                                                Host: pcapp.store
                                                                                                                                                                                                                                                                                                                Connection: keep-alive
                                                                                                                                                                                                                                                                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36
                                                                                                                                                                                                                                                                                                                Accept: */*
                                                                                                                                                                                                                                                                                                                Sec-Fetch-Site: none
                                                                                                                                                                                                                                                                                                                Sec-Fetch-Mode: cors
                                                                                                                                                                                                                                                                                                                Sec-Fetch-Dest: empty
                                                                                                                                                                                                                                                                                                                Accept-Encoding: gzip, deflate, br
                                                                                                                                                                                                                                                                                                                Accept-Language: en-US,en;q=0.9
                                                                                                                                                                                                                                                                                                                Cookie: _fcid=1728048003008516; _gcl_au=1.1.1413056622.1728050423; _ga=GA1.1.1613511744.1728050423; guid=71434D56-1548-ED3D-AEE6-C75AECD93BF0; _ga_VFQWFX3X1C=GS1.1.1728050423.1.0.1728050423.60.0.0
                                                                                                                                                                                                                                                                                                                2024-10-04 14:00:26 UTC448INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                Server: nginx
                                                                                                                                                                                                                                                                                                                Date: Fri, 04 Oct 2024 14:00:26 GMT
                                                                                                                                                                                                                                                                                                                Content-Type: image/png
                                                                                                                                                                                                                                                                                                                Transfer-Encoding: chunked
                                                                                                                                                                                                                                                                                                                Connection: close
                                                                                                                                                                                                                                                                                                                Access-Control-Allow-Credentials: true
                                                                                                                                                                                                                                                                                                                Access-Control-Allow-Methods: GET, POST, OPTIONS
                                                                                                                                                                                                                                                                                                                Access-Control-Allow-Headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
                                                                                                                                                                                                                                                                                                                Cache-Control: no-store, no-cache, must-revalidate, proxy-revalidate, max-age=0
                                                                                                                                                                                                                                                                                                                2024-10-04 14:00:26 UTC106INData Raw: 35 66 0d 0a 89 50 4e 47 0d 0a 1a 0a 00 00 00 0d 49 48 44 52 00 00 00 01 00 00 00 01 01 03 00 00 00 25 db 56 ca 00 00 00 03 50 4c 54 45 00 00 00 a7 7a 3d da 00 00 00 01 74 52 4e 53 00 40 e6 d8 66 00 00 00 0a 49 44 41 54 08 d7 63 60 00 00 00 02 00 01 e2 21 bc 33 00 00 00 00 49 45 4e 44 ae 42 60 82 0d 0a 30 0d 0a 0d 0a
                                                                                                                                                                                                                                                                                                                Data Ascii: 5fPNGIHDR%VPLTEz=tRNS@fIDATc`!3IENDB`0


                                                                                                                                                                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                                35192.168.2.44978345.32.1.234437872C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                2024-10-04 14:00:26 UTC544OUTGET /api/api.php HTTP/1.1
                                                                                                                                                                                                                                                                                                                Host: pcapp.store
                                                                                                                                                                                                                                                                                                                Connection: keep-alive
                                                                                                                                                                                                                                                                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36
                                                                                                                                                                                                                                                                                                                Accept: */*
                                                                                                                                                                                                                                                                                                                Sec-Fetch-Site: none
                                                                                                                                                                                                                                                                                                                Sec-Fetch-Mode: cors
                                                                                                                                                                                                                                                                                                                Sec-Fetch-Dest: empty
                                                                                                                                                                                                                                                                                                                Accept-Encoding: gzip, deflate, br
                                                                                                                                                                                                                                                                                                                Accept-Language: en-US,en;q=0.9
                                                                                                                                                                                                                                                                                                                Cookie: _fcid=1728048003008516; _gcl_au=1.1.1413056622.1728050423; _ga=GA1.1.1613511744.1728050423; guid=71434D56-1548-ED3D-AEE6-C75AECD93BF0; _ga_VFQWFX3X1C=GS1.1.1728050423.1.0.1728050423.60.0.0
                                                                                                                                                                                                                                                                                                                2024-10-04 14:00:26 UTC211INHTTP/1.1 404 Not Found
                                                                                                                                                                                                                                                                                                                Server: nginx
                                                                                                                                                                                                                                                                                                                Date: Fri, 04 Oct 2024 14:00:26 GMT
                                                                                                                                                                                                                                                                                                                Content-Type: text/html; charset=UTF-8
                                                                                                                                                                                                                                                                                                                Transfer-Encoding: chunked
                                                                                                                                                                                                                                                                                                                Connection: close
                                                                                                                                                                                                                                                                                                                Vary: Accept-Encoding
                                                                                                                                                                                                                                                                                                                Vary: Accept-Encoding
                                                                                                                                                                                                                                                                                                                2024-10-04 14:00:26 UTC5INData Raw: 30 0d 0a 0d 0a
                                                                                                                                                                                                                                                                                                                Data Ascii: 0


                                                                                                                                                                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                                36192.168.2.449785172.217.18.24437872C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                2024-10-04 14:00:26 UTC1182OUTGET /pagead/viewthroughconversion/858128210/?random=1728050423031&cv=11&fst=1728050423031&bg=ffffff&guid=ON&async=1&gtm=45be4a20v9103256652za200&gcd=13l3l3l3l1l1&dma=0&tag_exp=101671035~101747727&u_w=1280&u_h=1024&url=https%3A%2F%2Fpcapp.store%2F%3Fp%3Dlpd_installing_r2%26guid%3D71434D56-1548-ED3D-AEE6-C75AECD93BF0%26_fcid%3D1728048003008516%26_winver%3D19045%26version%3Dfa.1091x&hn=www.googleadservices.com&frm=0&tiba=APP%20STORE%3A%20Installing&npa=0&pscdl=noapi&auid=1413056622.1728050423&uaa=x86&uab=64&uafvl=Google%2520Chrome%3B117.0.5938.132%7CNot%253BA%253DBrand%3B8.0.0.0%7CChromium%3B117.0.5938.132&uamb=0&uam=&uap=Windows&uapv=10.0.0&uaw=0&fledge=1&data=event%3Dgtag.config&rfmt=3&fmt=4 HTTP/1.1
                                                                                                                                                                                                                                                                                                                Host: googleads.g.doubleclick.net
                                                                                                                                                                                                                                                                                                                Connection: keep-alive
                                                                                                                                                                                                                                                                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36
                                                                                                                                                                                                                                                                                                                Accept: */*
                                                                                                                                                                                                                                                                                                                X-Client-Data: CKq1yQEIi7bJAQiktskBCKmdygEIoOHKAQiWocsBCJz+zAEIhaDNAQi5ys0BCIrTzQEY9snNARjrjaUX
                                                                                                                                                                                                                                                                                                                Sec-Fetch-Site: none
                                                                                                                                                                                                                                                                                                                Sec-Fetch-Mode: cors
                                                                                                                                                                                                                                                                                                                Sec-Fetch-Dest: empty
                                                                                                                                                                                                                                                                                                                Accept-Encoding: gzip, deflate, br
                                                                                                                                                                                                                                                                                                                Accept-Language: en-US,en;q=0.9
                                                                                                                                                                                                                                                                                                                Cookie: test_cookie=CheckForPermission
                                                                                                                                                                                                                                                                                                                2024-10-04 14:00:26 UTC1011INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                P3P: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
                                                                                                                                                                                                                                                                                                                Timing-Allow-Origin: *
                                                                                                                                                                                                                                                                                                                Cross-Origin-Resource-Policy: cross-origin
                                                                                                                                                                                                                                                                                                                Date: Fri, 04 Oct 2024 14:00:26 GMT
                                                                                                                                                                                                                                                                                                                Pragma: no-cache
                                                                                                                                                                                                                                                                                                                Expires: Fri, 01 Jan 1990 00:00:00 GMT
                                                                                                                                                                                                                                                                                                                Cache-Control: no-cache, must-revalidate
                                                                                                                                                                                                                                                                                                                Content-Type: text/javascript; charset=UTF-8
                                                                                                                                                                                                                                                                                                                X-Content-Type-Options: nosniff
                                                                                                                                                                                                                                                                                                                Content-Disposition: attachment; filename="f.txt"
                                                                                                                                                                                                                                                                                                                Server: cafe
                                                                                                                                                                                                                                                                                                                X-XSS-Protection: 0
                                                                                                                                                                                                                                                                                                                Set-Cookie: test_cookie=; domain=.doubleclick.net; path=/; expires=Fri, 01-Aug-2008 22:45:55 GMT; SameSite=none; Secure
                                                                                                                                                                                                                                                                                                                Set-Cookie: IDE=AHWqTUmCQf3zVTOZeg7Nd73ljQqOzkGMScAfRBARfDh3BniOcs7Ibc97NRYm7tWs; expires=Sun, 04-Oct-2026 14:00:26 GMT; path=/; domain=.doubleclick.net; Secure; HttpOnly; SameSite=none
                                                                                                                                                                                                                                                                                                                Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                                                                                                                                                                                                                                                Accept-Ranges: none
                                                                                                                                                                                                                                                                                                                Vary: Accept-Encoding
                                                                                                                                                                                                                                                                                                                Connection: close
                                                                                                                                                                                                                                                                                                                Transfer-Encoding: chunked
                                                                                                                                                                                                                                                                                                                2024-10-04 14:00:26 UTC379INData Raw: 31 32 66 33 0d 0a 28 66 75 6e 63 74 69 6f 6e 28 29 7b 76 61 72 20 73 20 3d 20 7b 7d 3b 28 66 75 6e 63 74 69 6f 6e 28 29 7b 76 61 72 20 68 3d 74 79 70 65 6f 66 20 4f 62 6a 65 63 74 2e 64 65 66 69 6e 65 50 72 6f 70 65 72 74 69 65 73 3d 3d 22 66 75 6e 63 74 69 6f 6e 22 3f 4f 62 6a 65 63 74 2e 64 65 66 69 6e 65 50 72 6f 70 65 72 74 79 3a 66 75 6e 63 74 69 6f 6e 28 61 2c 62 2c 64 29 7b 69 66 28 61 3d 3d 41 72 72 61 79 2e 70 72 6f 74 6f 74 79 70 65 7c 7c 61 3d 3d 4f 62 6a 65 63 74 2e 70 72 6f 74 6f 74 79 70 65 29 72 65 74 75 72 6e 20 61 3b 61 5b 62 5d 3d 64 2e 76 61 6c 75 65 3b 72 65 74 75 72 6e 20 61 7d 3b 66 75 6e 63 74 69 6f 6e 20 6b 28 61 29 7b 61 3d 5b 22 6f 62 6a 65 63 74 22 3d 3d 74 79 70 65 6f 66 20 67 6c 6f 62 61 6c 54 68 69 73 26 26 67 6c 6f 62 61 6c
                                                                                                                                                                                                                                                                                                                Data Ascii: 12f3(function(){var s = {};(function(){var h=typeof Object.defineProperties=="function"?Object.defineProperty:function(a,b,d){if(a==Array.prototype||a==Object.prototype)return a;a[b]=d.value;return a};function k(a){a=["object"==typeof globalThis&&global
                                                                                                                                                                                                                                                                                                                2024-10-04 14:00:26 UTC1390INData Raw: 2b 62 29 7b 76 61 72 20 64 3d 61 5b 62 5d 3b 69 66 28 64 26 26 64 2e 4d 61 74 68 3d 3d 4d 61 74 68 29 72 65 74 75 72 6e 20 64 7d 74 68 72 6f 77 20 45 72 72 6f 72 28 22 43 61 6e 6e 6f 74 20 66 69 6e 64 20 67 6c 6f 62 61 6c 20 6f 62 6a 65 63 74 22 29 3b 7d 20 76 61 72 20 6d 3d 6b 28 74 68 69 73 29 2c 70 3d 74 79 70 65 6f 66 20 53 79 6d 62 6f 6c 3d 3d 3d 22 66 75 6e 63 74 69 6f 6e 22 26 26 74 79 70 65 6f 66 20 53 79 6d 62 6f 6c 28 22 78 22 29 3d 3d 3d 22 73 79 6d 62 6f 6c 22 2c 74 3d 7b 7d 2c 76 3d 7b 7d 3b 66 75 6e 63 74 69 6f 6e 20 77 28 61 2c 62 2c 64 29 7b 69 66 28 21 64 7c 7c 61 21 3d 6e 75 6c 6c 29 7b 64 3d 76 5b 62 5d 3b 69 66 28 64 3d 3d 6e 75 6c 6c 29 72 65 74 75 72 6e 20 61 5b 62 5d 3b 64 3d 61 5b 64 5d 3b 72 65 74 75 72 6e 20 64 21 3d 3d 76 6f 69
                                                                                                                                                                                                                                                                                                                Data Ascii: +b){var d=a[b];if(d&&d.Math==Math)return d}throw Error("Cannot find global object");} var m=k(this),p=typeof Symbol==="function"&&typeof Symbol("x")==="symbol",t={},v={};function w(a,b,d){if(!d||a!=null){d=v[b];if(d==null)return a[b];d=a[d];return d!==voi
                                                                                                                                                                                                                                                                                                                2024-10-04 14:00:26 UTC1390INData Raw: 7b 48 3d 6e 75 6c 6c 3b 62 72 65 61 6b 20 61 7d 48 3d 4c 7d 76 61 72 20 4e 3d 48 26 26 48 5b 36 31 30 34 30 31 33 30 31 5d 3b 47 3d 4e 21 3d 6e 75 6c 6c 3f 4e 3a 21 31 3b 76 61 72 20 4f 2c 50 3d 7a 2e 6e 61 76 69 67 61 74 6f 72 3b 4f 3d 50 3f 50 2e 75 73 65 72 41 67 65 6e 74 44 61 74 61 7c 7c 6e 75 6c 6c 3a 6e 75 6c 6c 3b 66 75 6e 63 74 69 6f 6e 20 51 28 61 29 7b 72 65 74 75 72 6e 20 47 3f 4f 3f 4f 2e 62 72 61 6e 64 73 2e 73 6f 6d 65 28 66 75 6e 63 74 69 6f 6e 28 62 29 7b 72 65 74 75 72 6e 28 62 3d 62 2e 62 72 61 6e 64 29 26 26 62 2e 69 6e 64 65 78 4f 66 28 61 29 21 3d 2d 31 7d 29 3a 21 31 3a 21 31 7d 66 75 6e 63 74 69 6f 6e 20 52 28 61 29 7b 76 61 72 20 62 3b 61 3a 7b 69 66 28 62 3d 7a 2e 6e 61 76 69 67 61 74 6f 72 29 69 66 28 62 3d 62 2e 75 73 65 72 41
                                                                                                                                                                                                                                                                                                                Data Ascii: {H=null;break a}H=L}var N=H&&H[610401301];G=N!=null?N:!1;var O,P=z.navigator;O=P?P.userAgentData||null:null;function Q(a){return G?O?O.brands.some(function(b){return(b=b.brand)&&b.indexOf(a)!=-1}):!1:!1}function R(a){var b;a:{if(b=z.navigator)if(b=b.userA
                                                                                                                                                                                                                                                                                                                2024-10-04 14:00:26 UTC1390INData Raw: 73 69 67 6e 22 29 2e 63 61 6c 6c 28 4f 62 6a 65 63 74 2c 7b 7d 2c 46 29 3b 6e 26 26 28 6e 2e 61 74 74 72 69 62 75 74 69 6f 6e 52 65 70 6f 72 74 69 6e 67 26 26 20 28 49 2e 61 74 74 72 69 62 75 74 69 6f 6e 52 65 70 6f 72 74 69 6e 67 3d 6e 2e 61 74 74 72 69 62 75 74 69 6f 6e 52 65 70 6f 72 74 69 6e 67 29 2c 6e 2e 62 72 6f 77 73 69 6e 67 54 6f 70 69 63 73 26 26 28 49 2e 62 72 6f 77 73 69 6e 67 54 6f 70 69 63 73 3d 6e 2e 62 72 6f 77 73 69 6e 67 54 6f 70 69 63 73 29 29 3b 74 72 79 7b 76 61 72 20 53 3d 43 2e 66 65 74 63 68 28 71 2c 49 29 3b 53 26 26 53 2e 63 61 74 63 68 28 42 29 3b 76 61 72 20 4a 3d 21 30 3b 62 72 65 61 6b 20 61 7d 63 61 74 63 68 28 62 61 29 7b 7d 7d 69 66 28 6e 26 26 6e 2e 6e 6f 46 61 6c 6c 62 61 63 6b 29 4a 3d 21 31 3b 65 6c 73 65 7b 74 72 79
                                                                                                                                                                                                                                                                                                                Data Ascii: sign").call(Object,{},F);n&&(n.attributionReporting&& (I.attributionReporting=n.attributionReporting),n.browsingTopics&&(I.browsingTopics=n.browsingTopics));try{var S=C.fetch(q,I);S&&S.catch(B);var J=!0;break a}catch(ba){}}if(n&&n.noFallback)J=!1;else{try
                                                                                                                                                                                                                                                                                                                2024-10-04 14:00:26 UTC310INData Raw: 33 42 31 31 37 2e 30 2e 35 39 33 38 2e 31 33 32 5c 78 32 36 75 61 6d 62 5c 78 33 64 30 5c 78 32 36 75 61 6d 5c 78 33 64 5c 78 32 36 75 61 70 5c 78 33 64 57 69 6e 64 6f 77 73 5c 78 32 36 75 61 70 76 5c 78 33 64 31 30 2e 30 2e 30 5c 78 32 36 75 61 77 5c 78 33 64 30 5c 78 32 36 66 6c 65 64 67 65 5c 78 33 64 31 5c 78 32 36 64 61 74 61 5c 78 33 64 65 76 65 6e 74 25 33 44 67 74 61 67 2e 63 6f 6e 66 69 67 5c 78 32 36 72 66 6d 74 5c 78 33 64 33 5c 78 32 36 66 6d 74 5c 78 33 64 33 5c 78 32 36 69 73 5f 76 74 63 5c 78 33 64 31 5c 78 32 36 63 69 64 5c 78 33 64 43 41 51 53 4b 51 44 70 61 58 6e 66 30 76 42 50 4f 32 68 57 4a 79 63 70 36 4e 30 6c 68 57 31 55 4d 6c 72 38 5a 34 79 65 37 37 72 75 75 67 55 73 31 31 47 7a 5f 30 6f 5f 70 39 33 73 5c 78 32 36 72 61 6e 64 6f 6d
                                                                                                                                                                                                                                                                                                                Data Ascii: 3B117.0.5938.132\x26uamb\x3d0\x26uam\x3d\x26uap\x3dWindows\x26uapv\x3d10.0.0\x26uaw\x3d0\x26fledge\x3d1\x26data\x3devent%3Dgtag.config\x26rfmt\x3d3\x26fmt\x3d3\x26is_vtc\x3d1\x26cid\x3dCAQSKQDpaXnf0vBPO2hWJycp6N0lhW1UMlr8Z4ye77ruugUs11Gz_0o_p93s\x26random
                                                                                                                                                                                                                                                                                                                2024-10-04 14:00:26 UTC5INData Raw: 30 0d 0a 0d 0a
                                                                                                                                                                                                                                                                                                                Data Ascii: 0


                                                                                                                                                                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                                37192.168.2.449786207.211.211.274437872C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                2024-10-04 14:00:26 UTC613OUTGET /pcapp/images/front_img/lp/lpd_installing_r2/img/done_windows_icon.svg HTTP/1.1
                                                                                                                                                                                                                                                                                                                Host: repository.pcapp.store
                                                                                                                                                                                                                                                                                                                Connection: keep-alive
                                                                                                                                                                                                                                                                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36
                                                                                                                                                                                                                                                                                                                Accept: */*
                                                                                                                                                                                                                                                                                                                Sec-Fetch-Site: none
                                                                                                                                                                                                                                                                                                                Sec-Fetch-Mode: cors
                                                                                                                                                                                                                                                                                                                Sec-Fetch-Dest: empty
                                                                                                                                                                                                                                                                                                                Accept-Encoding: gzip, deflate, br
                                                                                                                                                                                                                                                                                                                Accept-Language: en-US,en;q=0.9
                                                                                                                                                                                                                                                                                                                Cookie: _fcid=1728048003008516; _gcl_au=1.1.1413056622.1728050423; _ga=GA1.1.1613511744.1728050423; guid=71434D56-1548-ED3D-AEE6-C75AECD93BF0; _ga_VFQWFX3X1C=GS1.1.1728050423.1.0.1728050423.60.0.0
                                                                                                                                                                                                                                                                                                                2024-10-04 14:00:26 UTC743INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                Date: Fri, 04 Oct 2024 14:00:26 GMT
                                                                                                                                                                                                                                                                                                                Content-Type: image/svg+xml
                                                                                                                                                                                                                                                                                                                Content-Length: 2118
                                                                                                                                                                                                                                                                                                                Connection: close
                                                                                                                                                                                                                                                                                                                x-amz-id-2: VnXbMdQrMnDZ7RxRcp9Z9nX5AOhWlZ7/zrE6KB6T0/LE6m3Vo4OpWV+2fZVthwSD1SjXgpKMgrE=
                                                                                                                                                                                                                                                                                                                x-amz-request-id: 0VTPN0WH96JBTFRZ
                                                                                                                                                                                                                                                                                                                Last-Modified: Wed, 28 Feb 2024 14:20:34 GMT
                                                                                                                                                                                                                                                                                                                ETag: "1039640cf0666a1621d55c9e9fa81439"
                                                                                                                                                                                                                                                                                                                x-amz-server-side-encryption: AES256
                                                                                                                                                                                                                                                                                                                x-amz-version-id: TOr7Qz1D1UcT8CbM_PbCtRSNYTOORIzt
                                                                                                                                                                                                                                                                                                                X-77-NZT: EggBz9PTGQFBDAHUZjgRAbdY2QsA
                                                                                                                                                                                                                                                                                                                X-77-NZT-Ray: 43862e248a248f8afaf4ff661f10a030
                                                                                                                                                                                                                                                                                                                X-Accel-Expires: @1728310690
                                                                                                                                                                                                                                                                                                                X-Accel-Date: 1727273890
                                                                                                                                                                                                                                                                                                                X-Accel-Date-Max: 1709647894
                                                                                                                                                                                                                                                                                                                X-77-Cache: HIT
                                                                                                                                                                                                                                                                                                                X-77-Age: 776536
                                                                                                                                                                                                                                                                                                                Vary: Accept-Encoding
                                                                                                                                                                                                                                                                                                                Server: CDN77-Turbo
                                                                                                                                                                                                                                                                                                                X-Cache: MISS
                                                                                                                                                                                                                                                                                                                X-77-POP: frankfurtDE
                                                                                                                                                                                                                                                                                                                Accept-Ranges: bytes
                                                                                                                                                                                                                                                                                                                2024-10-04 14:00:26 UTC2118INData Raw: 3c 73 76 67 20 77 69 64 74 68 3d 22 31 33 32 22 20 68 65 69 67 68 74 3d 22 31 33 32 22 20 76 69 65 77 42 6f 78 3d 22 30 20 30 20 31 33 32 20 31 33 32 22 20 66 69 6c 6c 3d 22 6e 6f 6e 65 22 20 78 6d 6c 6e 73 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 32 30 30 30 2f 73 76 67 22 3e 3c 67 20 66 69 6c 74 65 72 3d 22 75 72 6c 28 23 66 69 6c 74 65 72 30 5f 64 5f 35 33 39 5f 32 37 39 29 22 3e 3c 70 61 74 68 20 64 3d 22 4d 31 36 20 31 32 2e 35 41 34 2e 35 20 34 2e 35 20 30 20 30 31 32 30 2e 35 20 38 68 39 31 61 34 2e 35 20 34 2e 35 20 30 20 30 31 34 2e 35 20 34 2e 35 76 39 31 61 34 2e 35 20 34 2e 35 20 30 20 30 31 2d 34 2e 35 20 34 2e 35 68 2d 39 31 61 34 2e 35 20 34 2e 35 20 30 20 30 31 2d 34 2e 35 2d 34 2e 35 76 2d 39 31 7a 22 20 66 69 6c 6c 3d
                                                                                                                                                                                                                                                                                                                Data Ascii: <svg width="132" height="132" viewBox="0 0 132 132" fill="none" xmlns="http://www.w3.org/2000/svg"><g filter="url(#filter0_d_539_279)"><path d="M16 12.5A4.5 4.5 0 0120.5 8h91a4.5 4.5 0 014.5 4.5v91a4.5 4.5 0 01-4.5 4.5h-91a4.5 4.5 0 01-4.5-4.5v-91z" fill=


                                                                                                                                                                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                                38192.168.2.449787207.211.211.274437872C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                2024-10-04 14:00:26 UTC612OUTGET /pcapp/images/front_img/lp/lpd_installing_r2/img/done_cursor_icon.svg HTTP/1.1
                                                                                                                                                                                                                                                                                                                Host: repository.pcapp.store
                                                                                                                                                                                                                                                                                                                Connection: keep-alive
                                                                                                                                                                                                                                                                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36
                                                                                                                                                                                                                                                                                                                Accept: */*
                                                                                                                                                                                                                                                                                                                Sec-Fetch-Site: none
                                                                                                                                                                                                                                                                                                                Sec-Fetch-Mode: cors
                                                                                                                                                                                                                                                                                                                Sec-Fetch-Dest: empty
                                                                                                                                                                                                                                                                                                                Accept-Encoding: gzip, deflate, br
                                                                                                                                                                                                                                                                                                                Accept-Language: en-US,en;q=0.9
                                                                                                                                                                                                                                                                                                                Cookie: _fcid=1728048003008516; _gcl_au=1.1.1413056622.1728050423; _ga=GA1.1.1613511744.1728050423; guid=71434D56-1548-ED3D-AEE6-C75AECD93BF0; _ga_VFQWFX3X1C=GS1.1.1728050423.1.0.1728050423.60.0.0
                                                                                                                                                                                                                                                                                                                2024-10-04 14:00:26 UTC743INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                Date: Fri, 04 Oct 2024 14:00:26 GMT
                                                                                                                                                                                                                                                                                                                Content-Type: image/svg+xml
                                                                                                                                                                                                                                                                                                                Content-Length: 3592
                                                                                                                                                                                                                                                                                                                Connection: close
                                                                                                                                                                                                                                                                                                                x-amz-id-2: nywV2cgHdFC+5xdm9q5od60Stg3WCOzqeJiCQmh/9pi5qHGFAVqmwlT3LQzNI89CByuRyfZdrqs=
                                                                                                                                                                                                                                                                                                                x-amz-request-id: 2BFZWZG0VPK7E67M
                                                                                                                                                                                                                                                                                                                Last-Modified: Tue, 05 Mar 2024 14:14:52 GMT
                                                                                                                                                                                                                                                                                                                ETag: "0ffc071bc5af33d2be224cf147670471"
                                                                                                                                                                                                                                                                                                                x-amz-server-side-encryption: AES256
                                                                                                                                                                                                                                                                                                                x-amz-version-id: FNnKBFIISaAEe.nB17r6I4sGtXdi_uy2
                                                                                                                                                                                                                                                                                                                X-77-NZT: EggBz9PTGQFBDAHDta8GAbek0AYA
                                                                                                                                                                                                                                                                                                                X-77-NZT-Ray: 43862e24c1ff878afaf4ff6654108f30
                                                                                                                                                                                                                                                                                                                X-Accel-Expires: @1728640598
                                                                                                                                                                                                                                                                                                                X-Accel-Date: 1727603798
                                                                                                                                                                                                                                                                                                                X-Accel-Date-Max: 1726566987
                                                                                                                                                                                                                                                                                                                X-77-Cache: HIT
                                                                                                                                                                                                                                                                                                                X-77-Age: 446628
                                                                                                                                                                                                                                                                                                                Vary: Accept-Encoding
                                                                                                                                                                                                                                                                                                                Server: CDN77-Turbo
                                                                                                                                                                                                                                                                                                                X-Cache: MISS
                                                                                                                                                                                                                                                                                                                X-77-POP: frankfurtDE
                                                                                                                                                                                                                                                                                                                Accept-Ranges: bytes
                                                                                                                                                                                                                                                                                                                2024-10-04 14:00:26 UTC3592INData Raw: 3c 73 76 67 20 77 69 64 74 68 3d 22 31 30 37 22 20 68 65 69 67 68 74 3d 22 31 30 39 22 20 76 69 65 77 42 6f 78 3d 22 30 20 30 20 31 30 37 20 31 30 39 22 20 66 69 6c 6c 3d 22 6e 6f 6e 65 22 20 78 6d 6c 6e 73 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 32 30 30 30 2f 73 76 67 22 3e 3c 67 20 66 69 6c 74 65 72 3d 22 75 72 6c 28 23 66 69 6c 74 65 72 30 5f 64 5f 35 33 39 5f 32 38 36 29 22 3e 3c 70 61 74 68 20 64 3d 22 4d 37 38 2e 38 35 36 20 34 31 2e 36 31 34 63 2e 30 34 38 2d 2e 30 34 38 2e 30 39 36 2d 2e 30 34 38 2e 30 39 36 2d 2e 30 39 36 2e 30 34 38 2d 2e 30 34 38 2e 30 34 38 2d 2e 30 39 36 2e 30 34 38 2d 2e 31 34 33 76 2d 2e 31 39 32 63 30 2d 2e 30 39 36 2d 2e 30 34 38 2d 2e 31 34 34 2d 2e 30 39 36 2d 2e 32 34 61 2e 38 34 2e 38 34 20 30 20
                                                                                                                                                                                                                                                                                                                Data Ascii: <svg width="107" height="109" viewBox="0 0 107 109" fill="none" xmlns="http://www.w3.org/2000/svg"><g filter="url(#filter0_d_539_286)"><path d="M78.856 41.614c.048-.048.096-.048.096-.096.048-.048.048-.096.048-.143v-.192c0-.096-.048-.144-.096-.24a.84.84 0


                                                                                                                                                                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                                39192.168.2.449784172.217.18.24437872C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                2024-10-04 14:00:26 UTC1180OUTGET /pagead/viewthroughconversion/858128210/?random=1728050423090&cv=11&fst=1728050423090&bg=ffffff&guid=ON&async=1&gtm=45be4a20v9103256652za200&gcd=13l3l3l3l1l1&dma=0&tag_exp=101671035~101747727&u_w=1280&u_h=1024&url=https%3A%2F%2Fpcapp.store%2F%3Fp%3Dlpd_installing_r2%26guid%3D71434D56-1548-ED3D-AEE6-C75AECD93BF0%26_fcid%3D1728048003008516%26_winver%3D19045%26version%3Dfa.1091x&hn=www.googleadservices.com&frm=0&tiba=APP%20STORE%3A%20Installing&npa=0&pscdl=noapi&auid=1413056622.1728050423&uaa=x86&uab=64&uafvl=Google%2520Chrome%3B117.0.5938.132%7CNot%253BA%253DBrand%3B8.0.0.0%7CChromium%3B117.0.5938.132&uamb=0&uam=&uap=Windows&uapv=10.0.0&uaw=0&fledge=1&data=event%3Dpage_view&rfmt=3&fmt=4 HTTP/1.1
                                                                                                                                                                                                                                                                                                                Host: googleads.g.doubleclick.net
                                                                                                                                                                                                                                                                                                                Connection: keep-alive
                                                                                                                                                                                                                                                                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36
                                                                                                                                                                                                                                                                                                                Accept: */*
                                                                                                                                                                                                                                                                                                                X-Client-Data: CKq1yQEIi7bJAQiktskBCKmdygEIoOHKAQiWocsBCJz+zAEIhaDNAQi5ys0BCIrTzQEY9snNARjrjaUX
                                                                                                                                                                                                                                                                                                                Sec-Fetch-Site: none
                                                                                                                                                                                                                                                                                                                Sec-Fetch-Mode: cors
                                                                                                                                                                                                                                                                                                                Sec-Fetch-Dest: empty
                                                                                                                                                                                                                                                                                                                Accept-Encoding: gzip, deflate, br
                                                                                                                                                                                                                                                                                                                Accept-Language: en-US,en;q=0.9
                                                                                                                                                                                                                                                                                                                Cookie: test_cookie=CheckForPermission
                                                                                                                                                                                                                                                                                                                2024-10-04 14:00:26 UTC1011INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                P3P: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
                                                                                                                                                                                                                                                                                                                Timing-Allow-Origin: *
                                                                                                                                                                                                                                                                                                                Cross-Origin-Resource-Policy: cross-origin
                                                                                                                                                                                                                                                                                                                Date: Fri, 04 Oct 2024 14:00:26 GMT
                                                                                                                                                                                                                                                                                                                Pragma: no-cache
                                                                                                                                                                                                                                                                                                                Expires: Fri, 01 Jan 1990 00:00:00 GMT
                                                                                                                                                                                                                                                                                                                Cache-Control: no-cache, must-revalidate
                                                                                                                                                                                                                                                                                                                Content-Type: text/javascript; charset=UTF-8
                                                                                                                                                                                                                                                                                                                X-Content-Type-Options: nosniff
                                                                                                                                                                                                                                                                                                                Content-Disposition: attachment; filename="f.txt"
                                                                                                                                                                                                                                                                                                                Server: cafe
                                                                                                                                                                                                                                                                                                                X-XSS-Protection: 0
                                                                                                                                                                                                                                                                                                                Set-Cookie: test_cookie=; domain=.doubleclick.net; path=/; expires=Fri, 01-Aug-2008 22:45:55 GMT; SameSite=none; Secure
                                                                                                                                                                                                                                                                                                                Set-Cookie: IDE=AHWqTUlcbOxuZxAIRNVMJPCWhnNdoGA7tBsUBIgJYhf7UTU85FE6MI1VWNMYjRkY; expires=Sun, 04-Oct-2026 14:00:26 GMT; path=/; domain=.doubleclick.net; Secure; HttpOnly; SameSite=none
                                                                                                                                                                                                                                                                                                                Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                                                                                                                                                                                                                                                Accept-Ranges: none
                                                                                                                                                                                                                                                                                                                Vary: Accept-Encoding
                                                                                                                                                                                                                                                                                                                Connection: close
                                                                                                                                                                                                                                                                                                                Transfer-Encoding: chunked
                                                                                                                                                                                                                                                                                                                2024-10-04 14:00:26 UTC379INData Raw: 31 32 66 33 0d 0a 28 66 75 6e 63 74 69 6f 6e 28 29 7b 76 61 72 20 73 20 3d 20 7b 7d 3b 28 66 75 6e 63 74 69 6f 6e 28 29 7b 76 61 72 20 68 3d 74 79 70 65 6f 66 20 4f 62 6a 65 63 74 2e 64 65 66 69 6e 65 50 72 6f 70 65 72 74 69 65 73 3d 3d 22 66 75 6e 63 74 69 6f 6e 22 3f 4f 62 6a 65 63 74 2e 64 65 66 69 6e 65 50 72 6f 70 65 72 74 79 3a 66 75 6e 63 74 69 6f 6e 28 61 2c 62 2c 64 29 7b 69 66 28 61 3d 3d 41 72 72 61 79 2e 70 72 6f 74 6f 74 79 70 65 7c 7c 61 3d 3d 4f 62 6a 65 63 74 2e 70 72 6f 74 6f 74 79 70 65 29 72 65 74 75 72 6e 20 61 3b 61 5b 62 5d 3d 64 2e 76 61 6c 75 65 3b 72 65 74 75 72 6e 20 61 7d 3b 66 75 6e 63 74 69 6f 6e 20 6b 28 61 29 7b 61 3d 5b 22 6f 62 6a 65 63 74 22 3d 3d 74 79 70 65 6f 66 20 67 6c 6f 62 61 6c 54 68 69 73 26 26 67 6c 6f 62 61 6c
                                                                                                                                                                                                                                                                                                                Data Ascii: 12f3(function(){var s = {};(function(){var h=typeof Object.defineProperties=="function"?Object.defineProperty:function(a,b,d){if(a==Array.prototype||a==Object.prototype)return a;a[b]=d.value;return a};function k(a){a=["object"==typeof globalThis&&global
                                                                                                                                                                                                                                                                                                                2024-10-04 14:00:26 UTC1390INData Raw: 2b 62 29 7b 76 61 72 20 64 3d 61 5b 62 5d 3b 69 66 28 64 26 26 64 2e 4d 61 74 68 3d 3d 4d 61 74 68 29 72 65 74 75 72 6e 20 64 7d 74 68 72 6f 77 20 45 72 72 6f 72 28 22 43 61 6e 6e 6f 74 20 66 69 6e 64 20 67 6c 6f 62 61 6c 20 6f 62 6a 65 63 74 22 29 3b 7d 20 76 61 72 20 6d 3d 6b 28 74 68 69 73 29 2c 70 3d 74 79 70 65 6f 66 20 53 79 6d 62 6f 6c 3d 3d 3d 22 66 75 6e 63 74 69 6f 6e 22 26 26 74 79 70 65 6f 66 20 53 79 6d 62 6f 6c 28 22 78 22 29 3d 3d 3d 22 73 79 6d 62 6f 6c 22 2c 74 3d 7b 7d 2c 76 3d 7b 7d 3b 66 75 6e 63 74 69 6f 6e 20 77 28 61 2c 62 2c 64 29 7b 69 66 28 21 64 7c 7c 61 21 3d 6e 75 6c 6c 29 7b 64 3d 76 5b 62 5d 3b 69 66 28 64 3d 3d 6e 75 6c 6c 29 72 65 74 75 72 6e 20 61 5b 62 5d 3b 64 3d 61 5b 64 5d 3b 72 65 74 75 72 6e 20 64 21 3d 3d 76 6f 69
                                                                                                                                                                                                                                                                                                                Data Ascii: +b){var d=a[b];if(d&&d.Math==Math)return d}throw Error("Cannot find global object");} var m=k(this),p=typeof Symbol==="function"&&typeof Symbol("x")==="symbol",t={},v={};function w(a,b,d){if(!d||a!=null){d=v[b];if(d==null)return a[b];d=a[d];return d!==voi
                                                                                                                                                                                                                                                                                                                2024-10-04 14:00:26 UTC1390INData Raw: 7b 48 3d 6e 75 6c 6c 3b 62 72 65 61 6b 20 61 7d 48 3d 4c 7d 76 61 72 20 4e 3d 48 26 26 48 5b 36 31 30 34 30 31 33 30 31 5d 3b 47 3d 4e 21 3d 6e 75 6c 6c 3f 4e 3a 21 31 3b 76 61 72 20 4f 2c 50 3d 7a 2e 6e 61 76 69 67 61 74 6f 72 3b 4f 3d 50 3f 50 2e 75 73 65 72 41 67 65 6e 74 44 61 74 61 7c 7c 6e 75 6c 6c 3a 6e 75 6c 6c 3b 66 75 6e 63 74 69 6f 6e 20 51 28 61 29 7b 72 65 74 75 72 6e 20 47 3f 4f 3f 4f 2e 62 72 61 6e 64 73 2e 73 6f 6d 65 28 66 75 6e 63 74 69 6f 6e 28 62 29 7b 72 65 74 75 72 6e 28 62 3d 62 2e 62 72 61 6e 64 29 26 26 62 2e 69 6e 64 65 78 4f 66 28 61 29 21 3d 2d 31 7d 29 3a 21 31 3a 21 31 7d 66 75 6e 63 74 69 6f 6e 20 52 28 61 29 7b 76 61 72 20 62 3b 61 3a 7b 69 66 28 62 3d 7a 2e 6e 61 76 69 67 61 74 6f 72 29 69 66 28 62 3d 62 2e 75 73 65 72 41
                                                                                                                                                                                                                                                                                                                Data Ascii: {H=null;break a}H=L}var N=H&&H[610401301];G=N!=null?N:!1;var O,P=z.navigator;O=P?P.userAgentData||null:null;function Q(a){return G?O?O.brands.some(function(b){return(b=b.brand)&&b.indexOf(a)!=-1}):!1:!1}function R(a){var b;a:{if(b=z.navigator)if(b=b.userA
                                                                                                                                                                                                                                                                                                                2024-10-04 14:00:26 UTC1390INData Raw: 73 69 67 6e 22 29 2e 63 61 6c 6c 28 4f 62 6a 65 63 74 2c 7b 7d 2c 46 29 3b 6e 26 26 28 6e 2e 61 74 74 72 69 62 75 74 69 6f 6e 52 65 70 6f 72 74 69 6e 67 26 26 20 28 49 2e 61 74 74 72 69 62 75 74 69 6f 6e 52 65 70 6f 72 74 69 6e 67 3d 6e 2e 61 74 74 72 69 62 75 74 69 6f 6e 52 65 70 6f 72 74 69 6e 67 29 2c 6e 2e 62 72 6f 77 73 69 6e 67 54 6f 70 69 63 73 26 26 28 49 2e 62 72 6f 77 73 69 6e 67 54 6f 70 69 63 73 3d 6e 2e 62 72 6f 77 73 69 6e 67 54 6f 70 69 63 73 29 29 3b 74 72 79 7b 76 61 72 20 53 3d 43 2e 66 65 74 63 68 28 71 2c 49 29 3b 53 26 26 53 2e 63 61 74 63 68 28 42 29 3b 76 61 72 20 4a 3d 21 30 3b 62 72 65 61 6b 20 61 7d 63 61 74 63 68 28 62 61 29 7b 7d 7d 69 66 28 6e 26 26 6e 2e 6e 6f 46 61 6c 6c 62 61 63 6b 29 4a 3d 21 31 3b 65 6c 73 65 7b 74 72 79
                                                                                                                                                                                                                                                                                                                Data Ascii: sign").call(Object,{},F);n&&(n.attributionReporting&& (I.attributionReporting=n.attributionReporting),n.browsingTopics&&(I.browsingTopics=n.browsingTopics));try{var S=C.fetch(q,I);S&&S.catch(B);var J=!0;break a}catch(ba){}}if(n&&n.noFallback)J=!1;else{try
                                                                                                                                                                                                                                                                                                                2024-10-04 14:00:26 UTC310INData Raw: 33 42 31 31 37 2e 30 2e 35 39 33 38 2e 31 33 32 5c 78 32 36 75 61 6d 62 5c 78 33 64 30 5c 78 32 36 75 61 6d 5c 78 33 64 5c 78 32 36 75 61 70 5c 78 33 64 57 69 6e 64 6f 77 73 5c 78 32 36 75 61 70 76 5c 78 33 64 31 30 2e 30 2e 30 5c 78 32 36 75 61 77 5c 78 33 64 30 5c 78 32 36 66 6c 65 64 67 65 5c 78 33 64 31 5c 78 32 36 64 61 74 61 5c 78 33 64 65 76 65 6e 74 25 33 44 70 61 67 65 5f 76 69 65 77 5c 78 32 36 72 66 6d 74 5c 78 33 64 33 5c 78 32 36 66 6d 74 5c 78 33 64 33 5c 78 32 36 69 73 5f 76 74 63 5c 78 33 64 31 5c 78 32 36 63 69 64 5c 78 33 64 43 41 51 53 4b 51 44 70 61 58 6e 66 5f 43 38 34 30 66 55 70 67 72 6f 2d 66 36 61 61 30 6e 53 66 34 50 50 47 41 43 39 6d 59 52 71 68 77 7a 73 2d 79 7a 2d 38 75 70 31 49 4a 42 6a 66 5c 78 32 36 72 61 6e 64 6f 6d 5c 78
                                                                                                                                                                                                                                                                                                                Data Ascii: 3B117.0.5938.132\x26uamb\x3d0\x26uam\x3d\x26uap\x3dWindows\x26uapv\x3d10.0.0\x26uaw\x3d0\x26fledge\x3d1\x26data\x3devent%3Dpage_view\x26rfmt\x3d3\x26fmt\x3d3\x26is_vtc\x3d1\x26cid\x3dCAQSKQDpaXnf_C840fUpgro-f6aa0nSf4PPGAC9mYRqhwzs-yz-8up1IJBjf\x26random\x
                                                                                                                                                                                                                                                                                                                2024-10-04 14:00:26 UTC5INData Raw: 30 0d 0a 0d 0a
                                                                                                                                                                                                                                                                                                                Data Ascii: 0


                                                                                                                                                                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                                40192.168.2.44979145.32.1.234437872C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                2024-10-04 14:00:27 UTC544OUTGET /api/api.php HTTP/1.1
                                                                                                                                                                                                                                                                                                                Host: pcapp.store
                                                                                                                                                                                                                                                                                                                Connection: keep-alive
                                                                                                                                                                                                                                                                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36
                                                                                                                                                                                                                                                                                                                Accept: */*
                                                                                                                                                                                                                                                                                                                Sec-Fetch-Site: none
                                                                                                                                                                                                                                                                                                                Sec-Fetch-Mode: cors
                                                                                                                                                                                                                                                                                                                Sec-Fetch-Dest: empty
                                                                                                                                                                                                                                                                                                                Accept-Encoding: gzip, deflate, br
                                                                                                                                                                                                                                                                                                                Accept-Language: en-US,en;q=0.9
                                                                                                                                                                                                                                                                                                                Cookie: _fcid=1728048003008516; _gcl_au=1.1.1413056622.1728050423; _ga=GA1.1.1613511744.1728050423; guid=71434D56-1548-ED3D-AEE6-C75AECD93BF0; _ga_VFQWFX3X1C=GS1.1.1728050423.1.0.1728050423.60.0.0
                                                                                                                                                                                                                                                                                                                2024-10-04 14:00:27 UTC211INHTTP/1.1 404 Not Found
                                                                                                                                                                                                                                                                                                                Server: nginx
                                                                                                                                                                                                                                                                                                                Date: Fri, 04 Oct 2024 14:00:27 GMT
                                                                                                                                                                                                                                                                                                                Content-Type: text/html; charset=UTF-8
                                                                                                                                                                                                                                                                                                                Transfer-Encoding: chunked
                                                                                                                                                                                                                                                                                                                Connection: close
                                                                                                                                                                                                                                                                                                                Vary: Accept-Encoding
                                                                                                                                                                                                                                                                                                                Vary: Accept-Encoding
                                                                                                                                                                                                                                                                                                                2024-10-04 14:00:27 UTC5INData Raw: 30 0d 0a 0d 0a
                                                                                                                                                                                                                                                                                                                Data Ascii: 0


                                                                                                                                                                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                                41192.168.2.449790142.250.185.1004437872C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                2024-10-04 14:00:27 UTC1493OUTGET /pagead/1p-user-list/858128210/?random=1728050424541&cv=11&fst=1728050400000&bg=ffffff&guid=ON&async=1&gtm=45be4a20v9103256652za200&gcd=13l3l3l3l1l1&dma=0&tag_exp=101671035~101747727&u_w=1280&u_h=1024&url=https%3A%2F%2Fpcapp.store%2F%3Fp%3Dlpd_installing_r2%26guid%3D71434D56-1548-ED3D-AEE6-C75AECD93BF0%26_fcid%3D1728048003008516%26_winver%3D19045%26version%3Dfa.1091x&label=kTaFCIuq0YYZENL-l5kD&hn=www.googleadservices.com&frm=0&tiba=APP%20STORE%3A%20Installing&value=1&currency_code=USD&npa=0&pscdl=noapi&auid=1413056622.1728050423&uaa=x86&uab=64&uafvl=Google%2520Chrome%3B117.0.5938.132%7CNot%253BA%253DBrand%3B8.0.0.0%7CChromium%3B117.0.5938.132&uamb=0&uam=&uap=Windows&uapv=10.0.0&uaw=0&fledge=1&data=event%3Dconversion&rfmt=3&fmt=3&is_vtc=1&cid=CAQSGwDpaXnfrQKJZqhbwCZL-JlMDajsFktEauMEvw&random=1288843383&rmt_tld=0&ipr=y HTTP/1.1
                                                                                                                                                                                                                                                                                                                Host: www.google.com
                                                                                                                                                                                                                                                                                                                Connection: keep-alive
                                                                                                                                                                                                                                                                                                                sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"
                                                                                                                                                                                                                                                                                                                sec-ch-ua-mobile: ?0
                                                                                                                                                                                                                                                                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36
                                                                                                                                                                                                                                                                                                                sec-ch-ua-platform: "Windows"
                                                                                                                                                                                                                                                                                                                Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
                                                                                                                                                                                                                                                                                                                X-Client-Data: CKq1yQEIi7bJAQiktskBCKmdygEIoOHKAQiWocsBCJz+zAEIhaDNAQi5ys0BCIrTzQEY9snNARjrjaUX
                                                                                                                                                                                                                                                                                                                Sec-Fetch-Site: cross-site
                                                                                                                                                                                                                                                                                                                Sec-Fetch-Mode: no-cors
                                                                                                                                                                                                                                                                                                                Sec-Fetch-Dest: image
                                                                                                                                                                                                                                                                                                                Referer: https://pcapp.store/
                                                                                                                                                                                                                                                                                                                Accept-Encoding: gzip, deflate, br
                                                                                                                                                                                                                                                                                                                Accept-Language: en-US,en;q=0.9
                                                                                                                                                                                                                                                                                                                2024-10-04 14:00:28 UTC602INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                P3P: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
                                                                                                                                                                                                                                                                                                                Timing-Allow-Origin: *
                                                                                                                                                                                                                                                                                                                Cross-Origin-Resource-Policy: cross-origin
                                                                                                                                                                                                                                                                                                                Date: Fri, 04 Oct 2024 14:00:27 GMT
                                                                                                                                                                                                                                                                                                                Pragma: no-cache
                                                                                                                                                                                                                                                                                                                Expires: Fri, 01 Jan 1990 00:00:00 GMT
                                                                                                                                                                                                                                                                                                                Cache-Control: no-cache, no-store, must-revalidate
                                                                                                                                                                                                                                                                                                                Content-Type: image/gif
                                                                                                                                                                                                                                                                                                                Content-Security-Policy: script-src 'none'; object-src 'none'
                                                                                                                                                                                                                                                                                                                X-Content-Type-Options: nosniff
                                                                                                                                                                                                                                                                                                                Server: cafe
                                                                                                                                                                                                                                                                                                                Content-Length: 42
                                                                                                                                                                                                                                                                                                                X-XSS-Protection: 0
                                                                                                                                                                                                                                                                                                                Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                                                                                                                                                                                                                                                Connection: close
                                                                                                                                                                                                                                                                                                                2024-10-04 14:00:28 UTC42INData Raw: 47 49 46 38 39 61 01 00 01 00 80 00 00 00 00 00 ff ff ff 21 f9 04 01 00 00 00 00 2c 00 00 00 00 01 00 01 00 00 02 01 44 00 3b
                                                                                                                                                                                                                                                                                                                Data Ascii: GIF89a!,D;


                                                                                                                                                                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                                42192.168.2.449792172.217.18.24437872C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                2024-10-04 14:00:27 UTC1234OUTGET /pagead/viewthroughconversion/858128210/?random=1728050424541&cv=11&fst=1728050424541&bg=ffffff&guid=ON&async=1&gtm=45be4a20v9103256652za200&gcd=13l3l3l3l1l1&dma=0&tag_exp=101671035~101747727&u_w=1280&u_h=1024&url=https%3A%2F%2Fpcapp.store%2F%3Fp%3Dlpd_installing_r2%26guid%3D71434D56-1548-ED3D-AEE6-C75AECD93BF0%26_fcid%3D1728048003008516%26_winver%3D19045%26version%3Dfa.1091x&label=kTaFCIuq0YYZENL-l5kD&hn=www.googleadservices.com&frm=0&tiba=APP%20STORE%3A%20Installing&value=1&currency_code=USD&npa=0&pscdl=noapi&auid=1413056622.1728050423&uaa=x86&uab=64&uafvl=Google%2520Chrome%3B117.0.5938.132%7CNot%253BA%253DBrand%3B8.0.0.0%7CChromium%3B117.0.5938.132&uamb=0&uam=&uap=Windows&uapv=10.0.0&uaw=0&fledge=1&data=event%3Dconversion&rfmt=3&fmt=4 HTTP/1.1
                                                                                                                                                                                                                                                                                                                Host: googleads.g.doubleclick.net
                                                                                                                                                                                                                                                                                                                Connection: keep-alive
                                                                                                                                                                                                                                                                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36
                                                                                                                                                                                                                                                                                                                Accept: */*
                                                                                                                                                                                                                                                                                                                X-Client-Data: CKq1yQEIi7bJAQiktskBCKmdygEIoOHKAQiWocsBCJz+zAEIhaDNAQi5ys0BCIrTzQEY9snNARjrjaUX
                                                                                                                                                                                                                                                                                                                Sec-Fetch-Site: none
                                                                                                                                                                                                                                                                                                                Sec-Fetch-Mode: cors
                                                                                                                                                                                                                                                                                                                Sec-Fetch-Dest: empty
                                                                                                                                                                                                                                                                                                                Accept-Encoding: gzip, deflate, br
                                                                                                                                                                                                                                                                                                                Accept-Language: en-US,en;q=0.9
                                                                                                                                                                                                                                                                                                                Cookie: test_cookie=CheckForPermission
                                                                                                                                                                                                                                                                                                                2024-10-04 14:00:28 UTC1011INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                P3P: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
                                                                                                                                                                                                                                                                                                                Timing-Allow-Origin: *
                                                                                                                                                                                                                                                                                                                Cross-Origin-Resource-Policy: cross-origin
                                                                                                                                                                                                                                                                                                                Date: Fri, 04 Oct 2024 14:00:27 GMT
                                                                                                                                                                                                                                                                                                                Pragma: no-cache
                                                                                                                                                                                                                                                                                                                Expires: Fri, 01 Jan 1990 00:00:00 GMT
                                                                                                                                                                                                                                                                                                                Cache-Control: no-cache, must-revalidate
                                                                                                                                                                                                                                                                                                                Content-Type: text/javascript; charset=UTF-8
                                                                                                                                                                                                                                                                                                                X-Content-Type-Options: nosniff
                                                                                                                                                                                                                                                                                                                Content-Disposition: attachment; filename="f.txt"
                                                                                                                                                                                                                                                                                                                Server: cafe
                                                                                                                                                                                                                                                                                                                X-XSS-Protection: 0
                                                                                                                                                                                                                                                                                                                Set-Cookie: test_cookie=; domain=.doubleclick.net; path=/; expires=Fri, 01-Aug-2008 22:45:55 GMT; SameSite=none; Secure
                                                                                                                                                                                                                                                                                                                Set-Cookie: IDE=AHWqTUkraNGVGru0vg0P6BQ6rpN9dwHIoRaybihmJ6mIOp_h81XMS5uQa9tHt37n; expires=Sun, 04-Oct-2026 14:00:27 GMT; path=/; domain=.doubleclick.net; Secure; HttpOnly; SameSite=none
                                                                                                                                                                                                                                                                                                                Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                                                                                                                                                                                                                                                Accept-Ranges: none
                                                                                                                                                                                                                                                                                                                Vary: Accept-Encoding
                                                                                                                                                                                                                                                                                                                Connection: close
                                                                                                                                                                                                                                                                                                                Transfer-Encoding: chunked
                                                                                                                                                                                                                                                                                                                2024-10-04 14:00:28 UTC379INData Raw: 31 33 35 36 0d 0a 28 66 75 6e 63 74 69 6f 6e 28 29 7b 76 61 72 20 73 20 3d 20 7b 7d 3b 28 66 75 6e 63 74 69 6f 6e 28 29 7b 76 61 72 20 68 3d 74 79 70 65 6f 66 20 4f 62 6a 65 63 74 2e 64 65 66 69 6e 65 50 72 6f 70 65 72 74 69 65 73 3d 3d 22 66 75 6e 63 74 69 6f 6e 22 3f 4f 62 6a 65 63 74 2e 64 65 66 69 6e 65 50 72 6f 70 65 72 74 79 3a 66 75 6e 63 74 69 6f 6e 28 61 2c 62 2c 64 29 7b 69 66 28 61 3d 3d 41 72 72 61 79 2e 70 72 6f 74 6f 74 79 70 65 7c 7c 61 3d 3d 4f 62 6a 65 63 74 2e 70 72 6f 74 6f 74 79 70 65 29 72 65 74 75 72 6e 20 61 3b 61 5b 62 5d 3d 64 2e 76 61 6c 75 65 3b 72 65 74 75 72 6e 20 61 7d 3b 66 75 6e 63 74 69 6f 6e 20 6b 28 61 29 7b 61 3d 5b 22 6f 62 6a 65 63 74 22 3d 3d 74 79 70 65 6f 66 20 67 6c 6f 62 61 6c 54 68 69 73 26 26 67 6c 6f 62 61 6c
                                                                                                                                                                                                                                                                                                                Data Ascii: 1356(function(){var s = {};(function(){var h=typeof Object.defineProperties=="function"?Object.defineProperty:function(a,b,d){if(a==Array.prototype||a==Object.prototype)return a;a[b]=d.value;return a};function k(a){a=["object"==typeof globalThis&&global
                                                                                                                                                                                                                                                                                                                2024-10-04 14:00:28 UTC1390INData Raw: 2b 62 29 7b 76 61 72 20 64 3d 61 5b 62 5d 3b 69 66 28 64 26 26 64 2e 4d 61 74 68 3d 3d 4d 61 74 68 29 72 65 74 75 72 6e 20 64 7d 74 68 72 6f 77 20 45 72 72 6f 72 28 22 43 61 6e 6e 6f 74 20 66 69 6e 64 20 67 6c 6f 62 61 6c 20 6f 62 6a 65 63 74 22 29 3b 7d 20 76 61 72 20 6d 3d 6b 28 74 68 69 73 29 2c 70 3d 74 79 70 65 6f 66 20 53 79 6d 62 6f 6c 3d 3d 3d 22 66 75 6e 63 74 69 6f 6e 22 26 26 74 79 70 65 6f 66 20 53 79 6d 62 6f 6c 28 22 78 22 29 3d 3d 3d 22 73 79 6d 62 6f 6c 22 2c 74 3d 7b 7d 2c 76 3d 7b 7d 3b 66 75 6e 63 74 69 6f 6e 20 77 28 61 2c 62 2c 64 29 7b 69 66 28 21 64 7c 7c 61 21 3d 6e 75 6c 6c 29 7b 64 3d 76 5b 62 5d 3b 69 66 28 64 3d 3d 6e 75 6c 6c 29 72 65 74 75 72 6e 20 61 5b 62 5d 3b 64 3d 61 5b 64 5d 3b 72 65 74 75 72 6e 20 64 21 3d 3d 76 6f 69
                                                                                                                                                                                                                                                                                                                Data Ascii: +b){var d=a[b];if(d&&d.Math==Math)return d}throw Error("Cannot find global object");} var m=k(this),p=typeof Symbol==="function"&&typeof Symbol("x")==="symbol",t={},v={};function w(a,b,d){if(!d||a!=null){d=v[b];if(d==null)return a[b];d=a[d];return d!==voi
                                                                                                                                                                                                                                                                                                                2024-10-04 14:00:28 UTC1390INData Raw: 7b 48 3d 6e 75 6c 6c 3b 62 72 65 61 6b 20 61 7d 48 3d 4c 7d 76 61 72 20 4e 3d 48 26 26 48 5b 36 31 30 34 30 31 33 30 31 5d 3b 47 3d 4e 21 3d 6e 75 6c 6c 3f 4e 3a 21 31 3b 76 61 72 20 4f 2c 50 3d 7a 2e 6e 61 76 69 67 61 74 6f 72 3b 4f 3d 50 3f 50 2e 75 73 65 72 41 67 65 6e 74 44 61 74 61 7c 7c 6e 75 6c 6c 3a 6e 75 6c 6c 3b 66 75 6e 63 74 69 6f 6e 20 51 28 61 29 7b 72 65 74 75 72 6e 20 47 3f 4f 3f 4f 2e 62 72 61 6e 64 73 2e 73 6f 6d 65 28 66 75 6e 63 74 69 6f 6e 28 62 29 7b 72 65 74 75 72 6e 28 62 3d 62 2e 62 72 61 6e 64 29 26 26 62 2e 69 6e 64 65 78 4f 66 28 61 29 21 3d 2d 31 7d 29 3a 21 31 3a 21 31 7d 66 75 6e 63 74 69 6f 6e 20 52 28 61 29 7b 76 61 72 20 62 3b 61 3a 7b 69 66 28 62 3d 7a 2e 6e 61 76 69 67 61 74 6f 72 29 69 66 28 62 3d 62 2e 75 73 65 72 41
                                                                                                                                                                                                                                                                                                                Data Ascii: {H=null;break a}H=L}var N=H&&H[610401301];G=N!=null?N:!1;var O,P=z.navigator;O=P?P.userAgentData||null:null;function Q(a){return G?O?O.brands.some(function(b){return(b=b.brand)&&b.indexOf(a)!=-1}):!1:!1}function R(a){var b;a:{if(b=z.navigator)if(b=b.userA
                                                                                                                                                                                                                                                                                                                2024-10-04 14:00:28 UTC1390INData Raw: 73 69 67 6e 22 29 2e 63 61 6c 6c 28 4f 62 6a 65 63 74 2c 7b 7d 2c 46 29 3b 6e 26 26 28 6e 2e 61 74 74 72 69 62 75 74 69 6f 6e 52 65 70 6f 72 74 69 6e 67 26 26 20 28 49 2e 61 74 74 72 69 62 75 74 69 6f 6e 52 65 70 6f 72 74 69 6e 67 3d 6e 2e 61 74 74 72 69 62 75 74 69 6f 6e 52 65 70 6f 72 74 69 6e 67 29 2c 6e 2e 62 72 6f 77 73 69 6e 67 54 6f 70 69 63 73 26 26 28 49 2e 62 72 6f 77 73 69 6e 67 54 6f 70 69 63 73 3d 6e 2e 62 72 6f 77 73 69 6e 67 54 6f 70 69 63 73 29 29 3b 74 72 79 7b 76 61 72 20 53 3d 43 2e 66 65 74 63 68 28 71 2c 49 29 3b 53 26 26 53 2e 63 61 74 63 68 28 42 29 3b 76 61 72 20 4a 3d 21 30 3b 62 72 65 61 6b 20 61 7d 63 61 74 63 68 28 62 61 29 7b 7d 7d 69 66 28 6e 26 26 6e 2e 6e 6f 46 61 6c 6c 62 61 63 6b 29 4a 3d 21 31 3b 65 6c 73 65 7b 74 72 79
                                                                                                                                                                                                                                                                                                                Data Ascii: sign").call(Object,{},F);n&&(n.attributionReporting&& (I.attributionReporting=n.attributionReporting),n.browsingTopics&&(I.browsingTopics=n.browsingTopics));try{var S=C.fetch(q,I);S&&S.catch(B);var J=!0;break a}catch(ba){}}if(n&&n.noFallback)J=!1;else{try
                                                                                                                                                                                                                                                                                                                2024-10-04 14:00:28 UTC409INData Raw: 62 5c 78 33 64 36 34 5c 78 32 36 75 61 66 76 6c 5c 78 33 64 47 6f 6f 67 6c 65 25 32 35 32 30 43 68 72 6f 6d 65 25 33 42 31 31 37 2e 30 2e 35 39 33 38 2e 31 33 32 25 37 43 4e 6f 74 25 32 35 33 42 41 25 32 35 33 44 42 72 61 6e 64 25 33 42 38 2e 30 2e 30 2e 30 25 37 43 43 68 72 6f 6d 69 75 6d 25 33 42 31 31 37 2e 30 2e 35 39 33 38 2e 31 33 32 5c 78 32 36 75 61 6d 62 5c 78 33 64 30 5c 78 32 36 75 61 6d 5c 78 33 64 5c 78 32 36 75 61 70 5c 78 33 64 57 69 6e 64 6f 77 73 5c 78 32 36 75 61 70 76 5c 78 33 64 31 30 2e 30 2e 30 5c 78 32 36 75 61 77 5c 78 33 64 30 5c 78 32 36 66 6c 65 64 67 65 5c 78 33 64 31 5c 78 32 36 64 61 74 61 5c 78 33 64 65 76 65 6e 74 25 33 44 63 6f 6e 76 65 72 73 69 6f 6e 5c 78 32 36 72 66 6d 74 5c 78 33 64 33 5c 78 32 36 66 6d 74 5c 78 33 64
                                                                                                                                                                                                                                                                                                                Data Ascii: b\x3d64\x26uafvl\x3dGoogle%2520Chrome%3B117.0.5938.132%7CNot%253BA%253DBrand%3B8.0.0.0%7CChromium%3B117.0.5938.132\x26uamb\x3d0\x26uam\x3d\x26uap\x3dWindows\x26uapv\x3d10.0.0\x26uaw\x3d0\x26fledge\x3d1\x26data\x3devent%3Dconversion\x26rfmt\x3d3\x26fmt\x3d
                                                                                                                                                                                                                                                                                                                2024-10-04 14:00:28 UTC5INData Raw: 30 0d 0a 0d 0a
                                                                                                                                                                                                                                                                                                                Data Ascii: 0


                                                                                                                                                                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                                43192.168.2.449794142.250.186.1004437872C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                2024-10-04 14:00:27 UTC1209OUTGET /pagead/1p-user-list/858128210/?random=1728050423031&cv=11&fst=1728050400000&bg=ffffff&guid=ON&async=1&gtm=45be4a20v9103256652za200&gcd=13l3l3l3l1l1&dma=0&tag_exp=101671035~101747727&u_w=1280&u_h=1024&url=https%3A%2F%2Fpcapp.store%2F%3Fp%3Dlpd_installing_r2%26guid%3D71434D56-1548-ED3D-AEE6-C75AECD93BF0%26_fcid%3D1728048003008516%26_winver%3D19045%26version%3Dfa.1091x&hn=www.googleadservices.com&frm=0&tiba=APP%20STORE%3A%20Installing&npa=0&pscdl=noapi&auid=1413056622.1728050423&uaa=x86&uab=64&uafvl=Google%2520Chrome%3B117.0.5938.132%7CNot%253BA%253DBrand%3B8.0.0.0%7CChromium%3B117.0.5938.132&uamb=0&uam=&uap=Windows&uapv=10.0.0&uaw=0&fledge=1&data=event%3Dgtag.config&rfmt=3&fmt=3&is_vtc=1&cid=CAQSGwDpaXnfMyJhrDhaB3exTGr8QiAbkrI9dhntbA&random=412081743&rmt_tld=0&ipr=y HTTP/1.1
                                                                                                                                                                                                                                                                                                                Host: www.google.com
                                                                                                                                                                                                                                                                                                                Connection: keep-alive
                                                                                                                                                                                                                                                                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36
                                                                                                                                                                                                                                                                                                                Accept: */*
                                                                                                                                                                                                                                                                                                                X-Client-Data: CKq1yQEIi7bJAQiktskBCKmdygEIoOHKAQiWocsBCJz+zAEIhaDNAQi5ys0BCIrTzQEY9snNARjrjaUX
                                                                                                                                                                                                                                                                                                                Sec-Fetch-Site: none
                                                                                                                                                                                                                                                                                                                Sec-Fetch-Mode: cors
                                                                                                                                                                                                                                                                                                                Sec-Fetch-Dest: empty
                                                                                                                                                                                                                                                                                                                Accept-Encoding: gzip, deflate, br
                                                                                                                                                                                                                                                                                                                Accept-Language: en-US,en;q=0.9
                                                                                                                                                                                                                                                                                                                2024-10-04 14:00:28 UTC602INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                P3P: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
                                                                                                                                                                                                                                                                                                                Timing-Allow-Origin: *
                                                                                                                                                                                                                                                                                                                Cross-Origin-Resource-Policy: cross-origin
                                                                                                                                                                                                                                                                                                                Date: Fri, 04 Oct 2024 14:00:27 GMT
                                                                                                                                                                                                                                                                                                                Pragma: no-cache
                                                                                                                                                                                                                                                                                                                Expires: Fri, 01 Jan 1990 00:00:00 GMT
                                                                                                                                                                                                                                                                                                                Cache-Control: no-cache, no-store, must-revalidate
                                                                                                                                                                                                                                                                                                                Content-Type: image/gif
                                                                                                                                                                                                                                                                                                                Content-Security-Policy: script-src 'none'; object-src 'none'
                                                                                                                                                                                                                                                                                                                X-Content-Type-Options: nosniff
                                                                                                                                                                                                                                                                                                                Server: cafe
                                                                                                                                                                                                                                                                                                                Content-Length: 42
                                                                                                                                                                                                                                                                                                                X-XSS-Protection: 0
                                                                                                                                                                                                                                                                                                                Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                                                                                                                                                                                                                                                Connection: close
                                                                                                                                                                                                                                                                                                                2024-10-04 14:00:28 UTC42INData Raw: 47 49 46 38 39 61 01 00 01 00 80 00 00 00 00 00 ff ff ff 21 f9 04 01 00 00 00 00 2c 00 00 00 00 01 00 01 00 00 02 01 44 00 3b
                                                                                                                                                                                                                                                                                                                Data Ascii: GIF89a!,D;


                                                                                                                                                                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                                44192.168.2.449795142.250.186.1004437872C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                2024-10-04 14:00:27 UTC1208OUTGET /pagead/1p-user-list/858128210/?random=1728050423090&cv=11&fst=1728050400000&bg=ffffff&guid=ON&async=1&gtm=45be4a20v9103256652za200&gcd=13l3l3l3l1l1&dma=0&tag_exp=101671035~101747727&u_w=1280&u_h=1024&url=https%3A%2F%2Fpcapp.store%2F%3Fp%3Dlpd_installing_r2%26guid%3D71434D56-1548-ED3D-AEE6-C75AECD93BF0%26_fcid%3D1728048003008516%26_winver%3D19045%26version%3Dfa.1091x&hn=www.googleadservices.com&frm=0&tiba=APP%20STORE%3A%20Installing&npa=0&pscdl=noapi&auid=1413056622.1728050423&uaa=x86&uab=64&uafvl=Google%2520Chrome%3B117.0.5938.132%7CNot%253BA%253DBrand%3B8.0.0.0%7CChromium%3B117.0.5938.132&uamb=0&uam=&uap=Windows&uapv=10.0.0&uaw=0&fledge=1&data=event%3Dpage_view&rfmt=3&fmt=3&is_vtc=1&cid=CAQSGwDpaXnfHC5MIpIlTCTLIfAxrOxhncFxOihRsw&random=1571864367&rmt_tld=0&ipr=y HTTP/1.1
                                                                                                                                                                                                                                                                                                                Host: www.google.com
                                                                                                                                                                                                                                                                                                                Connection: keep-alive
                                                                                                                                                                                                                                                                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36
                                                                                                                                                                                                                                                                                                                Accept: */*
                                                                                                                                                                                                                                                                                                                X-Client-Data: CKq1yQEIi7bJAQiktskBCKmdygEIoOHKAQiWocsBCJz+zAEIhaDNAQi5ys0BCIrTzQEY9snNARjrjaUX
                                                                                                                                                                                                                                                                                                                Sec-Fetch-Site: none
                                                                                                                                                                                                                                                                                                                Sec-Fetch-Mode: cors
                                                                                                                                                                                                                                                                                                                Sec-Fetch-Dest: empty
                                                                                                                                                                                                                                                                                                                Accept-Encoding: gzip, deflate, br
                                                                                                                                                                                                                                                                                                                Accept-Language: en-US,en;q=0.9
                                                                                                                                                                                                                                                                                                                2024-10-04 14:00:28 UTC602INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                P3P: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
                                                                                                                                                                                                                                                                                                                Timing-Allow-Origin: *
                                                                                                                                                                                                                                                                                                                Cross-Origin-Resource-Policy: cross-origin
                                                                                                                                                                                                                                                                                                                Date: Fri, 04 Oct 2024 14:00:27 GMT
                                                                                                                                                                                                                                                                                                                Pragma: no-cache
                                                                                                                                                                                                                                                                                                                Expires: Fri, 01 Jan 1990 00:00:00 GMT
                                                                                                                                                                                                                                                                                                                Cache-Control: no-cache, no-store, must-revalidate
                                                                                                                                                                                                                                                                                                                Content-Type: image/gif
                                                                                                                                                                                                                                                                                                                Content-Security-Policy: script-src 'none'; object-src 'none'
                                                                                                                                                                                                                                                                                                                X-Content-Type-Options: nosniff
                                                                                                                                                                                                                                                                                                                Server: cafe
                                                                                                                                                                                                                                                                                                                Content-Length: 42
                                                                                                                                                                                                                                                                                                                X-XSS-Protection: 0
                                                                                                                                                                                                                                                                                                                Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                                                                                                                                                                                                                                                Connection: close
                                                                                                                                                                                                                                                                                                                2024-10-04 14:00:28 UTC42INData Raw: 47 49 46 38 39 61 01 00 01 00 80 00 00 00 00 00 ff ff ff 21 f9 04 01 00 00 00 00 2c 00 00 00 00 01 00 01 00 00 02 01 44 00 3b
                                                                                                                                                                                                                                                                                                                Data Ascii: GIF89a!,D;


                                                                                                                                                                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                                45192.168.2.449788184.28.90.27443
                                                                                                                                                                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                2024-10-04 14:00:27 UTC161OUTHEAD /fs/windows/config.json HTTP/1.1
                                                                                                                                                                                                                                                                                                                Connection: Keep-Alive
                                                                                                                                                                                                                                                                                                                Accept: */*
                                                                                                                                                                                                                                                                                                                Accept-Encoding: identity
                                                                                                                                                                                                                                                                                                                User-Agent: Microsoft BITS/7.8
                                                                                                                                                                                                                                                                                                                Host: fs.microsoft.com
                                                                                                                                                                                                                                                                                                                2024-10-04 14:00:28 UTC467INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                Content-Disposition: attachment; filename=config.json; filename*=UTF-8''config.json
                                                                                                                                                                                                                                                                                                                Content-Type: application/octet-stream
                                                                                                                                                                                                                                                                                                                ETag: "0x64667F707FF07D62B733DBCB79EFE3855E6886C9975B0C0B467D46231B3FA5E7"
                                                                                                                                                                                                                                                                                                                Last-Modified: Tue, 16 May 2017 22:58:00 GMT
                                                                                                                                                                                                                                                                                                                Server: ECAcc (lpl/EF70)
                                                                                                                                                                                                                                                                                                                X-CID: 11
                                                                                                                                                                                                                                                                                                                X-Ms-ApiVersion: Distribute 1.2
                                                                                                                                                                                                                                                                                                                X-Ms-Region: prod-neu-z1
                                                                                                                                                                                                                                                                                                                Cache-Control: public, max-age=182686
                                                                                                                                                                                                                                                                                                                Date: Fri, 04 Oct 2024 14:00:27 GMT
                                                                                                                                                                                                                                                                                                                Connection: close
                                                                                                                                                                                                                                                                                                                X-CID: 2


                                                                                                                                                                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                                46192.168.2.449797104.248.126.2254437872C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                2024-10-04 14:00:28 UTC908OUTGET /lp/appstore/img/favicon.ico HTTP/1.1
                                                                                                                                                                                                                                                                                                                Host: pcapp.store
                                                                                                                                                                                                                                                                                                                Connection: keep-alive
                                                                                                                                                                                                                                                                                                                sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"
                                                                                                                                                                                                                                                                                                                sec-ch-ua-mobile: ?0
                                                                                                                                                                                                                                                                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36
                                                                                                                                                                                                                                                                                                                sec-ch-ua-platform: "Windows"
                                                                                                                                                                                                                                                                                                                Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
                                                                                                                                                                                                                                                                                                                Sec-Fetch-Site: same-origin
                                                                                                                                                                                                                                                                                                                Sec-Fetch-Mode: no-cors
                                                                                                                                                                                                                                                                                                                Sec-Fetch-Dest: image
                                                                                                                                                                                                                                                                                                                Referer: https://pcapp.store/?p=lpd_installing_r2&guid=71434D56-1548-ED3D-AEE6-C75AECD93BF0&_fcid=1728048003008516&_winver=19045&version=fa.1091x
                                                                                                                                                                                                                                                                                                                Accept-Encoding: gzip, deflate, br
                                                                                                                                                                                                                                                                                                                Accept-Language: en-US,en;q=0.9
                                                                                                                                                                                                                                                                                                                Cookie: _fcid=1728048003008516; _gcl_au=1.1.1413056622.1728050423; _ga=GA1.1.1613511744.1728050423; guid=71434D56-1548-ED3D-AEE6-C75AECD93BF0; _ga_VFQWFX3X1C=GS1.1.1728050423.1.0.1728050423.60.0.0
                                                                                                                                                                                                                                                                                                                2024-10-04 14:00:28 UTC307INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                Server: nginx
                                                                                                                                                                                                                                                                                                                Date: Fri, 04 Oct 2024 14:00:28 GMT
                                                                                                                                                                                                                                                                                                                Content-Type: image/x-icon
                                                                                                                                                                                                                                                                                                                Content-Length: 4286
                                                                                                                                                                                                                                                                                                                Connection: close
                                                                                                                                                                                                                                                                                                                Strict-Transport-Security: max-age=31536000; includeSubDomains
                                                                                                                                                                                                                                                                                                                Accept-Ranges: bytes
                                                                                                                                                                                                                                                                                                                Cache-Control: no-store, no-cache, must-revalidate, proxy-revalidate, max-age=0
                                                                                                                                                                                                                                                                                                                2024-10-04 14:00:28 UTC4286INData Raw: 00 00 01 00 01 00 20 20 00 00 01 00 20 00 a8 10 00 00 16 00 00 00 28 00 00 00 20 00 00 00 40 00 00 00 01 00 20 00 00 00 00 00 00 10 00 00 12 0b 00 00 12 0b 00 00 00 00 00 00 00 00 00 00 ff ff ff 00 ff ff ff 00 2c 68 ff 40 2c 68 ff c0 2c 68 ff ff 2c 68 ff ff 2c 68 ff ff 2c 68 ff ff 2c 68 ff ff 2c 68 ff ff 2c 68 ff ff 2c 68 ff ff 2c 68 ff ff 2c 68 ff ff 2c 68 ff ff 2c 68 ff ff 2c 68 ff ff 2c 68 ff ff 2c 68 ff ff 2c 68 ff ff 2c 68 ff ff 2c 68 ff ff 2c 68 ff ff 2c 68 ff ff 2c 68 ff ff 2c 68 ff ff 2c 68 ff ff 2c 68 ff ff 2c 68 ff c0 2c 68 ff 40 ff ff ff 00 ff ff ff 00 ff ff ff 00 2c 68 ff 60 2c 68 ff ff 2c 68 ff ff 2c 68 ff ff 2c 68 ff ff 2c 68 ff ff 2c 68 ff ff 2c 68 ff ff 2c 68 ff ff 2c 68 ff ff 2c 68 ff ff 2c 68 ff ff 2c 68 ff ff 2c 68 ff ff 2c 68 ff ff 2c
                                                                                                                                                                                                                                                                                                                Data Ascii: ( @ ,h@,h,h,h,h,h,h,h,h,h,h,h,h,h,h,h,h,h,h,h,h,h,h,h,h,h,h,h@,h`,h,h,h,h,h,h,h,h,h,h,h,h,h,h,


                                                                                                                                                                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                                47192.168.2.449796184.28.90.27443
                                                                                                                                                                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                2024-10-04 14:00:28 UTC239OUTGET /fs/windows/config.json HTTP/1.1
                                                                                                                                                                                                                                                                                                                Connection: Keep-Alive
                                                                                                                                                                                                                                                                                                                Accept: */*
                                                                                                                                                                                                                                                                                                                Accept-Encoding: identity
                                                                                                                                                                                                                                                                                                                If-Unmodified-Since: Tue, 16 May 2017 22:58:00 GMT
                                                                                                                                                                                                                                                                                                                Range: bytes=0-2147483646
                                                                                                                                                                                                                                                                                                                User-Agent: Microsoft BITS/7.8
                                                                                                                                                                                                                                                                                                                Host: fs.microsoft.com
                                                                                                                                                                                                                                                                                                                2024-10-04 14:00:29 UTC515INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                ApiVersion: Distribute 1.1
                                                                                                                                                                                                                                                                                                                Content-Disposition: attachment; filename=config.json; filename*=UTF-8''config.json
                                                                                                                                                                                                                                                                                                                Content-Type: application/octet-stream
                                                                                                                                                                                                                                                                                                                ETag: "0x64667F707FF07D62B733DBCB79EFE3855E6886C9975B0C0B467D46231B3FA5E7"
                                                                                                                                                                                                                                                                                                                Last-Modified: Tue, 16 May 2017 22:58:00 GMT
                                                                                                                                                                                                                                                                                                                Server: ECAcc (lpl/EF06)
                                                                                                                                                                                                                                                                                                                X-CID: 11
                                                                                                                                                                                                                                                                                                                X-Ms-ApiVersion: Distribute 1.2
                                                                                                                                                                                                                                                                                                                X-Ms-Region: prod-weu-z1
                                                                                                                                                                                                                                                                                                                Cache-Control: public, max-age=182759
                                                                                                                                                                                                                                                                                                                Date: Fri, 04 Oct 2024 14:00:29 GMT
                                                                                                                                                                                                                                                                                                                Content-Length: 55
                                                                                                                                                                                                                                                                                                                Connection: close
                                                                                                                                                                                                                                                                                                                X-CID: 2
                                                                                                                                                                                                                                                                                                                2024-10-04 14:00:29 UTC55INData Raw: 7b 22 66 6f 6e 74 53 65 74 55 72 69 22 3a 22 66 6f 6e 74 73 65 74 2d 32 30 31 37 2d 30 34 2e 6a 73 6f 6e 22 2c 22 62 61 73 65 55 72 69 22 3a 22 66 6f 6e 74 73 22 7d
                                                                                                                                                                                                                                                                                                                Data Ascii: {"fontSetUri":"fontset-2017-04.json","baseUri":"fonts"}


                                                                                                                                                                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                                48192.168.2.449802142.250.186.1004437872C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                2024-10-04 14:00:29 UTC1262OUTGET /pagead/1p-user-list/858128210/?random=1728050424541&cv=11&fst=1728050400000&bg=ffffff&guid=ON&async=1&gtm=45be4a20v9103256652za200&gcd=13l3l3l3l1l1&dma=0&tag_exp=101671035~101747727&u_w=1280&u_h=1024&url=https%3A%2F%2Fpcapp.store%2F%3Fp%3Dlpd_installing_r2%26guid%3D71434D56-1548-ED3D-AEE6-C75AECD93BF0%26_fcid%3D1728048003008516%26_winver%3D19045%26version%3Dfa.1091x&label=kTaFCIuq0YYZENL-l5kD&hn=www.googleadservices.com&frm=0&tiba=APP%20STORE%3A%20Installing&value=1&currency_code=USD&npa=0&pscdl=noapi&auid=1413056622.1728050423&uaa=x86&uab=64&uafvl=Google%2520Chrome%3B117.0.5938.132%7CNot%253BA%253DBrand%3B8.0.0.0%7CChromium%3B117.0.5938.132&uamb=0&uam=&uap=Windows&uapv=10.0.0&uaw=0&fledge=1&data=event%3Dconversion&rfmt=3&fmt=3&is_vtc=1&cid=CAQSGwDpaXnfrQKJZqhbwCZL-JlMDajsFktEauMEvw&random=1288843383&rmt_tld=0&ipr=y HTTP/1.1
                                                                                                                                                                                                                                                                                                                Host: www.google.com
                                                                                                                                                                                                                                                                                                                Connection: keep-alive
                                                                                                                                                                                                                                                                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36
                                                                                                                                                                                                                                                                                                                Accept: */*
                                                                                                                                                                                                                                                                                                                X-Client-Data: CKq1yQEIi7bJAQiktskBCKmdygEIoOHKAQiWocsBCJz+zAEIhaDNAQi5ys0BCIrTzQEY9snNARjrjaUX
                                                                                                                                                                                                                                                                                                                Sec-Fetch-Site: none
                                                                                                                                                                                                                                                                                                                Sec-Fetch-Mode: cors
                                                                                                                                                                                                                                                                                                                Sec-Fetch-Dest: empty
                                                                                                                                                                                                                                                                                                                Accept-Encoding: gzip, deflate, br
                                                                                                                                                                                                                                                                                                                Accept-Language: en-US,en;q=0.9
                                                                                                                                                                                                                                                                                                                2024-10-04 14:00:29 UTC602INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                P3P: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
                                                                                                                                                                                                                                                                                                                Timing-Allow-Origin: *
                                                                                                                                                                                                                                                                                                                Cross-Origin-Resource-Policy: cross-origin
                                                                                                                                                                                                                                                                                                                Date: Fri, 04 Oct 2024 14:00:29 GMT
                                                                                                                                                                                                                                                                                                                Pragma: no-cache
                                                                                                                                                                                                                                                                                                                Expires: Fri, 01 Jan 1990 00:00:00 GMT
                                                                                                                                                                                                                                                                                                                Cache-Control: no-cache, no-store, must-revalidate
                                                                                                                                                                                                                                                                                                                Content-Type: image/gif
                                                                                                                                                                                                                                                                                                                Content-Security-Policy: script-src 'none'; object-src 'none'
                                                                                                                                                                                                                                                                                                                X-Content-Type-Options: nosniff
                                                                                                                                                                                                                                                                                                                Server: cafe
                                                                                                                                                                                                                                                                                                                Content-Length: 42
                                                                                                                                                                                                                                                                                                                X-XSS-Protection: 0
                                                                                                                                                                                                                                                                                                                Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                                                                                                                                                                                                                                                Connection: close
                                                                                                                                                                                                                                                                                                                2024-10-04 14:00:29 UTC42INData Raw: 47 49 46 38 39 61 01 00 01 00 80 00 00 00 00 00 ff ff ff 21 f9 04 01 00 00 00 00 2c 00 00 00 00 01 00 01 00 00 02 01 44 00 3b
                                                                                                                                                                                                                                                                                                                Data Ascii: GIF89a!,D;


                                                                                                                                                                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                                49192.168.2.44980345.32.1.234437872C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                2024-10-04 14:00:29 UTC560OUTGET /lp/appstore/img/favicon.ico HTTP/1.1
                                                                                                                                                                                                                                                                                                                Host: pcapp.store
                                                                                                                                                                                                                                                                                                                Connection: keep-alive
                                                                                                                                                                                                                                                                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36
                                                                                                                                                                                                                                                                                                                Accept: */*
                                                                                                                                                                                                                                                                                                                Sec-Fetch-Site: none
                                                                                                                                                                                                                                                                                                                Sec-Fetch-Mode: cors
                                                                                                                                                                                                                                                                                                                Sec-Fetch-Dest: empty
                                                                                                                                                                                                                                                                                                                Accept-Encoding: gzip, deflate, br
                                                                                                                                                                                                                                                                                                                Accept-Language: en-US,en;q=0.9
                                                                                                                                                                                                                                                                                                                Cookie: _fcid=1728048003008516; _gcl_au=1.1.1413056622.1728050423; _ga=GA1.1.1613511744.1728050423; guid=71434D56-1548-ED3D-AEE6-C75AECD93BF0; _ga_VFQWFX3X1C=GS1.1.1728050423.1.0.1728050423.60.0.0
                                                                                                                                                                                                                                                                                                                2024-10-04 14:00:29 UTC307INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                Server: nginx
                                                                                                                                                                                                                                                                                                                Date: Fri, 04 Oct 2024 14:00:29 GMT
                                                                                                                                                                                                                                                                                                                Content-Type: image/x-icon
                                                                                                                                                                                                                                                                                                                Content-Length: 4286
                                                                                                                                                                                                                                                                                                                Connection: close
                                                                                                                                                                                                                                                                                                                Strict-Transport-Security: max-age=31536000; includeSubDomains
                                                                                                                                                                                                                                                                                                                Accept-Ranges: bytes
                                                                                                                                                                                                                                                                                                                Cache-Control: no-store, no-cache, must-revalidate, proxy-revalidate, max-age=0
                                                                                                                                                                                                                                                                                                                2024-10-04 14:00:29 UTC4286INData Raw: 00 00 01 00 01 00 20 20 00 00 01 00 20 00 a8 10 00 00 16 00 00 00 28 00 00 00 20 00 00 00 40 00 00 00 01 00 20 00 00 00 00 00 00 10 00 00 12 0b 00 00 12 0b 00 00 00 00 00 00 00 00 00 00 ff ff ff 00 ff ff ff 00 2c 68 ff 40 2c 68 ff c0 2c 68 ff ff 2c 68 ff ff 2c 68 ff ff 2c 68 ff ff 2c 68 ff ff 2c 68 ff ff 2c 68 ff ff 2c 68 ff ff 2c 68 ff ff 2c 68 ff ff 2c 68 ff ff 2c 68 ff ff 2c 68 ff ff 2c 68 ff ff 2c 68 ff ff 2c 68 ff ff 2c 68 ff ff 2c 68 ff ff 2c 68 ff ff 2c 68 ff ff 2c 68 ff ff 2c 68 ff ff 2c 68 ff ff 2c 68 ff ff 2c 68 ff c0 2c 68 ff 40 ff ff ff 00 ff ff ff 00 ff ff ff 00 2c 68 ff 60 2c 68 ff ff 2c 68 ff ff 2c 68 ff ff 2c 68 ff ff 2c 68 ff ff 2c 68 ff ff 2c 68 ff ff 2c 68 ff ff 2c 68 ff ff 2c 68 ff ff 2c 68 ff ff 2c 68 ff ff 2c 68 ff ff 2c 68 ff ff 2c
                                                                                                                                                                                                                                                                                                                Data Ascii: ( @ ,h@,h,h,h,h,h,h,h,h,h,h,h,h,h,h,h,h,h,h,h,h,h,h,h,h,h,h,h@,h`,h,h,h,h,h,h,h,h,h,h,h,h,h,h,


                                                                                                                                                                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                                50192.168.2.449804216.239.32.1814437872C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                2024-10-04 14:00:29 UTC1317OUTPOST /g/collect?v=2&tid=G-VFQWFX3X1C&gtm=45je4a20v898645365za200&_p=1728050422277&gcd=13l3l3l3l1l1&npa=0&dma=0&tag_exp=101671035~101747727&cid=1613511744.1728050423&ul=en-us&sr=1280x1024&uaa=x86&uab=64&uafvl=Google%2520Chrome%3B117.0.5938.132%7CNot%253BA%253DBrand%3B8.0.0.0%7CChromium%3B117.0.5938.132&uamb=0&uam=&uap=Windows&uapv=10.0.0&uaw=0&are=1&pae=1&frm=0&pscdl=noapi&_eu=AEA&_s=2&sid=1728050423&sct=1&seg=0&dl=https%3A%2F%2Fpcapp.store%2F%3Fp%3Dlpd_installing_r2%26guid%3D71434D56-1548-ED3D-AEE6-C75AECD93BF0%26_fcid%3D1728048003008516%26_winver%3D19045%26version%3Dfa.1091x&dt=APP%20STORE%3A%20Installing&en=scroll&epn.percent_scrolled=90&_et=63&tfd=9344 HTTP/1.1
                                                                                                                                                                                                                                                                                                                Host: analytics.google.com
                                                                                                                                                                                                                                                                                                                Connection: keep-alive
                                                                                                                                                                                                                                                                                                                Content-Length: 0
                                                                                                                                                                                                                                                                                                                sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"
                                                                                                                                                                                                                                                                                                                sec-ch-ua-mobile: ?0
                                                                                                                                                                                                                                                                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36
                                                                                                                                                                                                                                                                                                                sec-ch-ua-platform: "Windows"
                                                                                                                                                                                                                                                                                                                Accept: */*
                                                                                                                                                                                                                                                                                                                Origin: https://pcapp.store
                                                                                                                                                                                                                                                                                                                X-Client-Data: CKq1yQEIi7bJAQiktskBCKmdygEIoOHKAQiWocsBCJz+zAEIhaDNAQi5ys0BCIrTzQEY9snNARjrjaUX
                                                                                                                                                                                                                                                                                                                Sec-Fetch-Site: cross-site
                                                                                                                                                                                                                                                                                                                Sec-Fetch-Mode: no-cors
                                                                                                                                                                                                                                                                                                                Sec-Fetch-Dest: empty
                                                                                                                                                                                                                                                                                                                Referer: https://pcapp.store/
                                                                                                                                                                                                                                                                                                                Accept-Encoding: gzip, deflate, br
                                                                                                                                                                                                                                                                                                                Accept-Language: en-US,en;q=0.9
                                                                                                                                                                                                                                                                                                                2024-10-04 14:00:29 UTC842INHTTP/1.1 204 No Content
                                                                                                                                                                                                                                                                                                                Access-Control-Allow-Origin: https://pcapp.store
                                                                                                                                                                                                                                                                                                                Date: Fri, 04 Oct 2024 14:00:29 GMT
                                                                                                                                                                                                                                                                                                                Pragma: no-cache
                                                                                                                                                                                                                                                                                                                Expires: Fri, 01 Jan 1990 00:00:00 GMT
                                                                                                                                                                                                                                                                                                                Cache-Control: no-cache, no-store, must-revalidate
                                                                                                                                                                                                                                                                                                                Access-Control-Allow-Credentials: true
                                                                                                                                                                                                                                                                                                                Content-Type: text/plain
                                                                                                                                                                                                                                                                                                                Cross-Origin-Resource-Policy: cross-origin
                                                                                                                                                                                                                                                                                                                Content-Security-Policy-Report-Only: script-src 'none'; form-action 'none'; frame-src 'none'; report-uri https://csp.withgoogle.com/csp/scaffolding/ascnsrsggc:136:0
                                                                                                                                                                                                                                                                                                                Cross-Origin-Opener-Policy-Report-Only: same-origin; report-to=coop_reporting
                                                                                                                                                                                                                                                                                                                Report-To: {"group":"coop_reporting","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/scaffolding/ascnsrsggc:136:0"}],}
                                                                                                                                                                                                                                                                                                                Server: Golfe2
                                                                                                                                                                                                                                                                                                                Content-Length: 0
                                                                                                                                                                                                                                                                                                                Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                                                                                                                                                                                                                                                Connection: close


                                                                                                                                                                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                                51192.168.2.449805104.248.126.2254437872C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                2024-10-04 14:00:29 UTC924OUTPOST /api/api.php HTTP/1.1
                                                                                                                                                                                                                                                                                                                Host: pcapp.store
                                                                                                                                                                                                                                                                                                                Connection: keep-alive
                                                                                                                                                                                                                                                                                                                Content-Length: 96
                                                                                                                                                                                                                                                                                                                sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"
                                                                                                                                                                                                                                                                                                                sec-ch-ua-platform: "Windows"
                                                                                                                                                                                                                                                                                                                sec-ch-ua-mobile: ?0
                                                                                                                                                                                                                                                                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36
                                                                                                                                                                                                                                                                                                                Content-Type: application/json;charset=UTF-8
                                                                                                                                                                                                                                                                                                                Accept: */*
                                                                                                                                                                                                                                                                                                                Origin: https://pcapp.store
                                                                                                                                                                                                                                                                                                                Sec-Fetch-Site: same-origin
                                                                                                                                                                                                                                                                                                                Sec-Fetch-Mode: cors
                                                                                                                                                                                                                                                                                                                Sec-Fetch-Dest: empty
                                                                                                                                                                                                                                                                                                                Referer: https://pcapp.store/?p=lpd_installing_r2&guid=71434D56-1548-ED3D-AEE6-C75AECD93BF0&_fcid=1728048003008516&_winver=19045&version=fa.1091x
                                                                                                                                                                                                                                                                                                                Accept-Encoding: gzip, deflate, br
                                                                                                                                                                                                                                                                                                                Accept-Language: en-US,en;q=0.9
                                                                                                                                                                                                                                                                                                                Cookie: _fcid=1728048003008516; _gcl_au=1.1.1413056622.1728050423; _ga=GA1.1.1613511744.1728050423; guid=71434D56-1548-ED3D-AEE6-C75AECD93BF0; _ga_VFQWFX3X1C=GS1.1.1728050423.1.0.1728050423.60.0.0
                                                                                                                                                                                                                                                                                                                2024-10-04 14:00:29 UTC96OUTData Raw: 7b 22 63 22 3a 22 66 72 6f 6e 74 2f 69 6e 73 74 61 6c 6c 69 6e 67 22 2c 22 61 22 3a 22 69 6e 73 74 61 6c 6c 53 74 61 74 75 73 22 2c 22 70 22 3a 7b 22 67 75 69 64 22 3a 22 37 31 34 33 34 44 35 36 2d 31 35 34 38 2d 45 44 33 44 2d 41 45 45 36 2d 43 37 35 41 45 43 44 39 33 42 46 30 22 7d 7d
                                                                                                                                                                                                                                                                                                                Data Ascii: {"c":"front/installing","a":"installStatus","p":{"guid":"71434D56-1548-ED3D-AEE6-C75AECD93BF0"}}
                                                                                                                                                                                                                                                                                                                2024-10-04 14:00:29 UTC551INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                Server: nginx
                                                                                                                                                                                                                                                                                                                Date: Fri, 04 Oct 2024 14:00:29 GMT
                                                                                                                                                                                                                                                                                                                Content-Type: application/json
                                                                                                                                                                                                                                                                                                                Transfer-Encoding: chunked
                                                                                                                                                                                                                                                                                                                Connection: close
                                                                                                                                                                                                                                                                                                                Vary: Accept-Encoding
                                                                                                                                                                                                                                                                                                                Vary: Accept-Encoding
                                                                                                                                                                                                                                                                                                                Access-Control-Allow-Origin: https://pcapp.store
                                                                                                                                                                                                                                                                                                                Access-Control-Allow-Credentials: true
                                                                                                                                                                                                                                                                                                                Access-Control-Allow-Methods: GET, POST, OPTIONS
                                                                                                                                                                                                                                                                                                                Access-Control-Allow-Headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
                                                                                                                                                                                                                                                                                                                Cache-Control: no-store, no-cache, must-revalidate, proxy-revalidate, max-age=0
                                                                                                                                                                                                                                                                                                                2024-10-04 14:00:29 UTC44INData Raw: 32 31 0d 0a 7b 22 73 74 61 74 65 22 3a 22 6f 6b 22 2c 22 72 65 73 75 6c 74 22 3a 22 6e 6f 20 69 6e 66 6f 22 7d 0d 0a 30 0d 0a 0d 0a
                                                                                                                                                                                                                                                                                                                Data Ascii: 21{"state":"ok","result":"no info"}0


                                                                                                                                                                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                                52192.168.2.44980745.32.1.234437872C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                2024-10-04 14:00:30 UTC544OUTGET /api/api.php HTTP/1.1
                                                                                                                                                                                                                                                                                                                Host: pcapp.store
                                                                                                                                                                                                                                                                                                                Connection: keep-alive
                                                                                                                                                                                                                                                                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36
                                                                                                                                                                                                                                                                                                                Accept: */*
                                                                                                                                                                                                                                                                                                                Sec-Fetch-Site: none
                                                                                                                                                                                                                                                                                                                Sec-Fetch-Mode: cors
                                                                                                                                                                                                                                                                                                                Sec-Fetch-Dest: empty
                                                                                                                                                                                                                                                                                                                Accept-Encoding: gzip, deflate, br
                                                                                                                                                                                                                                                                                                                Accept-Language: en-US,en;q=0.9
                                                                                                                                                                                                                                                                                                                Cookie: _fcid=1728048003008516; _gcl_au=1.1.1413056622.1728050423; _ga=GA1.1.1613511744.1728050423; guid=71434D56-1548-ED3D-AEE6-C75AECD93BF0; _ga_VFQWFX3X1C=GS1.1.1728050423.1.0.1728050423.60.0.0
                                                                                                                                                                                                                                                                                                                2024-10-04 14:00:30 UTC211INHTTP/1.1 404 Not Found
                                                                                                                                                                                                                                                                                                                Server: nginx
                                                                                                                                                                                                                                                                                                                Date: Fri, 04 Oct 2024 14:00:30 GMT
                                                                                                                                                                                                                                                                                                                Content-Type: text/html; charset=UTF-8
                                                                                                                                                                                                                                                                                                                Transfer-Encoding: chunked
                                                                                                                                                                                                                                                                                                                Connection: close
                                                                                                                                                                                                                                                                                                                Vary: Accept-Encoding
                                                                                                                                                                                                                                                                                                                Vary: Accept-Encoding
                                                                                                                                                                                                                                                                                                                2024-10-04 14:00:30 UTC5INData Raw: 30 0d 0a 0d 0a
                                                                                                                                                                                                                                                                                                                Data Ascii: 0


                                                                                                                                                                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                                53192.168.2.449808104.248.126.2254437872C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                2024-10-04 14:00:34 UTC924OUTPOST /api/api.php HTTP/1.1
                                                                                                                                                                                                                                                                                                                Host: pcapp.store
                                                                                                                                                                                                                                                                                                                Connection: keep-alive
                                                                                                                                                                                                                                                                                                                Content-Length: 96
                                                                                                                                                                                                                                                                                                                sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"
                                                                                                                                                                                                                                                                                                                sec-ch-ua-platform: "Windows"
                                                                                                                                                                                                                                                                                                                sec-ch-ua-mobile: ?0
                                                                                                                                                                                                                                                                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36
                                                                                                                                                                                                                                                                                                                Content-Type: application/json;charset=UTF-8
                                                                                                                                                                                                                                                                                                                Accept: */*
                                                                                                                                                                                                                                                                                                                Origin: https://pcapp.store
                                                                                                                                                                                                                                                                                                                Sec-Fetch-Site: same-origin
                                                                                                                                                                                                                                                                                                                Sec-Fetch-Mode: cors
                                                                                                                                                                                                                                                                                                                Sec-Fetch-Dest: empty
                                                                                                                                                                                                                                                                                                                Referer: https://pcapp.store/?p=lpd_installing_r2&guid=71434D56-1548-ED3D-AEE6-C75AECD93BF0&_fcid=1728048003008516&_winver=19045&version=fa.1091x
                                                                                                                                                                                                                                                                                                                Accept-Encoding: gzip, deflate, br
                                                                                                                                                                                                                                                                                                                Accept-Language: en-US,en;q=0.9
                                                                                                                                                                                                                                                                                                                Cookie: _fcid=1728048003008516; _gcl_au=1.1.1413056622.1728050423; _ga=GA1.1.1613511744.1728050423; guid=71434D56-1548-ED3D-AEE6-C75AECD93BF0; _ga_VFQWFX3X1C=GS1.1.1728050423.1.0.1728050423.60.0.0
                                                                                                                                                                                                                                                                                                                2024-10-04 14:00:34 UTC96OUTData Raw: 7b 22 63 22 3a 22 66 72 6f 6e 74 2f 69 6e 73 74 61 6c 6c 69 6e 67 22 2c 22 61 22 3a 22 69 6e 73 74 61 6c 6c 53 74 61 74 75 73 22 2c 22 70 22 3a 7b 22 67 75 69 64 22 3a 22 37 31 34 33 34 44 35 36 2d 31 35 34 38 2d 45 44 33 44 2d 41 45 45 36 2d 43 37 35 41 45 43 44 39 33 42 46 30 22 7d 7d
                                                                                                                                                                                                                                                                                                                Data Ascii: {"c":"front/installing","a":"installStatus","p":{"guid":"71434D56-1548-ED3D-AEE6-C75AECD93BF0"}}
                                                                                                                                                                                                                                                                                                                2024-10-04 14:00:34 UTC551INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                Server: nginx
                                                                                                                                                                                                                                                                                                                Date: Fri, 04 Oct 2024 14:00:34 GMT
                                                                                                                                                                                                                                                                                                                Content-Type: application/json
                                                                                                                                                                                                                                                                                                                Transfer-Encoding: chunked
                                                                                                                                                                                                                                                                                                                Connection: close
                                                                                                                                                                                                                                                                                                                Vary: Accept-Encoding
                                                                                                                                                                                                                                                                                                                Vary: Accept-Encoding
                                                                                                                                                                                                                                                                                                                Access-Control-Allow-Origin: https://pcapp.store
                                                                                                                                                                                                                                                                                                                Access-Control-Allow-Credentials: true
                                                                                                                                                                                                                                                                                                                Access-Control-Allow-Methods: GET, POST, OPTIONS
                                                                                                                                                                                                                                                                                                                Access-Control-Allow-Headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
                                                                                                                                                                                                                                                                                                                Cache-Control: no-store, no-cache, must-revalidate, proxy-revalidate, max-age=0
                                                                                                                                                                                                                                                                                                                2024-10-04 14:00:34 UTC44INData Raw: 32 31 0d 0a 7b 22 73 74 61 74 65 22 3a 22 6f 6b 22 2c 22 72 65 73 75 6c 74 22 3a 22 6e 6f 20 69 6e 66 6f 22 7d 0d 0a 30 0d 0a 0d 0a
                                                                                                                                                                                                                                                                                                                Data Ascii: 21{"state":"ok","result":"no info"}0


                                                                                                                                                                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                                54192.168.2.44980945.32.1.234437872C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                2024-10-04 14:00:35 UTC544OUTGET /api/api.php HTTP/1.1
                                                                                                                                                                                                                                                                                                                Host: pcapp.store
                                                                                                                                                                                                                                                                                                                Connection: keep-alive
                                                                                                                                                                                                                                                                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36
                                                                                                                                                                                                                                                                                                                Accept: */*
                                                                                                                                                                                                                                                                                                                Sec-Fetch-Site: none
                                                                                                                                                                                                                                                                                                                Sec-Fetch-Mode: cors
                                                                                                                                                                                                                                                                                                                Sec-Fetch-Dest: empty
                                                                                                                                                                                                                                                                                                                Accept-Encoding: gzip, deflate, br
                                                                                                                                                                                                                                                                                                                Accept-Language: en-US,en;q=0.9
                                                                                                                                                                                                                                                                                                                Cookie: _fcid=1728048003008516; _gcl_au=1.1.1413056622.1728050423; _ga=GA1.1.1613511744.1728050423; guid=71434D56-1548-ED3D-AEE6-C75AECD93BF0; _ga_VFQWFX3X1C=GS1.1.1728050423.1.0.1728050423.60.0.0
                                                                                                                                                                                                                                                                                                                2024-10-04 14:00:35 UTC211INHTTP/1.1 404 Not Found
                                                                                                                                                                                                                                                                                                                Server: nginx
                                                                                                                                                                                                                                                                                                                Date: Fri, 04 Oct 2024 14:00:35 GMT
                                                                                                                                                                                                                                                                                                                Content-Type: text/html; charset=UTF-8
                                                                                                                                                                                                                                                                                                                Transfer-Encoding: chunked
                                                                                                                                                                                                                                                                                                                Connection: close
                                                                                                                                                                                                                                                                                                                Vary: Accept-Encoding
                                                                                                                                                                                                                                                                                                                Vary: Accept-Encoding
                                                                                                                                                                                                                                                                                                                2024-10-04 14:00:35 UTC5INData Raw: 30 0d 0a 0d 0a
                                                                                                                                                                                                                                                                                                                Data Ascii: 0


                                                                                                                                                                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                                55192.168.2.449810104.248.126.2254437872C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                2024-10-04 14:00:39 UTC924OUTPOST /api/api.php HTTP/1.1
                                                                                                                                                                                                                                                                                                                Host: pcapp.store
                                                                                                                                                                                                                                                                                                                Connection: keep-alive
                                                                                                                                                                                                                                                                                                                Content-Length: 96
                                                                                                                                                                                                                                                                                                                sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"
                                                                                                                                                                                                                                                                                                                sec-ch-ua-platform: "Windows"
                                                                                                                                                                                                                                                                                                                sec-ch-ua-mobile: ?0
                                                                                                                                                                                                                                                                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36
                                                                                                                                                                                                                                                                                                                Content-Type: application/json;charset=UTF-8
                                                                                                                                                                                                                                                                                                                Accept: */*
                                                                                                                                                                                                                                                                                                                Origin: https://pcapp.store
                                                                                                                                                                                                                                                                                                                Sec-Fetch-Site: same-origin
                                                                                                                                                                                                                                                                                                                Sec-Fetch-Mode: cors
                                                                                                                                                                                                                                                                                                                Sec-Fetch-Dest: empty
                                                                                                                                                                                                                                                                                                                Referer: https://pcapp.store/?p=lpd_installing_r2&guid=71434D56-1548-ED3D-AEE6-C75AECD93BF0&_fcid=1728048003008516&_winver=19045&version=fa.1091x
                                                                                                                                                                                                                                                                                                                Accept-Encoding: gzip, deflate, br
                                                                                                                                                                                                                                                                                                                Accept-Language: en-US,en;q=0.9
                                                                                                                                                                                                                                                                                                                Cookie: _fcid=1728048003008516; _gcl_au=1.1.1413056622.1728050423; _ga=GA1.1.1613511744.1728050423; guid=71434D56-1548-ED3D-AEE6-C75AECD93BF0; _ga_VFQWFX3X1C=GS1.1.1728050423.1.0.1728050423.60.0.0
                                                                                                                                                                                                                                                                                                                2024-10-04 14:00:39 UTC96OUTData Raw: 7b 22 63 22 3a 22 66 72 6f 6e 74 2f 69 6e 73 74 61 6c 6c 69 6e 67 22 2c 22 61 22 3a 22 69 6e 73 74 61 6c 6c 53 74 61 74 75 73 22 2c 22 70 22 3a 7b 22 67 75 69 64 22 3a 22 37 31 34 33 34 44 35 36 2d 31 35 34 38 2d 45 44 33 44 2d 41 45 45 36 2d 43 37 35 41 45 43 44 39 33 42 46 30 22 7d 7d
                                                                                                                                                                                                                                                                                                                Data Ascii: {"c":"front/installing","a":"installStatus","p":{"guid":"71434D56-1548-ED3D-AEE6-C75AECD93BF0"}}
                                                                                                                                                                                                                                                                                                                2024-10-04 14:00:39 UTC551INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                Server: nginx
                                                                                                                                                                                                                                                                                                                Date: Fri, 04 Oct 2024 14:00:39 GMT
                                                                                                                                                                                                                                                                                                                Content-Type: application/json
                                                                                                                                                                                                                                                                                                                Transfer-Encoding: chunked
                                                                                                                                                                                                                                                                                                                Connection: close
                                                                                                                                                                                                                                                                                                                Vary: Accept-Encoding
                                                                                                                                                                                                                                                                                                                Vary: Accept-Encoding
                                                                                                                                                                                                                                                                                                                Access-Control-Allow-Origin: https://pcapp.store
                                                                                                                                                                                                                                                                                                                Access-Control-Allow-Credentials: true
                                                                                                                                                                                                                                                                                                                Access-Control-Allow-Methods: GET, POST, OPTIONS
                                                                                                                                                                                                                                                                                                                Access-Control-Allow-Headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
                                                                                                                                                                                                                                                                                                                Cache-Control: no-store, no-cache, must-revalidate, proxy-revalidate, max-age=0
                                                                                                                                                                                                                                                                                                                2024-10-04 14:00:39 UTC44INData Raw: 32 31 0d 0a 7b 22 73 74 61 74 65 22 3a 22 6f 6b 22 2c 22 72 65 73 75 6c 74 22 3a 22 6e 6f 20 69 6e 66 6f 22 7d 0d 0a 30 0d 0a 0d 0a
                                                                                                                                                                                                                                                                                                                Data Ascii: 21{"state":"ok","result":"no info"}0


                                                                                                                                                                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                                56192.168.2.44981145.32.1.234437872C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                2024-10-04 14:00:40 UTC544OUTGET /api/api.php HTTP/1.1
                                                                                                                                                                                                                                                                                                                Host: pcapp.store
                                                                                                                                                                                                                                                                                                                Connection: keep-alive
                                                                                                                                                                                                                                                                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36
                                                                                                                                                                                                                                                                                                                Accept: */*
                                                                                                                                                                                                                                                                                                                Sec-Fetch-Site: none
                                                                                                                                                                                                                                                                                                                Sec-Fetch-Mode: cors
                                                                                                                                                                                                                                                                                                                Sec-Fetch-Dest: empty
                                                                                                                                                                                                                                                                                                                Accept-Encoding: gzip, deflate, br
                                                                                                                                                                                                                                                                                                                Accept-Language: en-US,en;q=0.9
                                                                                                                                                                                                                                                                                                                Cookie: _fcid=1728048003008516; _gcl_au=1.1.1413056622.1728050423; _ga=GA1.1.1613511744.1728050423; guid=71434D56-1548-ED3D-AEE6-C75AECD93BF0; _ga_VFQWFX3X1C=GS1.1.1728050423.1.0.1728050423.60.0.0
                                                                                                                                                                                                                                                                                                                2024-10-04 14:00:40 UTC211INHTTP/1.1 404 Not Found
                                                                                                                                                                                                                                                                                                                Server: nginx
                                                                                                                                                                                                                                                                                                                Date: Fri, 04 Oct 2024 14:00:40 GMT
                                                                                                                                                                                                                                                                                                                Content-Type: text/html; charset=UTF-8
                                                                                                                                                                                                                                                                                                                Transfer-Encoding: chunked
                                                                                                                                                                                                                                                                                                                Connection: close
                                                                                                                                                                                                                                                                                                                Vary: Accept-Encoding
                                                                                                                                                                                                                                                                                                                Vary: Accept-Encoding
                                                                                                                                                                                                                                                                                                                2024-10-04 14:00:40 UTC5INData Raw: 30 0d 0a 0d 0a
                                                                                                                                                                                                                                                                                                                Data Ascii: 0


                                                                                                                                                                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                                57192.168.2.46305613.85.23.206443
                                                                                                                                                                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                2024-10-04 14:00:42 UTC142OUTGET /clientwebservice/ping HTTP/1.1
                                                                                                                                                                                                                                                                                                                Connection: Keep-Alive
                                                                                                                                                                                                                                                                                                                User-Agent: DNS resiliency checker/1.0
                                                                                                                                                                                                                                                                                                                Host: fe3cr.delivery.mp.microsoft.com
                                                                                                                                                                                                                                                                                                                2024-10-04 14:00:43 UTC234INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                                Pragma: no-cache
                                                                                                                                                                                                                                                                                                                Expires: -1
                                                                                                                                                                                                                                                                                                                Server: Microsoft-IIS/10.0
                                                                                                                                                                                                                                                                                                                X-Powered-By: ASP.NET
                                                                                                                                                                                                                                                                                                                X-Content-Type-Options: nosniff
                                                                                                                                                                                                                                                                                                                Date: Fri, 04 Oct 2024 14:00:42 GMT
                                                                                                                                                                                                                                                                                                                Connection: close
                                                                                                                                                                                                                                                                                                                Content-Length: 0


                                                                                                                                                                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                                58192.168.2.4630584.175.87.197443
                                                                                                                                                                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                2024-10-04 14:00:44 UTC124OUTGET /sls/ping HTTP/1.1
                                                                                                                                                                                                                                                                                                                Connection: Keep-Alive
                                                                                                                                                                                                                                                                                                                User-Agent: DNS resiliency checker/1.0
                                                                                                                                                                                                                                                                                                                Host: slscr.update.microsoft.com
                                                                                                                                                                                                                                                                                                                2024-10-04 14:00:44 UTC318INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                                Pragma: no-cache
                                                                                                                                                                                                                                                                                                                Expires: -1
                                                                                                                                                                                                                                                                                                                MS-CV: KonaBc3us0uI9oqK.0
                                                                                                                                                                                                                                                                                                                MS-RequestId: eda7c331-01b6-4077-8374-bdbf96543fe6
                                                                                                                                                                                                                                                                                                                MS-CorrelationId: 6de807bf-a27e-4fac-b70a-4ae38c4feccd
                                                                                                                                                                                                                                                                                                                X-Content-Type-Options: nosniff
                                                                                                                                                                                                                                                                                                                Date: Fri, 04 Oct 2024 14:00:44 GMT
                                                                                                                                                                                                                                                                                                                Connection: close
                                                                                                                                                                                                                                                                                                                Content-Length: 0


                                                                                                                                                                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                                59192.168.2.463059104.248.126.2254437872C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                2024-10-04 14:00:44 UTC924OUTPOST /api/api.php HTTP/1.1
                                                                                                                                                                                                                                                                                                                Host: pcapp.store
                                                                                                                                                                                                                                                                                                                Connection: keep-alive
                                                                                                                                                                                                                                                                                                                Content-Length: 96
                                                                                                                                                                                                                                                                                                                sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"
                                                                                                                                                                                                                                                                                                                sec-ch-ua-platform: "Windows"
                                                                                                                                                                                                                                                                                                                sec-ch-ua-mobile: ?0
                                                                                                                                                                                                                                                                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36
                                                                                                                                                                                                                                                                                                                Content-Type: application/json;charset=UTF-8
                                                                                                                                                                                                                                                                                                                Accept: */*
                                                                                                                                                                                                                                                                                                                Origin: https://pcapp.store
                                                                                                                                                                                                                                                                                                                Sec-Fetch-Site: same-origin
                                                                                                                                                                                                                                                                                                                Sec-Fetch-Mode: cors
                                                                                                                                                                                                                                                                                                                Sec-Fetch-Dest: empty
                                                                                                                                                                                                                                                                                                                Referer: https://pcapp.store/?p=lpd_installing_r2&guid=71434D56-1548-ED3D-AEE6-C75AECD93BF0&_fcid=1728048003008516&_winver=19045&version=fa.1091x
                                                                                                                                                                                                                                                                                                                Accept-Encoding: gzip, deflate, br
                                                                                                                                                                                                                                                                                                                Accept-Language: en-US,en;q=0.9
                                                                                                                                                                                                                                                                                                                Cookie: _fcid=1728048003008516; _gcl_au=1.1.1413056622.1728050423; _ga=GA1.1.1613511744.1728050423; guid=71434D56-1548-ED3D-AEE6-C75AECD93BF0; _ga_VFQWFX3X1C=GS1.1.1728050423.1.0.1728050423.60.0.0
                                                                                                                                                                                                                                                                                                                2024-10-04 14:00:44 UTC96OUTData Raw: 7b 22 63 22 3a 22 66 72 6f 6e 74 2f 69 6e 73 74 61 6c 6c 69 6e 67 22 2c 22 61 22 3a 22 69 6e 73 74 61 6c 6c 53 74 61 74 75 73 22 2c 22 70 22 3a 7b 22 67 75 69 64 22 3a 22 37 31 34 33 34 44 35 36 2d 31 35 34 38 2d 45 44 33 44 2d 41 45 45 36 2d 43 37 35 41 45 43 44 39 33 42 46 30 22 7d 7d
                                                                                                                                                                                                                                                                                                                Data Ascii: {"c":"front/installing","a":"installStatus","p":{"guid":"71434D56-1548-ED3D-AEE6-C75AECD93BF0"}}
                                                                                                                                                                                                                                                                                                                2024-10-04 14:00:44 UTC551INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                Server: nginx
                                                                                                                                                                                                                                                                                                                Date: Fri, 04 Oct 2024 14:00:44 GMT
                                                                                                                                                                                                                                                                                                                Content-Type: application/json
                                                                                                                                                                                                                                                                                                                Transfer-Encoding: chunked
                                                                                                                                                                                                                                                                                                                Connection: close
                                                                                                                                                                                                                                                                                                                Vary: Accept-Encoding
                                                                                                                                                                                                                                                                                                                Vary: Accept-Encoding
                                                                                                                                                                                                                                                                                                                Access-Control-Allow-Origin: https://pcapp.store
                                                                                                                                                                                                                                                                                                                Access-Control-Allow-Credentials: true
                                                                                                                                                                                                                                                                                                                Access-Control-Allow-Methods: GET, POST, OPTIONS
                                                                                                                                                                                                                                                                                                                Access-Control-Allow-Headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
                                                                                                                                                                                                                                                                                                                Cache-Control: no-store, no-cache, must-revalidate, proxy-revalidate, max-age=0
                                                                                                                                                                                                                                                                                                                2024-10-04 14:00:44 UTC44INData Raw: 32 31 0d 0a 7b 22 73 74 61 74 65 22 3a 22 6f 6b 22 2c 22 72 65 73 75 6c 74 22 3a 22 6e 6f 20 69 6e 66 6f 22 7d 0d 0a 30 0d 0a 0d 0a
                                                                                                                                                                                                                                                                                                                Data Ascii: 21{"state":"ok","result":"no info"}0


                                                                                                                                                                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                                60192.168.2.46306045.32.1.234437872C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                2024-10-04 14:00:45 UTC544OUTGET /api/api.php HTTP/1.1
                                                                                                                                                                                                                                                                                                                Host: pcapp.store
                                                                                                                                                                                                                                                                                                                Connection: keep-alive
                                                                                                                                                                                                                                                                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36
                                                                                                                                                                                                                                                                                                                Accept: */*
                                                                                                                                                                                                                                                                                                                Sec-Fetch-Site: none
                                                                                                                                                                                                                                                                                                                Sec-Fetch-Mode: cors
                                                                                                                                                                                                                                                                                                                Sec-Fetch-Dest: empty
                                                                                                                                                                                                                                                                                                                Accept-Encoding: gzip, deflate, br
                                                                                                                                                                                                                                                                                                                Accept-Language: en-US,en;q=0.9
                                                                                                                                                                                                                                                                                                                Cookie: _fcid=1728048003008516; _gcl_au=1.1.1413056622.1728050423; _ga=GA1.1.1613511744.1728050423; guid=71434D56-1548-ED3D-AEE6-C75AECD93BF0; _ga_VFQWFX3X1C=GS1.1.1728050423.1.0.1728050423.60.0.0
                                                                                                                                                                                                                                                                                                                2024-10-04 14:00:45 UTC211INHTTP/1.1 404 Not Found
                                                                                                                                                                                                                                                                                                                Server: nginx
                                                                                                                                                                                                                                                                                                                Date: Fri, 04 Oct 2024 14:00:45 GMT
                                                                                                                                                                                                                                                                                                                Content-Type: text/html; charset=UTF-8
                                                                                                                                                                                                                                                                                                                Transfer-Encoding: chunked
                                                                                                                                                                                                                                                                                                                Connection: close
                                                                                                                                                                                                                                                                                                                Vary: Accept-Encoding
                                                                                                                                                                                                                                                                                                                Vary: Accept-Encoding
                                                                                                                                                                                                                                                                                                                2024-10-04 14:00:45 UTC5INData Raw: 30 0d 0a 0d 0a
                                                                                                                                                                                                                                                                                                                Data Ascii: 0


                                                                                                                                                                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                                61192.168.2.4630614.245.163.56443
                                                                                                                                                                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                2024-10-04 14:00:46 UTC306OUTGET /SLS/%7B522D76A4-93E1-47F8-B8CE-07C937AD1A1E%7D/x64/10.0.19045.2006/0?CH=700&L=en-GB&P=&PT=0x30&WUA=10.0.19041.1949&MK=byR+Araygn2HoGg&MD=4T1WPHdf HTTP/1.1
                                                                                                                                                                                                                                                                                                                Connection: Keep-Alive
                                                                                                                                                                                                                                                                                                                Accept: */*
                                                                                                                                                                                                                                                                                                                User-Agent: Windows-Update-Agent/10.0.10011.16384 Client-Protocol/2.33
                                                                                                                                                                                                                                                                                                                Host: slscr.update.microsoft.com
                                                                                                                                                                                                                                                                                                                2024-10-04 14:00:47 UTC560INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                                Pragma: no-cache
                                                                                                                                                                                                                                                                                                                Content-Type: application/octet-stream
                                                                                                                                                                                                                                                                                                                Expires: -1
                                                                                                                                                                                                                                                                                                                Last-Modified: Mon, 01 Jan 0001 00:00:00 GMT
                                                                                                                                                                                                                                                                                                                ETag: "XAopazV00XDWnJCwkmEWRv6JkbjRA9QSSZ2+e/3MzEk=_2880"
                                                                                                                                                                                                                                                                                                                MS-CorrelationId: f800acf8-0fc9-45ad-87e8-ac611ed1e5df
                                                                                                                                                                                                                                                                                                                MS-RequestId: 596045d3-22b0-455b-8a1b-25867eafd38d
                                                                                                                                                                                                                                                                                                                MS-CV: rrVM6cMJZEm42p6Z.0
                                                                                                                                                                                                                                                                                                                X-Microsoft-SLSClientCache: 2880
                                                                                                                                                                                                                                                                                                                Content-Disposition: attachment; filename=environment.cab
                                                                                                                                                                                                                                                                                                                X-Content-Type-Options: nosniff
                                                                                                                                                                                                                                                                                                                Date: Fri, 04 Oct 2024 14:00:46 GMT
                                                                                                                                                                                                                                                                                                                Connection: close
                                                                                                                                                                                                                                                                                                                Content-Length: 24490
                                                                                                                                                                                                                                                                                                                2024-10-04 14:00:47 UTC15824INData Raw: 4d 53 43 46 00 00 00 00 92 1e 00 00 00 00 00 00 44 00 00 00 00 00 00 00 03 01 01 00 01 00 04 00 23 d0 00 00 14 00 00 00 00 00 10 00 92 1e 00 00 18 41 00 00 00 00 00 00 00 00 00 00 64 00 00 00 01 00 01 00 e6 42 00 00 00 00 00 00 00 00 00 00 00 00 80 00 65 6e 76 69 72 6f 6e 6d 65 6e 74 2e 63 61 62 00 78 cf 8d 5c 26 1e e6 42 43 4b ed 5c 07 54 13 db d6 4e a3 f7 2e d5 d0 3b 4c 42 af 4a 57 10 e9 20 bd 77 21 94 80 88 08 24 2a 02 02 d2 55 10 a4 a8 88 97 22 8a 0a d2 11 04 95 ae d2 8b 20 28 0a 88 20 45 05 f4 9f 80 05 bd ed dd f7 ff 77 dd f7 bf 65 d6 4a 66 ce 99 33 67 4e d9 7b 7f fb db 7b 56 f4 4d 34 b4 21 e0 a7 03 0a d9 fc 68 6e 1d 20 70 28 14 02 85 20 20 ad 61 10 08 e3 66 0d ed 66 9b 1d 6a 90 af 1f 17 f0 4b 68 35 01 83 6c fb 44 42 5c 7d 83 3d 03 30 be 3e ae be 58
                                                                                                                                                                                                                                                                                                                Data Ascii: MSCFD#AdBenvironment.cabx\&BCK\TN.;LBJW w!$*U" ( EweJf3gN{{VM4!hn p( affjKh5lDB\}=0>X
                                                                                                                                                                                                                                                                                                                2024-10-04 14:00:47 UTC8666INData Raw: 04 01 31 2f 30 2d 30 0a 02 05 00 e1 2b 8a 50 02 01 00 30 0a 02 01 00 02 02 12 fe 02 01 ff 30 07 02 01 00 02 02 11 e6 30 0a 02 05 00 e1 2c db d0 02 01 00 30 36 06 0a 2b 06 01 04 01 84 59 0a 04 02 31 28 30 26 30 0c 06 0a 2b 06 01 04 01 84 59 0a 03 02 a0 0a 30 08 02 01 00 02 03 07 a1 20 a1 0a 30 08 02 01 00 02 03 01 86 a0 30 0d 06 09 2a 86 48 86 f7 0d 01 01 05 05 00 03 81 81 00 0c d9 08 df 48 94 57 65 3e ad e7 f2 17 9c 1f ca 3d 4d 6c cd 51 e1 ed 9c 17 a5 52 35 0f fd de 4b bd 22 92 c5 69 e5 d7 9f 29 23 72 40 7a ca 55 9d 8d 11 ad d5 54 00 bb 53 b4 87 7b 72 84 da 2d f6 e3 2c 4f 7e ba 1a 58 88 6e d6 b9 6d 16 ae 85 5b b5 c2 81 a8 e0 ee 0a 9c 60 51 3a 7b e4 61 f8 c3 e4 38 bd 7d 28 17 d6 79 f0 c8 58 c6 ef 1f f7 88 65 b1 ea 0a c0 df f7 ee 5c 23 c2 27 fd 98 63 08 31
                                                                                                                                                                                                                                                                                                                Data Ascii: 1/0-0+P000,06+Y1(0&0+Y0 00*HHWe>=MlQR5K"i)#r@zUTS{r-,O~Xnm[`Q:{a8}(yXe\#'c1


                                                                                                                                                                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                                62192.168.2.4630624.245.163.56443
                                                                                                                                                                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                2024-10-04 14:00:48 UTC306OUTGET /SLS/%7BE7A50285-D08D-499D-9FF8-180FDC2332BC%7D/x64/10.0.19045.2006/0?CH=700&L=en-GB&P=&PT=0x30&WUA=10.0.19041.1949&MK=byR+Araygn2HoGg&MD=4T1WPHdf HTTP/1.1
                                                                                                                                                                                                                                                                                                                Connection: Keep-Alive
                                                                                                                                                                                                                                                                                                                Accept: */*
                                                                                                                                                                                                                                                                                                                User-Agent: Windows-Update-Agent/10.0.10011.16384 Client-Protocol/2.33
                                                                                                                                                                                                                                                                                                                Host: slscr.update.microsoft.com
                                                                                                                                                                                                                                                                                                                2024-10-04 14:00:48 UTC560INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                                Pragma: no-cache
                                                                                                                                                                                                                                                                                                                Content-Type: application/octet-stream
                                                                                                                                                                                                                                                                                                                Expires: -1
                                                                                                                                                                                                                                                                                                                Last-Modified: Mon, 01 Jan 0001 00:00:00 GMT
                                                                                                                                                                                                                                                                                                                ETag: "vic+p1MiJJ+/WMnK08jaWnCBGDfvkGRzPk9f8ZadQHg=_1440"
                                                                                                                                                                                                                                                                                                                MS-CorrelationId: 23a42456-21ef-4d47-a389-dcaa8b985085
                                                                                                                                                                                                                                                                                                                MS-RequestId: 698a36b2-f826-47b3-8cae-171f8a9e2969
                                                                                                                                                                                                                                                                                                                MS-CV: /6nyQI1uwk+FBrFL.0
                                                                                                                                                                                                                                                                                                                X-Microsoft-SLSClientCache: 1440
                                                                                                                                                                                                                                                                                                                Content-Disposition: attachment; filename=environment.cab
                                                                                                                                                                                                                                                                                                                X-Content-Type-Options: nosniff
                                                                                                                                                                                                                                                                                                                Date: Fri, 04 Oct 2024 14:00:48 GMT
                                                                                                                                                                                                                                                                                                                Connection: close
                                                                                                                                                                                                                                                                                                                Content-Length: 30005
                                                                                                                                                                                                                                                                                                                2024-10-04 14:00:48 UTC15824INData Raw: 4d 53 43 46 00 00 00 00 8d 2b 00 00 00 00 00 00 44 00 00 00 00 00 00 00 03 01 01 00 01 00 04 00 5b 49 00 00 14 00 00 00 00 00 10 00 8d 2b 00 00 a8 49 00 00 00 00 00 00 00 00 00 00 64 00 00 00 01 00 01 00 72 4d 00 00 00 00 00 00 00 00 00 00 00 00 80 00 65 6e 76 69 72 6f 6e 6d 65 6e 74 2e 63 61 62 00 fe f6 51 be 21 2b 72 4d 43 4b ed 7c 05 58 54 eb da f6 14 43 49 37 0a 02 d2 b9 86 0e 41 52 a4 1b 24 a5 bb 43 24 44 18 94 90 92 52 41 3a 05 09 95 ee 54 b0 00 91 2e e9 12 10 04 11 c9 6f 10 b7 a2 67 9f bd cf 3e ff b7 ff b3 bf 73 ed e1 9a 99 f5 c6 7a d7 bb de f5 3e cf fd 3c f7 dc 17 4a 1a 52 e7 41 a8 97 1e 14 f4 e5 25 7d f4 05 82 82 c1 20 30 08 06 ba c3 05 02 11 7f a9 c1 ff d2 87 5c 1e f4 ed 65 8e 7a 1f f6 0a 40 03 1d 7b f9 83 2c 1c 2f db b8 3a 39 3a 58 38 ba 73 5e
                                                                                                                                                                                                                                                                                                                Data Ascii: MSCF+D[I+IdrMenvironment.cabQ!+rMCK|XTCI7AR$C$DRA:T.og>sz><JRA%} 0\ez@{,/:9:X8s^
                                                                                                                                                                                                                                                                                                                2024-10-04 14:00:48 UTC14181INData Raw: 06 03 55 04 06 13 02 55 53 31 13 30 11 06 03 55 04 08 13 0a 57 61 73 68 69 6e 67 74 6f 6e 31 10 30 0e 06 03 55 04 07 13 07 52 65 64 6d 6f 6e 64 31 1e 30 1c 06 03 55 04 0a 13 15 4d 69 63 72 6f 73 6f 66 74 20 43 6f 72 70 6f 72 61 74 69 6f 6e 31 26 30 24 06 03 55 04 03 13 1d 4d 69 63 72 6f 73 6f 66 74 20 54 69 6d 65 2d 53 74 61 6d 70 20 50 43 41 20 32 30 31 30 30 1e 17 0d 32 33 31 30 31 32 31 39 30 37 32 35 5a 17 0d 32 35 30 31 31 30 31 39 30 37 32 35 5a 30 81 d2 31 0b 30 09 06 03 55 04 06 13 02 55 53 31 13 30 11 06 03 55 04 08 13 0a 57 61 73 68 69 6e 67 74 6f 6e 31 10 30 0e 06 03 55 04 07 13 07 52 65 64 6d 6f 6e 64 31 1e 30 1c 06 03 55 04 0a 13 15 4d 69 63 72 6f 73 6f 66 74 20 43 6f 72 70 6f 72 61 74 69 6f 6e 31 2d 30 2b 06 03 55 04 0b 13 24 4d 69 63 72 6f
                                                                                                                                                                                                                                                                                                                Data Ascii: UUS10UWashington10URedmond10UMicrosoft Corporation1&0$UMicrosoft Time-Stamp PCA 20100231012190725Z250110190725Z010UUS10UWashington10URedmond10UMicrosoft Corporation1-0+U$Micro


                                                                                                                                                                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                                63192.168.2.46306345.32.1.234437872C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                2024-10-04 14:00:49 UTC924OUTPOST /api/api.php HTTP/1.1
                                                                                                                                                                                                                                                                                                                Host: pcapp.store
                                                                                                                                                                                                                                                                                                                Connection: keep-alive
                                                                                                                                                                                                                                                                                                                Content-Length: 96
                                                                                                                                                                                                                                                                                                                sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"
                                                                                                                                                                                                                                                                                                                sec-ch-ua-platform: "Windows"
                                                                                                                                                                                                                                                                                                                sec-ch-ua-mobile: ?0
                                                                                                                                                                                                                                                                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36
                                                                                                                                                                                                                                                                                                                Content-Type: application/json;charset=UTF-8
                                                                                                                                                                                                                                                                                                                Accept: */*
                                                                                                                                                                                                                                                                                                                Origin: https://pcapp.store
                                                                                                                                                                                                                                                                                                                Sec-Fetch-Site: same-origin
                                                                                                                                                                                                                                                                                                                Sec-Fetch-Mode: cors
                                                                                                                                                                                                                                                                                                                Sec-Fetch-Dest: empty
                                                                                                                                                                                                                                                                                                                Referer: https://pcapp.store/?p=lpd_installing_r2&guid=71434D56-1548-ED3D-AEE6-C75AECD93BF0&_fcid=1728048003008516&_winver=19045&version=fa.1091x
                                                                                                                                                                                                                                                                                                                Accept-Encoding: gzip, deflate, br
                                                                                                                                                                                                                                                                                                                Accept-Language: en-US,en;q=0.9
                                                                                                                                                                                                                                                                                                                Cookie: _fcid=1728048003008516; _gcl_au=1.1.1413056622.1728050423; _ga=GA1.1.1613511744.1728050423; guid=71434D56-1548-ED3D-AEE6-C75AECD93BF0; _ga_VFQWFX3X1C=GS1.1.1728050423.1.0.1728050423.60.0.0
                                                                                                                                                                                                                                                                                                                2024-10-04 14:00:49 UTC96OUTData Raw: 7b 22 63 22 3a 22 66 72 6f 6e 74 2f 69 6e 73 74 61 6c 6c 69 6e 67 22 2c 22 61 22 3a 22 69 6e 73 74 61 6c 6c 53 74 61 74 75 73 22 2c 22 70 22 3a 7b 22 67 75 69 64 22 3a 22 37 31 34 33 34 44 35 36 2d 31 35 34 38 2d 45 44 33 44 2d 41 45 45 36 2d 43 37 35 41 45 43 44 39 33 42 46 30 22 7d 7d
                                                                                                                                                                                                                                                                                                                Data Ascii: {"c":"front/installing","a":"installStatus","p":{"guid":"71434D56-1548-ED3D-AEE6-C75AECD93BF0"}}
                                                                                                                                                                                                                                                                                                                2024-10-04 14:00:49 UTC551INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                Server: nginx
                                                                                                                                                                                                                                                                                                                Date: Fri, 04 Oct 2024 14:00:49 GMT
                                                                                                                                                                                                                                                                                                                Content-Type: application/json
                                                                                                                                                                                                                                                                                                                Transfer-Encoding: chunked
                                                                                                                                                                                                                                                                                                                Connection: close
                                                                                                                                                                                                                                                                                                                Vary: Accept-Encoding
                                                                                                                                                                                                                                                                                                                Vary: Accept-Encoding
                                                                                                                                                                                                                                                                                                                Access-Control-Allow-Origin: https://pcapp.store
                                                                                                                                                                                                                                                                                                                Access-Control-Allow-Credentials: true
                                                                                                                                                                                                                                                                                                                Access-Control-Allow-Methods: GET, POST, OPTIONS
                                                                                                                                                                                                                                                                                                                Access-Control-Allow-Headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
                                                                                                                                                                                                                                                                                                                Cache-Control: no-store, no-cache, must-revalidate, proxy-revalidate, max-age=0
                                                                                                                                                                                                                                                                                                                2024-10-04 14:00:49 UTC44INData Raw: 32 31 0d 0a 7b 22 73 74 61 74 65 22 3a 22 6f 6b 22 2c 22 72 65 73 75 6c 74 22 3a 22 6e 6f 20 69 6e 66 6f 22 7d 0d 0a 30 0d 0a 0d 0a
                                                                                                                                                                                                                                                                                                                Data Ascii: 21{"state":"ok","result":"no info"}0


                                                                                                                                                                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                                64192.168.2.46306445.32.1.234437872C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                2024-10-04 14:00:50 UTC544OUTGET /api/api.php HTTP/1.1
                                                                                                                                                                                                                                                                                                                Host: pcapp.store
                                                                                                                                                                                                                                                                                                                Connection: keep-alive
                                                                                                                                                                                                                                                                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36
                                                                                                                                                                                                                                                                                                                Accept: */*
                                                                                                                                                                                                                                                                                                                Sec-Fetch-Site: none
                                                                                                                                                                                                                                                                                                                Sec-Fetch-Mode: cors
                                                                                                                                                                                                                                                                                                                Sec-Fetch-Dest: empty
                                                                                                                                                                                                                                                                                                                Accept-Encoding: gzip, deflate, br
                                                                                                                                                                                                                                                                                                                Accept-Language: en-US,en;q=0.9
                                                                                                                                                                                                                                                                                                                Cookie: _fcid=1728048003008516; _gcl_au=1.1.1413056622.1728050423; _ga=GA1.1.1613511744.1728050423; guid=71434D56-1548-ED3D-AEE6-C75AECD93BF0; _ga_VFQWFX3X1C=GS1.1.1728050423.1.0.1728050423.60.0.0
                                                                                                                                                                                                                                                                                                                2024-10-04 14:00:50 UTC211INHTTP/1.1 404 Not Found
                                                                                                                                                                                                                                                                                                                Server: nginx
                                                                                                                                                                                                                                                                                                                Date: Fri, 04 Oct 2024 14:00:50 GMT
                                                                                                                                                                                                                                                                                                                Content-Type: text/html; charset=UTF-8
                                                                                                                                                                                                                                                                                                                Transfer-Encoding: chunked
                                                                                                                                                                                                                                                                                                                Connection: close
                                                                                                                                                                                                                                                                                                                Vary: Accept-Encoding
                                                                                                                                                                                                                                                                                                                Vary: Accept-Encoding
                                                                                                                                                                                                                                                                                                                2024-10-04 14:00:50 UTC5INData Raw: 30 0d 0a 0d 0a
                                                                                                                                                                                                                                                                                                                Data Ascii: 0


                                                                                                                                                                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                                65192.168.2.46306545.32.1.234437872C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                2024-10-04 14:00:54 UTC924OUTPOST /api/api.php HTTP/1.1
                                                                                                                                                                                                                                                                                                                Host: pcapp.store
                                                                                                                                                                                                                                                                                                                Connection: keep-alive
                                                                                                                                                                                                                                                                                                                Content-Length: 96
                                                                                                                                                                                                                                                                                                                sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"
                                                                                                                                                                                                                                                                                                                sec-ch-ua-platform: "Windows"
                                                                                                                                                                                                                                                                                                                sec-ch-ua-mobile: ?0
                                                                                                                                                                                                                                                                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36
                                                                                                                                                                                                                                                                                                                Content-Type: application/json;charset=UTF-8
                                                                                                                                                                                                                                                                                                                Accept: */*
                                                                                                                                                                                                                                                                                                                Origin: https://pcapp.store
                                                                                                                                                                                                                                                                                                                Sec-Fetch-Site: same-origin
                                                                                                                                                                                                                                                                                                                Sec-Fetch-Mode: cors
                                                                                                                                                                                                                                                                                                                Sec-Fetch-Dest: empty
                                                                                                                                                                                                                                                                                                                Referer: https://pcapp.store/?p=lpd_installing_r2&guid=71434D56-1548-ED3D-AEE6-C75AECD93BF0&_fcid=1728048003008516&_winver=19045&version=fa.1091x
                                                                                                                                                                                                                                                                                                                Accept-Encoding: gzip, deflate, br
                                                                                                                                                                                                                                                                                                                Accept-Language: en-US,en;q=0.9
                                                                                                                                                                                                                                                                                                                Cookie: _fcid=1728048003008516; _gcl_au=1.1.1413056622.1728050423; _ga=GA1.1.1613511744.1728050423; guid=71434D56-1548-ED3D-AEE6-C75AECD93BF0; _ga_VFQWFX3X1C=GS1.1.1728050423.1.0.1728050423.60.0.0
                                                                                                                                                                                                                                                                                                                2024-10-04 14:00:54 UTC96OUTData Raw: 7b 22 63 22 3a 22 66 72 6f 6e 74 2f 69 6e 73 74 61 6c 6c 69 6e 67 22 2c 22 61 22 3a 22 69 6e 73 74 61 6c 6c 53 74 61 74 75 73 22 2c 22 70 22 3a 7b 22 67 75 69 64 22 3a 22 37 31 34 33 34 44 35 36 2d 31 35 34 38 2d 45 44 33 44 2d 41 45 45 36 2d 43 37 35 41 45 43 44 39 33 42 46 30 22 7d 7d
                                                                                                                                                                                                                                                                                                                Data Ascii: {"c":"front/installing","a":"installStatus","p":{"guid":"71434D56-1548-ED3D-AEE6-C75AECD93BF0"}}
                                                                                                                                                                                                                                                                                                                2024-10-04 14:00:54 UTC551INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                Server: nginx
                                                                                                                                                                                                                                                                                                                Date: Fri, 04 Oct 2024 14:00:54 GMT
                                                                                                                                                                                                                                                                                                                Content-Type: application/json
                                                                                                                                                                                                                                                                                                                Transfer-Encoding: chunked
                                                                                                                                                                                                                                                                                                                Connection: close
                                                                                                                                                                                                                                                                                                                Vary: Accept-Encoding
                                                                                                                                                                                                                                                                                                                Vary: Accept-Encoding
                                                                                                                                                                                                                                                                                                                Access-Control-Allow-Origin: https://pcapp.store
                                                                                                                                                                                                                                                                                                                Access-Control-Allow-Credentials: true
                                                                                                                                                                                                                                                                                                                Access-Control-Allow-Methods: GET, POST, OPTIONS
                                                                                                                                                                                                                                                                                                                Access-Control-Allow-Headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
                                                                                                                                                                                                                                                                                                                Cache-Control: no-store, no-cache, must-revalidate, proxy-revalidate, max-age=0
                                                                                                                                                                                                                                                                                                                2024-10-04 14:00:54 UTC44INData Raw: 32 31 0d 0a 7b 22 73 74 61 74 65 22 3a 22 6f 6b 22 2c 22 72 65 73 75 6c 74 22 3a 22 6e 6f 20 69 6e 66 6f 22 7d 0d 0a 30 0d 0a 0d 0a
                                                                                                                                                                                                                                                                                                                Data Ascii: 21{"state":"ok","result":"no info"}0


                                                                                                                                                                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                                66192.168.2.46306645.32.1.234437872C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                2024-10-04 14:00:55 UTC544OUTGET /api/api.php HTTP/1.1
                                                                                                                                                                                                                                                                                                                Host: pcapp.store
                                                                                                                                                                                                                                                                                                                Connection: keep-alive
                                                                                                                                                                                                                                                                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36
                                                                                                                                                                                                                                                                                                                Accept: */*
                                                                                                                                                                                                                                                                                                                Sec-Fetch-Site: none
                                                                                                                                                                                                                                                                                                                Sec-Fetch-Mode: cors
                                                                                                                                                                                                                                                                                                                Sec-Fetch-Dest: empty
                                                                                                                                                                                                                                                                                                                Accept-Encoding: gzip, deflate, br
                                                                                                                                                                                                                                                                                                                Accept-Language: en-US,en;q=0.9
                                                                                                                                                                                                                                                                                                                Cookie: _fcid=1728048003008516; _gcl_au=1.1.1413056622.1728050423; _ga=GA1.1.1613511744.1728050423; guid=71434D56-1548-ED3D-AEE6-C75AECD93BF0; _ga_VFQWFX3X1C=GS1.1.1728050423.1.0.1728050423.60.0.0
                                                                                                                                                                                                                                                                                                                2024-10-04 14:00:55 UTC211INHTTP/1.1 404 Not Found
                                                                                                                                                                                                                                                                                                                Server: nginx
                                                                                                                                                                                                                                                                                                                Date: Fri, 04 Oct 2024 14:00:55 GMT
                                                                                                                                                                                                                                                                                                                Content-Type: text/html; charset=UTF-8
                                                                                                                                                                                                                                                                                                                Transfer-Encoding: chunked
                                                                                                                                                                                                                                                                                                                Connection: close
                                                                                                                                                                                                                                                                                                                Vary: Accept-Encoding
                                                                                                                                                                                                                                                                                                                Vary: Accept-Encoding
                                                                                                                                                                                                                                                                                                                2024-10-04 14:00:55 UTC5INData Raw: 30 0d 0a 0d 0a
                                                                                                                                                                                                                                                                                                                Data Ascii: 0


                                                                                                                                                                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination Port
                                                                                                                                                                                                                                                                                                                67192.168.2.46306713.107.246.60443
                                                                                                                                                                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                2024-10-04 14:00:59 UTC195OUTGET /rules/other-Win32-v19.bundle HTTP/1.1
                                                                                                                                                                                                                                                                                                                Connection: Keep-Alive
                                                                                                                                                                                                                                                                                                                Accept-Encoding: gzip
                                                                                                                                                                                                                                                                                                                User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
                                                                                                                                                                                                                                                                                                                Host: otelrules.azureedge.net
                                                                                                                                                                                                                                                                                                                2024-10-04 14:00:59 UTC540INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                Date: Fri, 04 Oct 2024 14:00:59 GMT
                                                                                                                                                                                                                                                                                                                Content-Type: text/plain
                                                                                                                                                                                                                                                                                                                Content-Length: 218853
                                                                                                                                                                                                                                                                                                                Connection: close
                                                                                                                                                                                                                                                                                                                Vary: Accept-Encoding
                                                                                                                                                                                                                                                                                                                Vary: Accept-Encoding
                                                                                                                                                                                                                                                                                                                Vary: Accept-Encoding
                                                                                                                                                                                                                                                                                                                Vary: Accept-Encoding
                                                                                                                                                                                                                                                                                                                Cache-Control: public
                                                                                                                                                                                                                                                                                                                Last-Modified: Mon, 30 Sep 2024 13:16:38 GMT
                                                                                                                                                                                                                                                                                                                ETag: "0x8DCE1521DF74B57"
                                                                                                                                                                                                                                                                                                                x-ms-request-id: 90766f9b-701e-006f-578c-15afc4000000
                                                                                                                                                                                                                                                                                                                x-ms-version: 2018-03-28
                                                                                                                                                                                                                                                                                                                x-azure-ref: 20241004T140059Z-15767c5fc55rg5b7sh1vuv8t7n0000000cvg00000000q22r
                                                                                                                                                                                                                                                                                                                x-fd-int-roxy-purgeid: 0
                                                                                                                                                                                                                                                                                                                X-Cache: TCP_HIT
                                                                                                                                                                                                                                                                                                                Accept-Ranges: bytes
                                                                                                                                                                                                                                                                                                                2024-10-04 14:00:59 UTC15844INData Raw: 31 30 30 30 76 35 2b 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 30 30 30 22 20 56 3d 22 35 22 20 44 43 3d 22 45 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 54 65 6c 65 6d 65 74 72 79 2e 52 75 6c 65 45 72 72 6f 72 73 41 67 67 72 65 67 61 74 65 64 22 20 41 54 54 3d 22 66 39 39 38 63 63 35 62 61 34 64 34 34 38 64 36 61 31 65 38 65 39 31 33 66 66 31 38 62 65 39 34 2d 64 64 31 32 32 65 30 61 2d 66 63 66 38 2d 34 64 63 35 2d 39 64 62 62 2d 36 61 66 61 63 35 33 32 35 31 38 33 2d 37 34 30 35 22 20 53 50 3d 22 43 72 69 74 69 63 61 6c 42 75 73 69 6e 65 73 73 49 6d 70 61 63 74 22 20 53 3d 22 37 30 22 20 44 4c 3d 22 41 22 20 44 43 61 3d 22 50 53 50 20 50 53 55 22 20
                                                                                                                                                                                                                                                                                                                Data Ascii: 1000v5+<?xml version="1.0" encoding="utf-8"?><R Id="1000" V="5" DC="ESM" EN="Office.Telemetry.RuleErrorsAggregated" ATT="f998cc5ba4d448d6a1e8e913ff18be94-dd122e0a-fcf8-4dc5-9dbb-6afac5325183-7405" SP="CriticalBusinessImpact" S="70" DL="A" DCa="PSP PSU"
                                                                                                                                                                                                                                                                                                                2024-10-04 14:00:59 UTC16384INData Raw: 22 30 22 20 2f 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 2f 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 52 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 56 20 56 3d 22 34 30 30 22 20 54 3d 22 49 33 32 22 20 2f 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 2f 52 3e 0d 0a 20 20 20 20 20 20 20 20 3c 2f 4f 3e 0d 0a 20 20 20 20 20 20 3c 2f 52 3e 0d 0a 20 20 20 20 3c 2f 4f 3e 0d 0a 20 20 3c 2f 43 3e 0d 0a 20 20 3c 43 20 54 3d 22 42 22 20 49 3d 22 35 22 20 4f 3d 22 66 61 6c 73 65 22 3e 0d 0a 20 20 20 20 3c 4f 20 54 3d 22 41 4e 44 22 3e 0d 0a 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 3c 4f 20 54 3d 22 47 45 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 30 22 20 2f 3e
                                                                                                                                                                                                                                                                                                                Data Ascii: "0" /> </L> <R> <V V="400" T="I32" /> </R> </O> </R> </O> </C> <C T="B" I="5" O="false"> <O T="AND"> <L> <O T="GE"> <L> <S T="1" F="0" />
                                                                                                                                                                                                                                                                                                                2024-10-04 14:00:59 UTC16384INData Raw: 20 20 3c 53 54 3e 0d 0a 20 20 20 20 3c 53 20 54 3d 22 31 22 20 2f 3e 0d 0a 20 20 3c 2f 53 54 3e 0d 0a 3c 2f 52 3e 0d 0a 3c 24 21 23 3e 31 30 38 32 30 76 33 2b 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 30 38 32 30 22 20 56 3d 22 33 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 4f 75 74 6c 6f 6f 6b 2e 44 65 73 6b 74 6f 70 2e 43 6f 6e 74 61 63 74 43 61 72 64 50 72 6f 70 65 72 74 69 65 73 43 6f 75 6e 74 73 22 20 41 54 54 3d 22 64 38 30 37 36 30 39 32 37 36 37 34 34 32 34 35 62 61 66 38 31 62 66 37 62 63 38 30 33 33 66 36 2d 32 32 36 38 65 33 37 34 2d 37 37 36 36 2d 34 39 37 36 2d 62 65 34 34 2d 62 36 61 64 35 62 64 64 63 35 62 36 2d 37 38 31
                                                                                                                                                                                                                                                                                                                Data Ascii: <ST> <S T="1" /> </ST></R><$!#>10820v3+<?xml version="1.0" encoding="utf-8"?><R Id="10820" V="3" DC="SM" EN="Office.Outlook.Desktop.ContactCardPropertiesCounts" ATT="d807609276744245baf81bf7bc8033f6-2268e374-7766-4976-be44-b6ad5bddc5b6-781
                                                                                                                                                                                                                                                                                                                2024-10-04 14:00:59 UTC16384INData Raw: 20 54 3d 22 55 36 34 22 20 49 3d 22 38 22 20 4f 3d 22 66 61 6c 73 65 22 20 4e 3d 22 45 76 65 6e 74 73 5f 41 76 67 22 3e 0d 0a 20 20 20 20 3c 53 20 54 3d 22 32 22 20 46 3d 22 41 76 65 72 61 67 65 22 20 2f 3e 0d 0a 20 20 3c 2f 43 3e 0d 0a 20 20 3c 43 20 54 3d 22 55 33 32 22 20 49 3d 22 39 22 20 4f 3d 22 74 72 75 65 22 20 4e 3d 22 50 75 72 67 65 64 5f 41 67 65 22 3e 0d 0a 20 20 20 20 3c 53 20 54 3d 22 34 22 20 46 3d 22 43 6f 75 6e 74 22 20 2f 3e 0d 0a 20 20 3c 2f 43 3e 0d 0a 20 20 3c 43 20 54 3d 22 55 33 32 22 20 49 3d 22 31 30 22 20 4f 3d 22 74 72 75 65 22 20 4e 3d 22 50 75 72 67 65 64 5f 43 6f 75 6e 74 22 3e 0d 0a 20 20 20 20 3c 53 20 54 3d 22 35 22 20 46 3d 22 43 6f 75 6e 74 22 20 2f 3e 0d 0a 20 20 3c 2f 43 3e 0d 0a 20 20 3c 43 20 54 3d 22 55 33 32 22 20
                                                                                                                                                                                                                                                                                                                Data Ascii: T="U64" I="8" O="false" N="Events_Avg"> <S T="2" F="Average" /> </C> <C T="U32" I="9" O="true" N="Purged_Age"> <S T="4" F="Count" /> </C> <C T="U32" I="10" O="true" N="Purged_Count"> <S T="5" F="Count" /> </C> <C T="U32"
                                                                                                                                                                                                                                                                                                                2024-10-04 14:00:59 UTC16384INData Raw: 22 30 22 20 4f 3d 22 66 61 6c 73 65 22 20 4e 3d 22 43 6f 75 6e 74 5f 43 72 65 61 74 65 43 61 72 64 5f 56 61 6c 69 64 50 65 72 73 6f 6e 61 5f 46 61 6c 73 65 22 3e 0d 0a 20 20 20 20 3c 43 3e 0d 0a 20 20 20 20 20 20 3c 53 20 54 3d 22 31 30 22 20 2f 3e 0d 0a 20 20 20 20 3c 2f 43 3e 0d 0a 20 20 3c 2f 43 3e 0d 0a 20 20 3c 43 20 54 3d 22 55 33 32 22 20 49 3d 22 31 22 20 4f 3d 22 66 61 6c 73 65 22 20 4e 3d 22 43 6f 75 6e 74 5f 43 72 65 61 74 65 43 61 72 64 5f 56 61 6c 69 64 4d 61 6e 61 67 65 72 5f 46 61 6c 73 65 22 3e 0d 0a 20 20 20 20 3c 43 3e 0d 0a 20 20 20 20 20 20 3c 53 20 54 3d 22 31 31 22 20 2f 3e 0d 0a 20 20 20 20 3c 2f 43 3e 0d 0a 20 20 3c 2f 43 3e 0d 0a 20 20 3c 43 20 54 3d 22 55 33 32 22 20 49 3d 22 32 22 20 4f 3d 22 66 61 6c 73 65 22 20 4e 3d 22 43 6f
                                                                                                                                                                                                                                                                                                                Data Ascii: "0" O="false" N="Count_CreateCard_ValidPersona_False"> <C> <S T="10" /> </C> </C> <C T="U32" I="1" O="false" N="Count_CreateCard_ValidManager_False"> <C> <S T="11" /> </C> </C> <C T="U32" I="2" O="false" N="Co
                                                                                                                                                                                                                                                                                                                2024-10-04 14:00:59 UTC16384INData Raw: 20 20 20 20 3c 53 20 54 3d 22 33 31 22 20 2f 3e 0d 0a 20 20 20 20 3c 2f 43 3e 0d 0a 20 20 3c 2f 43 3e 0d 0a 20 20 3c 43 20 54 3d 22 55 33 32 22 20 49 3d 22 31 39 22 20 4f 3d 22 66 61 6c 73 65 22 20 4e 3d 22 50 61 69 6e 74 5f 49 4d 73 6f 50 65 72 73 6f 6e 61 5f 57 61 73 4e 75 6c 6c 5f 43 6f 75 6e 74 22 3e 0d 0a 20 20 20 20 3c 43 3e 0d 0a 20 20 20 20 20 20 3c 53 20 54 3d 22 33 32 22 20 2f 3e 0d 0a 20 20 20 20 3c 2f 43 3e 0d 0a 20 20 3c 2f 43 3e 0d 0a 20 20 3c 43 20 54 3d 22 55 33 32 22 20 49 3d 22 32 30 22 20 4f 3d 22 66 61 6c 73 65 22 20 4e 3d 22 50 61 69 6e 74 5f 49 4d 73 6f 50 65 72 73 6f 6e 61 5f 4e 75 6c 6c 5f 43 6f 75 6e 74 22 3e 0d 0a 20 20 20 20 3c 43 3e 0d 0a 20 20 20 20 20 20 3c 53 20 54 3d 22 33 33 22 20 2f 3e 0d 0a 20 20 20 20 3c 2f 43 3e 0d 0a
                                                                                                                                                                                                                                                                                                                Data Ascii: <S T="31" /> </C> </C> <C T="U32" I="19" O="false" N="Paint_IMsoPersona_WasNull_Count"> <C> <S T="32" /> </C> </C> <C T="U32" I="20" O="false" N="Paint_IMsoPersona_Null_Count"> <C> <S T="33" /> </C>
                                                                                                                                                                                                                                                                                                                2024-10-04 14:00:59 UTC16384INData Raw: 20 3c 53 20 54 3d 22 33 22 20 46 3d 22 52 65 74 72 69 65 76 61 6c 4d 69 6c 6c 69 73 65 63 6f 6e 64 73 22 20 2f 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 2f 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 52 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 3c 56 20 56 3d 22 32 30 30 22 20 54 3d 22 49 36 34 22 20 2f 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 2f 52 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 2f 4f 3e 0d 0a 20 20 20 20 20 20 20 20 3c 2f 4c 3e 0d 0a 20 20 20 20 20 20 20 20 3c 52 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 4f 20 54 3d 22 4c 54 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 3c 53 20 54 3d 22 33 22 20 46 3d 22 52 65 74 72 69 65 76 61 6c 4d 69 6c 6c 69 73 65 63
                                                                                                                                                                                                                                                                                                                Data Ascii: <S T="3" F="RetrievalMilliseconds" /> </L> <R> <V V="200" T="I64" /> </R> </O> </L> <R> <O T="LT"> <L> <S T="3" F="RetrievalMillisec
                                                                                                                                                                                                                                                                                                                2024-10-04 14:01:00 UTC16384INData Raw: 52 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 56 20 56 3d 22 30 22 20 54 3d 22 49 33 32 22 20 2f 3e 0d 0a 20 20 20 20 20 20 20 20 3c 2f 52 3e 0d 0a 20 20 20 20 20 20 3c 2f 4f 3e 0d 0a 20 20 20 20 3c 2f 46 3e 0d 0a 20 20 3c 2f 53 3e 0d 0a 20 20 3c 43 20 54 3d 22 55 33 32 22 20 49 3d 22 30 22 20 4f 3d 22 66 61 6c 73 65 22 20 4e 3d 22 4f 63 6f 6d 32 49 55 43 4f 66 66 69 63 65 49 6e 74 65 67 72 61 74 69 6f 6e 46 69 72 73 74 43 61 6c 6c 53 75 63 63 65 73 73 43 6f 75 6e 74 22 3e 0d 0a 20 20 20 20 3c 43 3e 0d 0a 20 20 20 20 20 20 3c 53 20 54 3d 22 39 22 20 2f 3e 0d 0a 20 20 20 20 3c 2f 43 3e 0d 0a 20 20 3c 2f 43 3e 0d 0a 20 20 3c 43 20 54 3d 22 55 33 32 22 20 49 3d 22 31 22 20 4f 3d 22 66 61 6c 73 65 22 20 4e 3d 22 4f 63 6f 6d 32 49 55 43 4f 66 66 69 63 65 49 6e
                                                                                                                                                                                                                                                                                                                Data Ascii: R> <V V="0" T="I32" /> </R> </O> </F> </S> <C T="U32" I="0" O="false" N="Ocom2IUCOfficeIntegrationFirstCallSuccessCount"> <C> <S T="9" /> </C> </C> <C T="U32" I="1" O="false" N="Ocom2IUCOfficeIn
                                                                                                                                                                                                                                                                                                                2024-10-04 14:01:00 UTC16384INData Raw: 52 3e 0d 0a 20 20 20 20 20 20 3c 2f 4f 3e 0d 0a 20 20 20 20 3c 2f 46 3e 0d 0a 20 20 20 20 3c 46 20 54 3d 22 36 22 3e 0d 0a 20 20 20 20 20 20 3c 4f 20 54 3d 22 41 4e 44 22 3e 0d 0a 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 53 20 54 3d 22 33 22 20 46 3d 22 54 65 6e 61 6e 74 20 65 6e 61 62 6c 65 64 22 20 2f 3e 0d 0a 20 20 20 20 20 20 20 20 3c 2f 4c 3e 0d 0a 20 20 20 20 20 20 20 20 3c 52 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 4f 20 54 3d 22 45 51 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 3c 53 20 54 3d 22 33 22 20 46 3d 22 55 73 65 72 20 65 6e 61 62 6c 65 64 22 20 2f 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 2f 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20
                                                                                                                                                                                                                                                                                                                Data Ascii: R> </O> </F> <F T="6"> <O T="AND"> <L> <S T="3" F="Tenant enabled" /> </L> <R> <O T="EQ"> <L> <S T="3" F="User enabled" /> </L>
                                                                                                                                                                                                                                                                                                                2024-10-04 14:01:00 UTC16384INData Raw: 54 3d 22 36 22 3e 0d 0a 20 20 20 20 20 20 3c 4f 20 54 3d 22 45 51 22 3e 0d 0a 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 53 20 54 3d 22 32 22 20 46 3d 22 48 74 74 70 53 74 61 74 75 73 22 20 2f 3e 0d 0a 20 20 20 20 20 20 20 20 3c 2f 4c 3e 0d 0a 20 20 20 20 20 20 20 20 3c 52 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 56 20 56 3d 22 34 30 34 22 20 54 3d 22 55 33 32 22 20 2f 3e 0d 0a 20 20 20 20 20 20 20 20 3c 2f 52 3e 0d 0a 20 20 20 20 20 20 3c 2f 4f 3e 0d 0a 20 20 20 20 3c 2f 46 3e 0d 0a 20 20 20 20 3c 46 20 54 3d 22 37 22 3e 0d 0a 20 20 20 20 20 20 3c 4f 20 54 3d 22 41 4e 44 22 3e 0d 0a 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 4f 20 54 3d 22 47 45 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c
                                                                                                                                                                                                                                                                                                                Data Ascii: T="6"> <O T="EQ"> <L> <S T="2" F="HttpStatus" /> </L> <R> <V V="404" T="U32" /> </R> </O> </F> <F T="7"> <O T="AND"> <L> <O T="GE"> <


                                                                                                                                                                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                                68192.168.2.46306845.32.1.234437872C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                2024-10-04 14:00:59 UTC924OUTPOST /api/api.php HTTP/1.1
                                                                                                                                                                                                                                                                                                                Host: pcapp.store
                                                                                                                                                                                                                                                                                                                Connection: keep-alive
                                                                                                                                                                                                                                                                                                                Content-Length: 96
                                                                                                                                                                                                                                                                                                                sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"
                                                                                                                                                                                                                                                                                                                sec-ch-ua-platform: "Windows"
                                                                                                                                                                                                                                                                                                                sec-ch-ua-mobile: ?0
                                                                                                                                                                                                                                                                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36
                                                                                                                                                                                                                                                                                                                Content-Type: application/json;charset=UTF-8
                                                                                                                                                                                                                                                                                                                Accept: */*
                                                                                                                                                                                                                                                                                                                Origin: https://pcapp.store
                                                                                                                                                                                                                                                                                                                Sec-Fetch-Site: same-origin
                                                                                                                                                                                                                                                                                                                Sec-Fetch-Mode: cors
                                                                                                                                                                                                                                                                                                                Sec-Fetch-Dest: empty
                                                                                                                                                                                                                                                                                                                Referer: https://pcapp.store/?p=lpd_installing_r2&guid=71434D56-1548-ED3D-AEE6-C75AECD93BF0&_fcid=1728048003008516&_winver=19045&version=fa.1091x
                                                                                                                                                                                                                                                                                                                Accept-Encoding: gzip, deflate, br
                                                                                                                                                                                                                                                                                                                Accept-Language: en-US,en;q=0.9
                                                                                                                                                                                                                                                                                                                Cookie: _fcid=1728048003008516; _gcl_au=1.1.1413056622.1728050423; _ga=GA1.1.1613511744.1728050423; guid=71434D56-1548-ED3D-AEE6-C75AECD93BF0; _ga_VFQWFX3X1C=GS1.1.1728050423.1.0.1728050423.60.0.0
                                                                                                                                                                                                                                                                                                                2024-10-04 14:00:59 UTC96OUTData Raw: 7b 22 63 22 3a 22 66 72 6f 6e 74 2f 69 6e 73 74 61 6c 6c 69 6e 67 22 2c 22 61 22 3a 22 69 6e 73 74 61 6c 6c 53 74 61 74 75 73 22 2c 22 70 22 3a 7b 22 67 75 69 64 22 3a 22 37 31 34 33 34 44 35 36 2d 31 35 34 38 2d 45 44 33 44 2d 41 45 45 36 2d 43 37 35 41 45 43 44 39 33 42 46 30 22 7d 7d
                                                                                                                                                                                                                                                                                                                Data Ascii: {"c":"front/installing","a":"installStatus","p":{"guid":"71434D56-1548-ED3D-AEE6-C75AECD93BF0"}}
                                                                                                                                                                                                                                                                                                                2024-10-04 14:00:59 UTC551INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                Server: nginx
                                                                                                                                                                                                                                                                                                                Date: Fri, 04 Oct 2024 14:00:59 GMT
                                                                                                                                                                                                                                                                                                                Content-Type: application/json
                                                                                                                                                                                                                                                                                                                Transfer-Encoding: chunked
                                                                                                                                                                                                                                                                                                                Connection: close
                                                                                                                                                                                                                                                                                                                Vary: Accept-Encoding
                                                                                                                                                                                                                                                                                                                Vary: Accept-Encoding
                                                                                                                                                                                                                                                                                                                Access-Control-Allow-Origin: https://pcapp.store
                                                                                                                                                                                                                                                                                                                Access-Control-Allow-Credentials: true
                                                                                                                                                                                                                                                                                                                Access-Control-Allow-Methods: GET, POST, OPTIONS
                                                                                                                                                                                                                                                                                                                Access-Control-Allow-Headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
                                                                                                                                                                                                                                                                                                                Cache-Control: no-store, no-cache, must-revalidate, proxy-revalidate, max-age=0
                                                                                                                                                                                                                                                                                                                2024-10-04 14:00:59 UTC44INData Raw: 32 31 0d 0a 7b 22 73 74 61 74 65 22 3a 22 6f 6b 22 2c 22 72 65 73 75 6c 74 22 3a 22 6e 6f 20 69 6e 66 6f 22 7d 0d 0a 30 0d 0a 0d 0a
                                                                                                                                                                                                                                                                                                                Data Ascii: 21{"state":"ok","result":"no info"}0


                                                                                                                                                                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                                69192.168.2.46306945.32.1.234437872C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                2024-10-04 14:01:00 UTC544OUTGET /api/api.php HTTP/1.1
                                                                                                                                                                                                                                                                                                                Host: pcapp.store
                                                                                                                                                                                                                                                                                                                Connection: keep-alive
                                                                                                                                                                                                                                                                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36
                                                                                                                                                                                                                                                                                                                Accept: */*
                                                                                                                                                                                                                                                                                                                Sec-Fetch-Site: none
                                                                                                                                                                                                                                                                                                                Sec-Fetch-Mode: cors
                                                                                                                                                                                                                                                                                                                Sec-Fetch-Dest: empty
                                                                                                                                                                                                                                                                                                                Accept-Encoding: gzip, deflate, br
                                                                                                                                                                                                                                                                                                                Accept-Language: en-US,en;q=0.9
                                                                                                                                                                                                                                                                                                                Cookie: _fcid=1728048003008516; _gcl_au=1.1.1413056622.1728050423; _ga=GA1.1.1613511744.1728050423; guid=71434D56-1548-ED3D-AEE6-C75AECD93BF0; _ga_VFQWFX3X1C=GS1.1.1728050423.1.0.1728050423.60.0.0
                                                                                                                                                                                                                                                                                                                2024-10-04 14:01:00 UTC211INHTTP/1.1 404 Not Found
                                                                                                                                                                                                                                                                                                                Server: nginx
                                                                                                                                                                                                                                                                                                                Date: Fri, 04 Oct 2024 14:01:00 GMT
                                                                                                                                                                                                                                                                                                                Content-Type: text/html; charset=UTF-8
                                                                                                                                                                                                                                                                                                                Transfer-Encoding: chunked
                                                                                                                                                                                                                                                                                                                Connection: close
                                                                                                                                                                                                                                                                                                                Vary: Accept-Encoding
                                                                                                                                                                                                                                                                                                                Vary: Accept-Encoding
                                                                                                                                                                                                                                                                                                                2024-10-04 14:01:00 UTC5INData Raw: 30 0d 0a 0d 0a
                                                                                                                                                                                                                                                                                                                Data Ascii: 0


                                                                                                                                                                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination Port
                                                                                                                                                                                                                                                                                                                70192.168.2.46307413.107.246.60443
                                                                                                                                                                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                2024-10-04 14:01:00 UTC192OUTGET /rules/rule120609v0s19.xml HTTP/1.1
                                                                                                                                                                                                                                                                                                                Connection: Keep-Alive
                                                                                                                                                                                                                                                                                                                Accept-Encoding: gzip
                                                                                                                                                                                                                                                                                                                User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
                                                                                                                                                                                                                                                                                                                Host: otelrules.azureedge.net
                                                                                                                                                                                                                                                                                                                2024-10-04 14:01:00 UTC470INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                Date: Fri, 04 Oct 2024 14:01:00 GMT
                                                                                                                                                                                                                                                                                                                Content-Type: text/xml
                                                                                                                                                                                                                                                                                                                Content-Length: 408
                                                                                                                                                                                                                                                                                                                Connection: close
                                                                                                                                                                                                                                                                                                                Cache-Control: public, max-age=604800, immutable
                                                                                                                                                                                                                                                                                                                Last-Modified: Tue, 09 Apr 2024 00:26:33 GMT
                                                                                                                                                                                                                                                                                                                ETag: "0x8DC582BB56D3AFB"
                                                                                                                                                                                                                                                                                                                x-ms-request-id: 4b0a31e7-c01e-00ad-448c-15a2b9000000
                                                                                                                                                                                                                                                                                                                x-ms-version: 2018-03-28
                                                                                                                                                                                                                                                                                                                x-azure-ref: 20241004T140100Z-15767c5fc55gs96cphvgp5f5vc0000000ckg0000000087x6
                                                                                                                                                                                                                                                                                                                x-fd-int-roxy-purgeid: 0
                                                                                                                                                                                                                                                                                                                X-Cache: TCP_HIT
                                                                                                                                                                                                                                                                                                                Accept-Ranges: bytes
                                                                                                                                                                                                                                                                                                                2024-10-04 14:01:00 UTC408INData Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 30 39 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 38 32 22 20 2f 3e 0d 0a 20 20 20 20 3c 53 52 20 54 3d 22 32 22 20 52 3d 22 5e 28 5b 44 64 5d 5b 45 65 5d 5b 4c 6c 5d 5b 4c 6c 5d 29 22 3e 0d 0a 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 30 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 3c 2f 53 52 3e 0d 0a 20 20 3c 2f 53 3e 0d 0a 20 20 3c 43 20 54 3d 22 57 22 20 49 3d 22 30 22 20 4f 3d 22 74 72 75 65 22 3e 0d 0a 20 20
                                                                                                                                                                                                                                                                                                                Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120609" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120682" /> <SR T="2" R="^([Dd][Ee][Ll][Ll])"> <S T="1" F="0" M="Ignore" /> </SR> </S> <C T="W" I="0" O="true">


                                                                                                                                                                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination Port
                                                                                                                                                                                                                                                                                                                71192.168.2.46307113.107.246.60443
                                                                                                                                                                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                2024-10-04 14:01:00 UTC192OUTGET /rules/rule224902v2s19.xml HTTP/1.1
                                                                                                                                                                                                                                                                                                                Connection: Keep-Alive
                                                                                                                                                                                                                                                                                                                Accept-Encoding: gzip
                                                                                                                                                                                                                                                                                                                User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
                                                                                                                                                                                                                                                                                                                Host: otelrules.azureedge.net
                                                                                                                                                                                                                                                                                                                2024-10-04 14:01:00 UTC470INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                Date: Fri, 04 Oct 2024 14:01:00 GMT
                                                                                                                                                                                                                                                                                                                Content-Type: text/xml
                                                                                                                                                                                                                                                                                                                Content-Length: 450
                                                                                                                                                                                                                                                                                                                Connection: close
                                                                                                                                                                                                                                                                                                                Cache-Control: public, max-age=604800, immutable
                                                                                                                                                                                                                                                                                                                Last-Modified: Tue, 09 Apr 2024 00:27:25 GMT
                                                                                                                                                                                                                                                                                                                ETag: "0x8DC582BD4C869AE"
                                                                                                                                                                                                                                                                                                                x-ms-request-id: b9d87bc4-001e-008d-138c-15d91e000000
                                                                                                                                                                                                                                                                                                                x-ms-version: 2018-03-28
                                                                                                                                                                                                                                                                                                                x-azure-ref: 20241004T140100Z-15767c5fc55fdfx81a30vtr1fw0000000d20000000000fea
                                                                                                                                                                                                                                                                                                                x-fd-int-roxy-purgeid: 0
                                                                                                                                                                                                                                                                                                                X-Cache: TCP_HIT
                                                                                                                                                                                                                                                                                                                Accept-Ranges: bytes
                                                                                                                                                                                                                                                                                                                2024-10-04 14:01:00 UTC450INData Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 32 32 34 39 30 32 22 20 56 3d 22 32 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 31 30 30 22 20 2f 3e 0d 0a 20 20 20 20 3c 55 54 53 20 54 3d 22 32 22 20 49 64 3d 22 62 62 72 35 71 22 20 2f 3e 0d 0a 20 20 20 20 3c 53 53 20 54 3d 22 33 22 20 47 3d 22 7b 61 33 36 61 39 37 30 64 2d 34 35 61 39 2d 34 65 30 64 2d 39 63 61 62 2d 32 61 32 33 35 63 63 39 64 37 63 36 7d 22 20 2f 3e 0d 0a 20 20 3c 2f 53 3e 0d 0a 20 20 3c 43 20 54 3d 22 47 22 20 49 3d 22 30 22 20 4f 3d 22 66 61 6c 73 65 4e
                                                                                                                                                                                                                                                                                                                Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="224902" V="2" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120100" /> <UTS T="2" Id="bbr5q" /> <SS T="3" G="{a36a970d-45a9-4e0d-9cab-2a235cc9d7c6}" /> </S> <C T="G" I="0" O="falseN


                                                                                                                                                                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination Port
                                                                                                                                                                                                                                                                                                                72192.168.2.46307213.107.246.60443
                                                                                                                                                                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                2024-10-04 14:01:00 UTC192OUTGET /rules/rule120600v4s19.xml HTTP/1.1
                                                                                                                                                                                                                                                                                                                Connection: Keep-Alive
                                                                                                                                                                                                                                                                                                                Accept-Encoding: gzip
                                                                                                                                                                                                                                                                                                                User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
                                                                                                                                                                                                                                                                                                                Host: otelrules.azureedge.net
                                                                                                                                                                                                                                                                                                                2024-10-04 14:01:00 UTC563INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                Date: Fri, 04 Oct 2024 14:01:00 GMT
                                                                                                                                                                                                                                                                                                                Content-Type: text/xml
                                                                                                                                                                                                                                                                                                                Content-Length: 2980
                                                                                                                                                                                                                                                                                                                Connection: close
                                                                                                                                                                                                                                                                                                                Vary: Accept-Encoding
                                                                                                                                                                                                                                                                                                                Vary: Accept-Encoding
                                                                                                                                                                                                                                                                                                                Vary: Accept-Encoding
                                                                                                                                                                                                                                                                                                                Vary: Accept-Encoding
                                                                                                                                                                                                                                                                                                                Cache-Control: public, max-age=604800, immutable
                                                                                                                                                                                                                                                                                                                Last-Modified: Tue, 09 Apr 2024 00:26:10 GMT
                                                                                                                                                                                                                                                                                                                ETag: "0x8DC582BA80D96A1"
                                                                                                                                                                                                                                                                                                                x-ms-request-id: b9d87bc3-001e-008d-128c-15d91e000000
                                                                                                                                                                                                                                                                                                                x-ms-version: 2018-03-28
                                                                                                                                                                                                                                                                                                                x-azure-ref: 20241004T140100Z-15767c5fc55gs96cphvgp5f5vc0000000cm0000000006khz
                                                                                                                                                                                                                                                                                                                x-fd-int-roxy-purgeid: 0
                                                                                                                                                                                                                                                                                                                X-Cache: TCP_HIT
                                                                                                                                                                                                                                                                                                                Accept-Ranges: bytes
                                                                                                                                                                                                                                                                                                                2024-10-04 14:01:00 UTC2980INData Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 30 30 22 20 56 3d 22 34 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 53 79 73 74 65 6d 2e 53 79 73 74 65 6d 48 65 61 6c 74 68 4d 65 74 61 64 61 74 61 44 65 76 69 63 65 43 6f 6e 73 6f 6c 69 64 61 74 65 64 22 20 41 54 54 3d 22 63 64 38 33 36 36 32 36 36 31 31 63 34 63 61 61 61 38 66 63 35 62 32 65 37 32 38 65 65 38 31 64 2d 33 62 36 64 36 63 34 35 2d 36 33 37 37 2d 34 62 66 35 2d 39 37 39 32 2d 64 62 66 38 65 31 38 38 31 30 38 38 2d 37 35 32 31 22 20 53 50 3d 22 43 72 69 74 69 63 61 6c 42 75 73 69 6e 65 73 73 49 6d 70 61 63 74 22 20 44 4c 3d 22 41 22 20 44 43 61 3d 22 44 43 22 20
                                                                                                                                                                                                                                                                                                                Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120600" V="4" DC="SM" EN="Office.System.SystemHealthMetadataDeviceConsolidated" ATT="cd836626611c4caaa8fc5b2e728ee81d-3b6d6c45-6377-4bf5-9792-dbf8e1881088-7521" SP="CriticalBusinessImpact" DL="A" DCa="DC"


                                                                                                                                                                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination Port
                                                                                                                                                                                                                                                                                                                73192.168.2.46307313.107.246.60443
                                                                                                                                                                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                2024-10-04 14:01:00 UTC192OUTGET /rules/rule120608v0s19.xml HTTP/1.1
                                                                                                                                                                                                                                                                                                                Connection: Keep-Alive
                                                                                                                                                                                                                                                                                                                Accept-Encoding: gzip
                                                                                                                                                                                                                                                                                                                User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
                                                                                                                                                                                                                                                                                                                Host: otelrules.azureedge.net
                                                                                                                                                                                                                                                                                                                2024-10-04 14:01:00 UTC563INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                Date: Fri, 04 Oct 2024 14:01:00 GMT
                                                                                                                                                                                                                                                                                                                Content-Type: text/xml
                                                                                                                                                                                                                                                                                                                Content-Length: 2160
                                                                                                                                                                                                                                                                                                                Connection: close
                                                                                                                                                                                                                                                                                                                Vary: Accept-Encoding
                                                                                                                                                                                                                                                                                                                Vary: Accept-Encoding
                                                                                                                                                                                                                                                                                                                Vary: Accept-Encoding
                                                                                                                                                                                                                                                                                                                Vary: Accept-Encoding
                                                                                                                                                                                                                                                                                                                Cache-Control: public, max-age=604800, immutable
                                                                                                                                                                                                                                                                                                                Last-Modified: Tue, 09 Apr 2024 00:26:03 GMT
                                                                                                                                                                                                                                                                                                                ETag: "0x8DC582BA3B95D81"
                                                                                                                                                                                                                                                                                                                x-ms-request-id: 39d43082-801e-00ac-658c-15fd65000000
                                                                                                                                                                                                                                                                                                                x-ms-version: 2018-03-28
                                                                                                                                                                                                                                                                                                                x-azure-ref: 20241004T140100Z-15767c5fc55qkvj6n60pxm9mbw00000001v0000000006nx5
                                                                                                                                                                                                                                                                                                                x-fd-int-roxy-purgeid: 0
                                                                                                                                                                                                                                                                                                                X-Cache: TCP_HIT
                                                                                                                                                                                                                                                                                                                Accept-Ranges: bytes
                                                                                                                                                                                                                                                                                                                2024-10-04 14:01:00 UTC2160INData Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 30 38 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 44 43 61 3d 22 50 53 55 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 30 39 22 20 2f 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 32 22 20 52 3d 22 31 32 30 36 37 39 22 20 2f 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 33 22 20 52 3d 22 31 32 30 36 31 30 22 20 2f 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 34 22 20 52 3d 22 31 32 30 36 31 32 22 20 2f 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 35 22 20 52 3d 22 31 32 30 36 31 34 22 20 2f 3e 0d 0a 20 20 20
                                                                                                                                                                                                                                                                                                                Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120608" V="0" DC="SM" T="Subrule" DCa="PSU" xmlns=""> <S> <R T="1" R="120609" /> <R T="2" R="120679" /> <R T="3" R="120610" /> <R T="4" R="120612" /> <R T="5" R="120614" />


                                                                                                                                                                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination Port
                                                                                                                                                                                                                                                                                                                74192.168.2.46307013.107.246.60443
                                                                                                                                                                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                2024-10-04 14:01:00 UTC193OUTGET /rules/rule120402v21s19.xml HTTP/1.1
                                                                                                                                                                                                                                                                                                                Connection: Keep-Alive
                                                                                                                                                                                                                                                                                                                Accept-Encoding: gzip
                                                                                                                                                                                                                                                                                                                User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
                                                                                                                                                                                                                                                                                                                Host: otelrules.azureedge.net
                                                                                                                                                                                                                                                                                                                2024-10-04 14:01:00 UTC563INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                Date: Fri, 04 Oct 2024 14:01:00 GMT
                                                                                                                                                                                                                                                                                                                Content-Type: text/xml
                                                                                                                                                                                                                                                                                                                Content-Length: 3788
                                                                                                                                                                                                                                                                                                                Connection: close
                                                                                                                                                                                                                                                                                                                Vary: Accept-Encoding
                                                                                                                                                                                                                                                                                                                Vary: Accept-Encoding
                                                                                                                                                                                                                                                                                                                Vary: Accept-Encoding
                                                                                                                                                                                                                                                                                                                Vary: Accept-Encoding
                                                                                                                                                                                                                                                                                                                Cache-Control: public, max-age=604800, immutable
                                                                                                                                                                                                                                                                                                                Last-Modified: Tue, 09 Apr 2024 00:26:17 GMT
                                                                                                                                                                                                                                                                                                                ETag: "0x8DC582BAC2126A6"
                                                                                                                                                                                                                                                                                                                x-ms-request-id: 1cc2ff82-e01e-0071-478c-1508e7000000
                                                                                                                                                                                                                                                                                                                x-ms-version: 2018-03-28
                                                                                                                                                                                                                                                                                                                x-azure-ref: 20241004T140100Z-15767c5fc55dtdv4d4saq7t47n0000000c9000000000qafs
                                                                                                                                                                                                                                                                                                                x-fd-int-roxy-purgeid: 0
                                                                                                                                                                                                                                                                                                                X-Cache: TCP_HIT
                                                                                                                                                                                                                                                                                                                Accept-Ranges: bytes
                                                                                                                                                                                                                                                                                                                2024-10-04 14:01:00 UTC3788INData Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 34 30 32 22 20 56 3d 22 32 31 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 53 79 73 74 65 6d 2e 53 79 73 74 65 6d 48 65 61 6c 74 68 55 6e 67 72 61 63 65 66 75 6c 41 70 70 45 78 69 74 44 65 73 6b 74 6f 70 22 20 41 54 54 3d 22 63 64 38 33 36 36 32 36 36 31 31 63 34 63 61 61 61 38 66 63 35 62 32 65 37 32 38 65 65 38 31 64 2d 33 62 36 64 36 63 34 35 2d 36 33 37 37 2d 34 62 66 35 2d 39 37 39 32 2d 64 62 66 38 65 31 38 38 31 30 38 38 2d 37 35 32 31 22 20 53 50 3d 22 43 72 69 74 69 63 61 6c 43 65 6e 73 75 73 22 20 44 4c 3d 22 41 22 20 44 43 61 3d 22 50 53 50 22 20 78 6d 6c 6e 73 3d 22 22
                                                                                                                                                                                                                                                                                                                Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120402" V="21" DC="SM" EN="Office.System.SystemHealthUngracefulAppExitDesktop" ATT="cd836626611c4caaa8fc5b2e728ee81d-3b6d6c45-6377-4bf5-9792-dbf8e1881088-7521" SP="CriticalCensus" DL="A" DCa="PSP" xmlns=""


                                                                                                                                                                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination Port
                                                                                                                                                                                                                                                                                                                75192.168.2.46307513.107.246.60443
                                                                                                                                                                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                2024-10-04 14:01:01 UTC192OUTGET /rules/rule120610v0s19.xml HTTP/1.1
                                                                                                                                                                                                                                                                                                                Connection: Keep-Alive
                                                                                                                                                                                                                                                                                                                Accept-Encoding: gzip
                                                                                                                                                                                                                                                                                                                User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
                                                                                                                                                                                                                                                                                                                Host: otelrules.azureedge.net
                                                                                                                                                                                                                                                                                                                2024-10-04 14:01:01 UTC470INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                Date: Fri, 04 Oct 2024 14:01:01 GMT
                                                                                                                                                                                                                                                                                                                Content-Type: text/xml
                                                                                                                                                                                                                                                                                                                Content-Length: 474
                                                                                                                                                                                                                                                                                                                Connection: close
                                                                                                                                                                                                                                                                                                                Cache-Control: public, max-age=604800, immutable
                                                                                                                                                                                                                                                                                                                Last-Modified: Tue, 09 Apr 2024 00:25:46 GMT
                                                                                                                                                                                                                                                                                                                ETag: "0x8DC582B9964B277"
                                                                                                                                                                                                                                                                                                                x-ms-request-id: aa8826a4-b01e-0053-608c-15cdf8000000
                                                                                                                                                                                                                                                                                                                x-ms-version: 2018-03-28
                                                                                                                                                                                                                                                                                                                x-azure-ref: 20241004T140101Z-15767c5fc55d6fcl6x6bw8cpdc0000000cm00000000057sx
                                                                                                                                                                                                                                                                                                                x-fd-int-roxy-purgeid: 0
                                                                                                                                                                                                                                                                                                                X-Cache: TCP_HIT
                                                                                                                                                                                                                                                                                                                Accept-Ranges: bytes
                                                                                                                                                                                                                                                                                                                2024-10-04 14:01:01 UTC474INData Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 31 30 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 30 39 22 20 2f 3e 0d 0a 20 20 20 20 3c 54 48 20 54 3d 22 32 22 3e 0d 0a 20 20 20 20 20 20 3c 4f 20 54 3d 22 45 51 22 3e 0d 0a 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 55 20 54 3d 22 45 71 75 61 6c 73 4e 75 6c 6c 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 30 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 20 20
                                                                                                                                                                                                                                                                                                                Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120610" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120609" /> <TH T="2"> <O T="EQ"> <L> <U T="EqualsNull"> <S T="1" F="0" M="Ignore" />


                                                                                                                                                                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination Port
                                                                                                                                                                                                                                                                                                                76192.168.2.46307613.107.246.60443
                                                                                                                                                                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                2024-10-04 14:01:01 UTC192OUTGET /rules/rule120611v0s19.xml HTTP/1.1
                                                                                                                                                                                                                                                                                                                Connection: Keep-Alive
                                                                                                                                                                                                                                                                                                                Accept-Encoding: gzip
                                                                                                                                                                                                                                                                                                                User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
                                                                                                                                                                                                                                                                                                                Host: otelrules.azureedge.net
                                                                                                                                                                                                                                                                                                                2024-10-04 14:01:01 UTC470INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                Date: Fri, 04 Oct 2024 14:01:01 GMT
                                                                                                                                                                                                                                                                                                                Content-Type: text/xml
                                                                                                                                                                                                                                                                                                                Content-Length: 415
                                                                                                                                                                                                                                                                                                                Connection: close
                                                                                                                                                                                                                                                                                                                Cache-Control: public, max-age=604800, immutable
                                                                                                                                                                                                                                                                                                                Last-Modified: Tue, 09 Apr 2024 00:25:56 GMT
                                                                                                                                                                                                                                                                                                                ETag: "0x8DC582B9F6F3512"
                                                                                                                                                                                                                                                                                                                x-ms-request-id: 757ce4f4-401e-000a-128c-154a7b000000
                                                                                                                                                                                                                                                                                                                x-ms-version: 2018-03-28
                                                                                                                                                                                                                                                                                                                x-azure-ref: 20241004T140101Z-15767c5fc55472x4k7dmphmadg0000000c6000000000qvz7
                                                                                                                                                                                                                                                                                                                x-fd-int-roxy-purgeid: 0
                                                                                                                                                                                                                                                                                                                X-Cache: TCP_HIT
                                                                                                                                                                                                                                                                                                                Accept-Ranges: bytes
                                                                                                                                                                                                                                                                                                                2024-10-04 14:01:01 UTC415INData Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 31 31 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 30 39 22 20 2f 3e 0d 0a 20 20 20 20 3c 53 52 20 54 3d 22 32 22 20 52 3d 22 28 5b 4c 6c 5d 5b 45 65 5d 5b 4e 6e 5d 5b 4f 6f 5d 5b 56 76 5d 5b 4f 6f 5d 29 22 3e 0d 0a 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 31 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 3c 2f 53 52 3e 0d 0a 20 20 3c 2f 53 3e 0d 0a 20 20 3c 43 20 54 3d 22 57 22 20 49 3d 22 30 22 20 4f 3d 22 74 72 75
                                                                                                                                                                                                                                                                                                                Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120611" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120609" /> <SR T="2" R="([Ll][Ee][Nn][Oo][Vv][Oo])"> <S T="1" F="1" M="Ignore" /> </SR> </S> <C T="W" I="0" O="tru


                                                                                                                                                                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination Port
                                                                                                                                                                                                                                                                                                                77192.168.2.46307813.107.246.60443
                                                                                                                                                                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                2024-10-04 14:01:01 UTC192OUTGET /rules/rule120613v0s19.xml HTTP/1.1
                                                                                                                                                                                                                                                                                                                Connection: Keep-Alive
                                                                                                                                                                                                                                                                                                                Accept-Encoding: gzip
                                                                                                                                                                                                                                                                                                                User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
                                                                                                                                                                                                                                                                                                                Host: otelrules.azureedge.net
                                                                                                                                                                                                                                                                                                                2024-10-04 14:01:01 UTC470INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                Date: Fri, 04 Oct 2024 14:01:01 GMT
                                                                                                                                                                                                                                                                                                                Content-Type: text/xml
                                                                                                                                                                                                                                                                                                                Content-Length: 632
                                                                                                                                                                                                                                                                                                                Connection: close
                                                                                                                                                                                                                                                                                                                Cache-Control: public, max-age=604800, immutable
                                                                                                                                                                                                                                                                                                                Last-Modified: Tue, 09 Apr 2024 00:26:35 GMT
                                                                                                                                                                                                                                                                                                                ETag: "0x8DC582BB6E3779E"
                                                                                                                                                                                                                                                                                                                x-ms-request-id: 3a0dc1eb-601e-0032-608c-15eebb000000
                                                                                                                                                                                                                                                                                                                x-ms-version: 2018-03-28
                                                                                                                                                                                                                                                                                                                x-azure-ref: 20241004T140101Z-15767c5fc55xsgnlxyxy40f4m00000000ch000000000cmb8
                                                                                                                                                                                                                                                                                                                x-fd-int-roxy-purgeid: 0
                                                                                                                                                                                                                                                                                                                X-Cache: TCP_HIT
                                                                                                                                                                                                                                                                                                                Accept-Ranges: bytes
                                                                                                                                                                                                                                                                                                                2024-10-04 14:01:01 UTC632INData Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 31 33 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 31 31 22 20 2f 3e 0d 0a 20 20 20 20 3c 53 52 20 54 3d 22 32 22 20 52 3d 22 5e 28 5b 48 68 5d 5b 50 70 5d 28 5b 5e 45 5d 7c 24 29 29 22 3e 0d 0a 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 31 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 3c 2f 53 52 3e 0d 0a 20 20 20 20 3c 53 52 20 54 3d 22 33 22 20 52 3d 22 28 5b 48 68 5d 5b 45 65 5d 5b 57 77 5d 5b 4c 6c 5d 5b 45 65 5d
                                                                                                                                                                                                                                                                                                                Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120613" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120611" /> <SR T="2" R="^([Hh][Pp]([^E]|$))"> <S T="1" F="1" M="Ignore" /> </SR> <SR T="3" R="([Hh][Ee][Ww][Ll][Ee]


                                                                                                                                                                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination Port
                                                                                                                                                                                                                                                                                                                78192.168.2.46307713.107.246.60443
                                                                                                                                                                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                2024-10-04 14:01:01 UTC192OUTGET /rules/rule120612v0s19.xml HTTP/1.1
                                                                                                                                                                                                                                                                                                                Connection: Keep-Alive
                                                                                                                                                                                                                                                                                                                Accept-Encoding: gzip
                                                                                                                                                                                                                                                                                                                User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
                                                                                                                                                                                                                                                                                                                Host: otelrules.azureedge.net
                                                                                                                                                                                                                                                                                                                2024-10-04 14:01:01 UTC470INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                Date: Fri, 04 Oct 2024 14:01:01 GMT
                                                                                                                                                                                                                                                                                                                Content-Type: text/xml
                                                                                                                                                                                                                                                                                                                Content-Length: 471
                                                                                                                                                                                                                                                                                                                Connection: close
                                                                                                                                                                                                                                                                                                                Cache-Control: public, max-age=604800, immutable
                                                                                                                                                                                                                                                                                                                Last-Modified: Tue, 09 Apr 2024 00:26:25 GMT
                                                                                                                                                                                                                                                                                                                ETag: "0x8DC582BB10C598B"
                                                                                                                                                                                                                                                                                                                x-ms-request-id: 24b39cfc-301e-0096-2a8c-15e71d000000
                                                                                                                                                                                                                                                                                                                x-ms-version: 2018-03-28
                                                                                                                                                                                                                                                                                                                x-azure-ref: 20241004T140101Z-15767c5fc55rg5b7sh1vuv8t7n0000000d20000000000fz8
                                                                                                                                                                                                                                                                                                                x-fd-int-roxy-purgeid: 0
                                                                                                                                                                                                                                                                                                                X-Cache: TCP_HIT
                                                                                                                                                                                                                                                                                                                Accept-Ranges: bytes
                                                                                                                                                                                                                                                                                                                2024-10-04 14:01:01 UTC471INData Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 31 32 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 31 31 22 20 2f 3e 0d 0a 20 20 20 20 3c 54 48 20 54 3d 22 32 22 3e 0d 0a 20 20 20 20 20 20 3c 4f 20 54 3d 22 45 51 22 3e 0d 0a 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 55 20 54 3d 22 45 71 75 61 6c 73 4e 75 6c 6c 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 30 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 20 20
                                                                                                                                                                                                                                                                                                                Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120612" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120611" /> <TH T="2"> <O T="EQ"> <L> <U T="EqualsNull"> <S T="1" F="0" M="Ignore" />


                                                                                                                                                                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination Port
                                                                                                                                                                                                                                                                                                                79192.168.2.46307913.107.246.60443
                                                                                                                                                                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                2024-10-04 14:01:01 UTC192OUTGET /rules/rule120614v0s19.xml HTTP/1.1
                                                                                                                                                                                                                                                                                                                Connection: Keep-Alive
                                                                                                                                                                                                                                                                                                                Accept-Encoding: gzip
                                                                                                                                                                                                                                                                                                                User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
                                                                                                                                                                                                                                                                                                                Host: otelrules.azureedge.net
                                                                                                                                                                                                                                                                                                                2024-10-04 14:01:01 UTC470INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                Date: Fri, 04 Oct 2024 14:01:01 GMT
                                                                                                                                                                                                                                                                                                                Content-Type: text/xml
                                                                                                                                                                                                                                                                                                                Content-Length: 467
                                                                                                                                                                                                                                                                                                                Connection: close
                                                                                                                                                                                                                                                                                                                Cache-Control: public, max-age=604800, immutable
                                                                                                                                                                                                                                                                                                                Last-Modified: Tue, 09 Apr 2024 00:26:08 GMT
                                                                                                                                                                                                                                                                                                                ETag: "0x8DC582BA6C038BC"
                                                                                                                                                                                                                                                                                                                x-ms-request-id: b2393cc3-501e-005b-768c-15d7f7000000
                                                                                                                                                                                                                                                                                                                x-ms-version: 2018-03-28
                                                                                                                                                                                                                                                                                                                x-azure-ref: 20241004T140101Z-15767c5fc55whfstvfw43u8fp40000000cqg00000000m764
                                                                                                                                                                                                                                                                                                                x-fd-int-roxy-purgeid: 0
                                                                                                                                                                                                                                                                                                                X-Cache: TCP_HIT
                                                                                                                                                                                                                                                                                                                Accept-Ranges: bytes
                                                                                                                                                                                                                                                                                                                2024-10-04 14:01:01 UTC467INData Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 31 34 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 31 33 22 20 2f 3e 0d 0a 20 20 20 20 3c 54 48 20 54 3d 22 32 22 3e 0d 0a 20 20 20 20 20 20 3c 4f 20 54 3d 22 45 51 22 3e 0d 0a 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 55 20 54 3d 22 45 71 75 61 6c 73 4e 75 6c 6c 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 30 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 20 20
                                                                                                                                                                                                                                                                                                                Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120614" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120613" /> <TH T="2"> <O T="EQ"> <L> <U T="EqualsNull"> <S T="1" F="0" M="Ignore" />


                                                                                                                                                                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination Port
                                                                                                                                                                                                                                                                                                                80192.168.2.46308013.107.246.60443
                                                                                                                                                                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                2024-10-04 14:01:02 UTC192OUTGET /rules/rule120615v0s19.xml HTTP/1.1
                                                                                                                                                                                                                                                                                                                Connection: Keep-Alive
                                                                                                                                                                                                                                                                                                                Accept-Encoding: gzip
                                                                                                                                                                                                                                                                                                                User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
                                                                                                                                                                                                                                                                                                                Host: otelrules.azureedge.net
                                                                                                                                                                                                                                                                                                                2024-10-04 14:01:02 UTC470INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                Date: Fri, 04 Oct 2024 14:01:02 GMT
                                                                                                                                                                                                                                                                                                                Content-Type: text/xml
                                                                                                                                                                                                                                                                                                                Content-Length: 407
                                                                                                                                                                                                                                                                                                                Connection: close
                                                                                                                                                                                                                                                                                                                Cache-Control: public, max-age=604800, immutable
                                                                                                                                                                                                                                                                                                                Last-Modified: Tue, 09 Apr 2024 00:26:42 GMT
                                                                                                                                                                                                                                                                                                                ETag: "0x8DC582BBAD04B7B"
                                                                                                                                                                                                                                                                                                                x-ms-request-id: 023e3708-a01e-003d-568c-1598d7000000
                                                                                                                                                                                                                                                                                                                x-ms-version: 2018-03-28
                                                                                                                                                                                                                                                                                                                x-azure-ref: 20241004T140102Z-15767c5fc55qdcd62bsn50hd6s0000000c9g00000000q067
                                                                                                                                                                                                                                                                                                                x-fd-int-roxy-purgeid: 0
                                                                                                                                                                                                                                                                                                                X-Cache: TCP_HIT
                                                                                                                                                                                                                                                                                                                Accept-Ranges: bytes
                                                                                                                                                                                                                                                                                                                2024-10-04 14:01:02 UTC407INData Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 31 35 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 31 33 22 20 2f 3e 0d 0a 20 20 20 20 3c 53 52 20 54 3d 22 32 22 20 52 3d 22 28 5b 41 61 5d 5b 53 73 5d 5b 55 75 5d 5b 53 73 5d 29 22 3e 0d 0a 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 31 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 3c 2f 53 52 3e 0d 0a 20 20 3c 2f 53 3e 0d 0a 20 20 3c 43 20 54 3d 22 57 22 20 49 3d 22 30 22 20 4f 3d 22 74 72 75 65 22 3e 0d 0a 20 20 20
                                                                                                                                                                                                                                                                                                                Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120615" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120613" /> <SR T="2" R="([Aa][Ss][Uu][Ss])"> <S T="1" F="1" M="Ignore" /> </SR> </S> <C T="W" I="0" O="true">


                                                                                                                                                                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination Port
                                                                                                                                                                                                                                                                                                                81192.168.2.46308213.107.246.60443
                                                                                                                                                                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                2024-10-04 14:01:02 UTC192OUTGET /rules/rule120617v0s19.xml HTTP/1.1
                                                                                                                                                                                                                                                                                                                Connection: Keep-Alive
                                                                                                                                                                                                                                                                                                                Accept-Encoding: gzip
                                                                                                                                                                                                                                                                                                                User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
                                                                                                                                                                                                                                                                                                                Host: otelrules.azureedge.net
                                                                                                                                                                                                                                                                                                                2024-10-04 14:01:02 UTC470INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                Date: Fri, 04 Oct 2024 14:01:02 GMT
                                                                                                                                                                                                                                                                                                                Content-Type: text/xml
                                                                                                                                                                                                                                                                                                                Content-Length: 427
                                                                                                                                                                                                                                                                                                                Connection: close
                                                                                                                                                                                                                                                                                                                Cache-Control: public, max-age=604800, immutable
                                                                                                                                                                                                                                                                                                                Last-Modified: Tue, 09 Apr 2024 00:26:02 GMT
                                                                                                                                                                                                                                                                                                                ETag: "0x8DC582BA310DA18"
                                                                                                                                                                                                                                                                                                                x-ms-request-id: 1cc301ca-e01e-0071-6f8c-1508e7000000
                                                                                                                                                                                                                                                                                                                x-ms-version: 2018-03-28
                                                                                                                                                                                                                                                                                                                x-azure-ref: 20241004T140102Z-15767c5fc55d6fcl6x6bw8cpdc0000000cfg00000000hemn
                                                                                                                                                                                                                                                                                                                x-fd-int-roxy-purgeid: 0
                                                                                                                                                                                                                                                                                                                X-Cache: TCP_HIT
                                                                                                                                                                                                                                                                                                                Accept-Ranges: bytes
                                                                                                                                                                                                                                                                                                                2024-10-04 14:01:02 UTC427INData Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 31 37 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 31 35 22 20 2f 3e 0d 0a 20 20 20 20 3c 53 52 20 54 3d 22 32 22 20 52 3d 22 28 5b 4d 6d 5d 5b 49 69 5d 5b 43 63 5d 5b 52 72 5d 5b 4f 6f 5d 5b 53 73 5d 5b 4f 6f 5d 5b 46 66 5d 5b 54 74 5d 29 22 3e 0d 0a 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 31 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 3c 2f 53 52 3e 0d 0a 20 20 3c 2f 53 3e 0d 0a 20 20 3c 43 20 54 3d 22 57 22 20
                                                                                                                                                                                                                                                                                                                Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120617" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120615" /> <SR T="2" R="([Mm][Ii][Cc][Rr][Oo][Ss][Oo][Ff][Tt])"> <S T="1" F="1" M="Ignore" /> </SR> </S> <C T="W"


                                                                                                                                                                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination Port
                                                                                                                                                                                                                                                                                                                82192.168.2.46308113.107.246.60443
                                                                                                                                                                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                2024-10-04 14:01:02 UTC192OUTGET /rules/rule120616v0s19.xml HTTP/1.1
                                                                                                                                                                                                                                                                                                                Connection: Keep-Alive
                                                                                                                                                                                                                                                                                                                Accept-Encoding: gzip
                                                                                                                                                                                                                                                                                                                User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
                                                                                                                                                                                                                                                                                                                Host: otelrules.azureedge.net
                                                                                                                                                                                                                                                                                                                2024-10-04 14:01:02 UTC470INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                Date: Fri, 04 Oct 2024 14:01:02 GMT
                                                                                                                                                                                                                                                                                                                Content-Type: text/xml
                                                                                                                                                                                                                                                                                                                Content-Length: 486
                                                                                                                                                                                                                                                                                                                Connection: close
                                                                                                                                                                                                                                                                                                                Cache-Control: public, max-age=604800, immutable
                                                                                                                                                                                                                                                                                                                Last-Modified: Tue, 09 Apr 2024 00:26:29 GMT
                                                                                                                                                                                                                                                                                                                ETag: "0x8DC582BB344914B"
                                                                                                                                                                                                                                                                                                                x-ms-request-id: 1cc301c6-e01e-0071-6b8c-1508e7000000
                                                                                                                                                                                                                                                                                                                x-ms-version: 2018-03-28
                                                                                                                                                                                                                                                                                                                x-azure-ref: 20241004T140102Z-15767c5fc55ncqdn59ub6rndq00000000c6000000000pphz
                                                                                                                                                                                                                                                                                                                x-fd-int-roxy-purgeid: 0
                                                                                                                                                                                                                                                                                                                X-Cache: TCP_HIT
                                                                                                                                                                                                                                                                                                                Accept-Ranges: bytes
                                                                                                                                                                                                                                                                                                                2024-10-04 14:01:02 UTC486INData Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 31 36 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 31 35 22 20 2f 3e 0d 0a 20 20 20 20 3c 54 48 20 54 3d 22 32 22 3e 0d 0a 20 20 20 20 20 20 3c 4f 20 54 3d 22 45 51 22 3e 0d 0a 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 55 20 54 3d 22 45 71 75 61 6c 73 4e 75 6c 6c 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 30 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 20 20
                                                                                                                                                                                                                                                                                                                Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120616" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120615" /> <TH T="2"> <O T="EQ"> <L> <U T="EqualsNull"> <S T="1" F="0" M="Ignore" />


                                                                                                                                                                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination Port
                                                                                                                                                                                                                                                                                                                83192.168.2.46308313.107.246.60443
                                                                                                                                                                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                2024-10-04 14:01:02 UTC192OUTGET /rules/rule120618v0s19.xml HTTP/1.1
                                                                                                                                                                                                                                                                                                                Connection: Keep-Alive
                                                                                                                                                                                                                                                                                                                Accept-Encoding: gzip
                                                                                                                                                                                                                                                                                                                User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
                                                                                                                                                                                                                                                                                                                Host: otelrules.azureedge.net
                                                                                                                                                                                                                                                                                                                2024-10-04 14:01:02 UTC470INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                Date: Fri, 04 Oct 2024 14:01:02 GMT
                                                                                                                                                                                                                                                                                                                Content-Type: text/xml
                                                                                                                                                                                                                                                                                                                Content-Length: 486
                                                                                                                                                                                                                                                                                                                Connection: close
                                                                                                                                                                                                                                                                                                                Cache-Control: public, max-age=604800, immutable
                                                                                                                                                                                                                                                                                                                Last-Modified: Tue, 09 Apr 2024 00:25:30 GMT
                                                                                                                                                                                                                                                                                                                ETag: "0x8DC582B9018290B"
                                                                                                                                                                                                                                                                                                                x-ms-request-id: e0871f45-901e-00a0-0d8c-156a6d000000
                                                                                                                                                                                                                                                                                                                x-ms-version: 2018-03-28
                                                                                                                                                                                                                                                                                                                x-azure-ref: 20241004T140102Z-15767c5fc55jdxmppy6cmd24bn00000004v000000000e6pn
                                                                                                                                                                                                                                                                                                                x-fd-int-roxy-purgeid: 0
                                                                                                                                                                                                                                                                                                                X-Cache: TCP_HIT
                                                                                                                                                                                                                                                                                                                Accept-Ranges: bytes
                                                                                                                                                                                                                                                                                                                2024-10-04 14:01:02 UTC486INData Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 31 38 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 31 37 22 20 2f 3e 0d 0a 20 20 20 20 3c 54 48 20 54 3d 22 32 22 3e 0d 0a 20 20 20 20 20 20 3c 4f 20 54 3d 22 45 51 22 3e 0d 0a 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 55 20 54 3d 22 45 71 75 61 6c 73 4e 75 6c 6c 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 30 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 20 20
                                                                                                                                                                                                                                                                                                                Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120618" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120617" /> <TH T="2"> <O T="EQ"> <L> <U T="EqualsNull"> <S T="1" F="0" M="Ignore" />


                                                                                                                                                                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination Port
                                                                                                                                                                                                                                                                                                                84192.168.2.46308413.107.246.60443
                                                                                                                                                                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                2024-10-04 14:01:02 UTC192OUTGET /rules/rule120619v0s19.xml HTTP/1.1
                                                                                                                                                                                                                                                                                                                Connection: Keep-Alive
                                                                                                                                                                                                                                                                                                                Accept-Encoding: gzip
                                                                                                                                                                                                                                                                                                                User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
                                                                                                                                                                                                                                                                                                                Host: otelrules.azureedge.net
                                                                                                                                                                                                                                                                                                                2024-10-04 14:01:02 UTC470INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                Date: Fri, 04 Oct 2024 14:01:02 GMT
                                                                                                                                                                                                                                                                                                                Content-Type: text/xml
                                                                                                                                                                                                                                                                                                                Content-Length: 407
                                                                                                                                                                                                                                                                                                                Connection: close
                                                                                                                                                                                                                                                                                                                Cache-Control: public, max-age=604800, immutable
                                                                                                                                                                                                                                                                                                                Last-Modified: Tue, 09 Apr 2024 00:25:41 GMT
                                                                                                                                                                                                                                                                                                                ETag: "0x8DC582B9698189B"
                                                                                                                                                                                                                                                                                                                x-ms-request-id: 023e3944-a01e-003d-708c-1598d7000000
                                                                                                                                                                                                                                                                                                                x-ms-version: 2018-03-28
                                                                                                                                                                                                                                                                                                                x-azure-ref: 20241004T140102Z-15767c5fc55qkvj6n60pxm9mbw00000001s000000000gxa1
                                                                                                                                                                                                                                                                                                                x-fd-int-roxy-purgeid: 0
                                                                                                                                                                                                                                                                                                                X-Cache: TCP_HIT
                                                                                                                                                                                                                                                                                                                Accept-Ranges: bytes
                                                                                                                                                                                                                                                                                                                2024-10-04 14:01:02 UTC407INData Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 31 39 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 31 37 22 20 2f 3e 0d 0a 20 20 20 20 3c 53 52 20 54 3d 22 32 22 20 52 3d 22 28 5b 41 61 5d 5b 43 63 5d 5b 45 65 5d 5b 52 72 5d 29 22 3e 0d 0a 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 31 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 3c 2f 53 52 3e 0d 0a 20 20 3c 2f 53 3e 0d 0a 20 20 3c 43 20 54 3d 22 57 22 20 49 3d 22 30 22 20 4f 3d 22 74 72 75 65 22 3e 0d 0a 20 20 20
                                                                                                                                                                                                                                                                                                                Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120619" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120617" /> <SR T="2" R="([Aa][Cc][Ee][Rr])"> <S T="1" F="1" M="Ignore" /> </SR> </S> <C T="W" I="0" O="true">


                                                                                                                                                                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination Port
                                                                                                                                                                                                                                                                                                                85192.168.2.46308513.107.246.60443
                                                                                                                                                                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                2024-10-04 14:01:03 UTC192OUTGET /rules/rule120620v0s19.xml HTTP/1.1
                                                                                                                                                                                                                                                                                                                Connection: Keep-Alive
                                                                                                                                                                                                                                                                                                                Accept-Encoding: gzip
                                                                                                                                                                                                                                                                                                                User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
                                                                                                                                                                                                                                                                                                                Host: otelrules.azureedge.net
                                                                                                                                                                                                                                                                                                                2024-10-04 14:01:03 UTC470INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                Date: Fri, 04 Oct 2024 14:01:03 GMT
                                                                                                                                                                                                                                                                                                                Content-Type: text/xml
                                                                                                                                                                                                                                                                                                                Content-Length: 469
                                                                                                                                                                                                                                                                                                                Connection: close
                                                                                                                                                                                                                                                                                                                Cache-Control: public, max-age=604800, immutable
                                                                                                                                                                                                                                                                                                                Last-Modified: Tue, 09 Apr 2024 00:26:41 GMT
                                                                                                                                                                                                                                                                                                                ETag: "0x8DC582BBA701121"
                                                                                                                                                                                                                                                                                                                x-ms-request-id: a68dfe67-f01e-0052-588c-159224000000
                                                                                                                                                                                                                                                                                                                x-ms-version: 2018-03-28
                                                                                                                                                                                                                                                                                                                x-azure-ref: 20241004T140103Z-15767c5fc55jdxmppy6cmd24bn00000004u000000000h72n
                                                                                                                                                                                                                                                                                                                x-fd-int-roxy-purgeid: 0
                                                                                                                                                                                                                                                                                                                X-Cache: TCP_HIT
                                                                                                                                                                                                                                                                                                                Accept-Ranges: bytes
                                                                                                                                                                                                                                                                                                                2024-10-04 14:01:03 UTC469INData Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 32 30 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 31 39 22 20 2f 3e 0d 0a 20 20 20 20 3c 54 48 20 54 3d 22 32 22 3e 0d 0a 20 20 20 20 20 20 3c 4f 20 54 3d 22 45 51 22 3e 0d 0a 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 55 20 54 3d 22 45 71 75 61 6c 73 4e 75 6c 6c 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 30 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 20 20
                                                                                                                                                                                                                                                                                                                Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120620" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120619" /> <TH T="2"> <O T="EQ"> <L> <U T="EqualsNull"> <S T="1" F="0" M="Ignore" />


                                                                                                                                                                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination Port
                                                                                                                                                                                                                                                                                                                86192.168.2.46308613.107.246.60443
                                                                                                                                                                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                2024-10-04 14:01:03 UTC192OUTGET /rules/rule120621v0s19.xml HTTP/1.1
                                                                                                                                                                                                                                                                                                                Connection: Keep-Alive
                                                                                                                                                                                                                                                                                                                Accept-Encoding: gzip
                                                                                                                                                                                                                                                                                                                User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
                                                                                                                                                                                                                                                                                                                Host: otelrules.azureedge.net
                                                                                                                                                                                                                                                                                                                2024-10-04 14:01:03 UTC470INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                Date: Fri, 04 Oct 2024 14:01:03 GMT
                                                                                                                                                                                                                                                                                                                Content-Type: text/xml
                                                                                                                                                                                                                                                                                                                Content-Length: 415
                                                                                                                                                                                                                                                                                                                Connection: close
                                                                                                                                                                                                                                                                                                                Cache-Control: public, max-age=604800, immutable
                                                                                                                                                                                                                                                                                                                Last-Modified: Tue, 09 Apr 2024 00:26:03 GMT
                                                                                                                                                                                                                                                                                                                ETag: "0x8DC582BA41997E3"
                                                                                                                                                                                                                                                                                                                x-ms-request-id: c54fb296-901e-008f-528c-1567a6000000
                                                                                                                                                                                                                                                                                                                x-ms-version: 2018-03-28
                                                                                                                                                                                                                                                                                                                x-azure-ref: 20241004T140103Z-15767c5fc55n4msds84xh4z67w000000069g00000000g7dm
                                                                                                                                                                                                                                                                                                                x-fd-int-roxy-purgeid: 0
                                                                                                                                                                                                                                                                                                                X-Cache: TCP_HIT
                                                                                                                                                                                                                                                                                                                Accept-Ranges: bytes
                                                                                                                                                                                                                                                                                                                2024-10-04 14:01:03 UTC415INData Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 32 31 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 31 39 22 20 2f 3e 0d 0a 20 20 20 20 3c 53 52 20 54 3d 22 32 22 20 52 3d 22 28 5b 56 76 5d 5b 4d 6d 5d 5b 57 77 5d 5b 41 61 5d 5b 52 72 5d 5b 45 65 5d 29 22 3e 0d 0a 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 31 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 3c 2f 53 52 3e 0d 0a 20 20 3c 2f 53 3e 0d 0a 20 20 3c 43 20 54 3d 22 57 22 20 49 3d 22 30 22 20 4f 3d 22 74 72 75
                                                                                                                                                                                                                                                                                                                Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120621" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120619" /> <SR T="2" R="([Vv][Mm][Ww][Aa][Rr][Ee])"> <S T="1" F="1" M="Ignore" /> </SR> </S> <C T="W" I="0" O="tru


                                                                                                                                                                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination Port
                                                                                                                                                                                                                                                                                                                87192.168.2.46308713.107.246.60443
                                                                                                                                                                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                2024-10-04 14:01:03 UTC192OUTGET /rules/rule120622v0s19.xml HTTP/1.1
                                                                                                                                                                                                                                                                                                                Connection: Keep-Alive
                                                                                                                                                                                                                                                                                                                Accept-Encoding: gzip
                                                                                                                                                                                                                                                                                                                User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
                                                                                                                                                                                                                                                                                                                Host: otelrules.azureedge.net
                                                                                                                                                                                                                                                                                                                2024-10-04 14:01:03 UTC470INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                Date: Fri, 04 Oct 2024 14:01:03 GMT
                                                                                                                                                                                                                                                                                                                Content-Type: text/xml
                                                                                                                                                                                                                                                                                                                Content-Length: 477
                                                                                                                                                                                                                                                                                                                Connection: close
                                                                                                                                                                                                                                                                                                                Cache-Control: public, max-age=604800, immutable
                                                                                                                                                                                                                                                                                                                Last-Modified: Tue, 09 Apr 2024 00:26:38 GMT
                                                                                                                                                                                                                                                                                                                ETag: "0x8DC582BB8CEAC16"
                                                                                                                                                                                                                                                                                                                x-ms-request-id: 24b39fc0-301e-0096-298c-15e71d000000
                                                                                                                                                                                                                                                                                                                x-ms-version: 2018-03-28
                                                                                                                                                                                                                                                                                                                x-azure-ref: 20241004T140103Z-15767c5fc55d6fcl6x6bw8cpdc0000000ceg00000000mpxr
                                                                                                                                                                                                                                                                                                                x-fd-int-roxy-purgeid: 0
                                                                                                                                                                                                                                                                                                                X-Cache: TCP_HIT
                                                                                                                                                                                                                                                                                                                Accept-Ranges: bytes
                                                                                                                                                                                                                                                                                                                2024-10-04 14:01:03 UTC477INData Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 32 32 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 32 31 22 20 2f 3e 0d 0a 20 20 20 20 3c 54 48 20 54 3d 22 32 22 3e 0d 0a 20 20 20 20 20 20 3c 4f 20 54 3d 22 45 51 22 3e 0d 0a 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 55 20 54 3d 22 45 71 75 61 6c 73 4e 75 6c 6c 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 30 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 20 20
                                                                                                                                                                                                                                                                                                                Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120622" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120621" /> <TH T="2"> <O T="EQ"> <L> <U T="EqualsNull"> <S T="1" F="0" M="Ignore" />


                                                                                                                                                                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination Port
                                                                                                                                                                                                                                                                                                                88192.168.2.46308813.107.246.60443
                                                                                                                                                                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                2024-10-04 14:01:03 UTC192OUTGET /rules/rule120623v0s19.xml HTTP/1.1
                                                                                                                                                                                                                                                                                                                Connection: Keep-Alive
                                                                                                                                                                                                                                                                                                                Accept-Encoding: gzip
                                                                                                                                                                                                                                                                                                                User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
                                                                                                                                                                                                                                                                                                                Host: otelrules.azureedge.net
                                                                                                                                                                                                                                                                                                                2024-10-04 14:01:03 UTC470INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                Date: Fri, 04 Oct 2024 14:01:03 GMT
                                                                                                                                                                                                                                                                                                                Content-Type: text/xml
                                                                                                                                                                                                                                                                                                                Content-Length: 464
                                                                                                                                                                                                                                                                                                                Connection: close
                                                                                                                                                                                                                                                                                                                Cache-Control: public, max-age=604800, immutable
                                                                                                                                                                                                                                                                                                                Last-Modified: Tue, 09 Apr 2024 00:25:43 GMT
                                                                                                                                                                                                                                                                                                                ETag: "0x8DC582B97FB6C3C"
                                                                                                                                                                                                                                                                                                                x-ms-request-id: dc68ccfc-201e-006e-438c-15bbe3000000
                                                                                                                                                                                                                                                                                                                x-ms-version: 2018-03-28
                                                                                                                                                                                                                                                                                                                x-azure-ref: 20241004T140103Z-15767c5fc55v7j95gq2uzq37a00000000cug00000000f08n
                                                                                                                                                                                                                                                                                                                x-fd-int-roxy-purgeid: 0
                                                                                                                                                                                                                                                                                                                X-Cache: TCP_HIT
                                                                                                                                                                                                                                                                                                                Accept-Ranges: bytes
                                                                                                                                                                                                                                                                                                                2024-10-04 14:01:03 UTC464INData Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 32 33 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 32 31 22 20 2f 3e 0d 0a 20 20 20 20 3c 53 52 20 54 3d 22 32 22 20 52 3d 22 28 5b 47 67 5d 5b 49 69 5d 5b 47 67 5d 5b 41 61 5d 5b 42 62 5d 5b 59 79 5d 5b 54 74 5d 5b 45 65 5d 20 5b 54 74 5d 5b 45 65 5d 5b 43 63 5d 5b 48 68 5d 5b 4e 6e 5d 5b 4f 6f 5d 5b 4c 6c 5d 5b 4f 6f 5d 5b 47 67 5d 5b 59 79 5d 29 22 3e 0d 0a 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 31 22 20 4d 3d 22 49 67 6e 6f 72
                                                                                                                                                                                                                                                                                                                Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120623" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120621" /> <SR T="2" R="([Gg][Ii][Gg][Aa][Bb][Yy][Tt][Ee] [Tt][Ee][Cc][Hh][Nn][Oo][Ll][Oo][Gg][Yy])"> <S T="1" F="1" M="Ignor


                                                                                                                                                                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination Port
                                                                                                                                                                                                                                                                                                                89192.168.2.46308913.107.246.60443
                                                                                                                                                                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                2024-10-04 14:01:03 UTC192OUTGET /rules/rule120624v0s19.xml HTTP/1.1
                                                                                                                                                                                                                                                                                                                Connection: Keep-Alive
                                                                                                                                                                                                                                                                                                                Accept-Encoding: gzip
                                                                                                                                                                                                                                                                                                                User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
                                                                                                                                                                                                                                                                                                                Host: otelrules.azureedge.net
                                                                                                                                                                                                                                                                                                                2024-10-04 14:01:03 UTC470INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                Date: Fri, 04 Oct 2024 14:01:03 GMT
                                                                                                                                                                                                                                                                                                                Content-Type: text/xml
                                                                                                                                                                                                                                                                                                                Content-Length: 494
                                                                                                                                                                                                                                                                                                                Connection: close
                                                                                                                                                                                                                                                                                                                Cache-Control: public, max-age=604800, immutable
                                                                                                                                                                                                                                                                                                                Last-Modified: Tue, 09 Apr 2024 00:26:35 GMT
                                                                                                                                                                                                                                                                                                                ETag: "0x8DC582BB7010D66"
                                                                                                                                                                                                                                                                                                                x-ms-request-id: 79ade187-001e-0065-788c-150b73000000
                                                                                                                                                                                                                                                                                                                x-ms-version: 2018-03-28
                                                                                                                                                                                                                                                                                                                x-azure-ref: 20241004T140103Z-15767c5fc55rv8zjq9dg0musxg0000000crg000000001h28
                                                                                                                                                                                                                                                                                                                x-fd-int-roxy-purgeid: 0
                                                                                                                                                                                                                                                                                                                X-Cache: TCP_HIT
                                                                                                                                                                                                                                                                                                                Accept-Ranges: bytes
                                                                                                                                                                                                                                                                                                                2024-10-04 14:01:03 UTC494INData Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 32 34 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 32 33 22 20 2f 3e 0d 0a 20 20 20 20 3c 54 48 20 54 3d 22 32 22 3e 0d 0a 20 20 20 20 20 20 3c 4f 20 54 3d 22 45 51 22 3e 0d 0a 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 55 20 54 3d 22 45 71 75 61 6c 73 4e 75 6c 6c 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 30 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 20 20
                                                                                                                                                                                                                                                                                                                Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120624" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120623" /> <TH T="2"> <O T="EQ"> <L> <U T="EqualsNull"> <S T="1" F="0" M="Ignore" />


                                                                                                                                                                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination Port
                                                                                                                                                                                                                                                                                                                90192.168.2.46309013.107.246.60443
                                                                                                                                                                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                2024-10-04 14:01:03 UTC192OUTGET /rules/rule120625v0s19.xml HTTP/1.1
                                                                                                                                                                                                                                                                                                                Connection: Keep-Alive
                                                                                                                                                                                                                                                                                                                Accept-Encoding: gzip
                                                                                                                                                                                                                                                                                                                User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
                                                                                                                                                                                                                                                                                                                Host: otelrules.azureedge.net
                                                                                                                                                                                                                                                                                                                2024-10-04 14:01:04 UTC470INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                Date: Fri, 04 Oct 2024 14:01:03 GMT
                                                                                                                                                                                                                                                                                                                Content-Type: text/xml
                                                                                                                                                                                                                                                                                                                Content-Length: 419
                                                                                                                                                                                                                                                                                                                Connection: close
                                                                                                                                                                                                                                                                                                                Cache-Control: public, max-age=604800, immutable
                                                                                                                                                                                                                                                                                                                Last-Modified: Tue, 09 Apr 2024 00:25:42 GMT
                                                                                                                                                                                                                                                                                                                ETag: "0x8DC582B9748630E"
                                                                                                                                                                                                                                                                                                                x-ms-request-id: 0da94923-701e-0097-168c-15b8c1000000
                                                                                                                                                                                                                                                                                                                x-ms-version: 2018-03-28
                                                                                                                                                                                                                                                                                                                x-azure-ref: 20241004T140103Z-15767c5fc55v7j95gq2uzq37a00000000ctg00000000k5zc
                                                                                                                                                                                                                                                                                                                x-fd-int-roxy-purgeid: 0
                                                                                                                                                                                                                                                                                                                X-Cache: TCP_HIT
                                                                                                                                                                                                                                                                                                                Accept-Ranges: bytes
                                                                                                                                                                                                                                                                                                                2024-10-04 14:01:04 UTC419INData Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 32 35 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 32 33 22 20 2f 3e 0d 0a 20 20 20 20 3c 53 52 20 54 3d 22 32 22 20 52 3d 22 28 5b 46 66 5d 5b 55 75 5d 5b 4a 6a 5d 5b 49 69 5d 5b 54 74 5d 5b 53 73 5d 5b 55 75 5d 29 22 3e 0d 0a 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 31 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 3c 2f 53 52 3e 0d 0a 20 20 3c 2f 53 3e 0d 0a 20 20 3c 43 20 54 3d 22 57 22 20 49 3d 22 30 22 20 4f 3d
                                                                                                                                                                                                                                                                                                                Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120625" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120623" /> <SR T="2" R="([Ff][Uu][Jj][Ii][Tt][Ss][Uu])"> <S T="1" F="1" M="Ignore" /> </SR> </S> <C T="W" I="0" O=


                                                                                                                                                                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination Port
                                                                                                                                                                                                                                                                                                                91192.168.2.46309113.107.246.60443
                                                                                                                                                                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                2024-10-04 14:01:03 UTC192OUTGET /rules/rule120626v0s19.xml HTTP/1.1
                                                                                                                                                                                                                                                                                                                Connection: Keep-Alive
                                                                                                                                                                                                                                                                                                                Accept-Encoding: gzip
                                                                                                                                                                                                                                                                                                                User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
                                                                                                                                                                                                                                                                                                                Host: otelrules.azureedge.net
                                                                                                                                                                                                                                                                                                                2024-10-04 14:01:04 UTC470INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                Date: Fri, 04 Oct 2024 14:01:04 GMT
                                                                                                                                                                                                                                                                                                                Content-Type: text/xml
                                                                                                                                                                                                                                                                                                                Content-Length: 472
                                                                                                                                                                                                                                                                                                                Connection: close
                                                                                                                                                                                                                                                                                                                Cache-Control: public, max-age=604800, immutable
                                                                                                                                                                                                                                                                                                                Last-Modified: Tue, 09 Apr 2024 00:25:53 GMT
                                                                                                                                                                                                                                                                                                                ETag: "0x8DC582B9DACDF62"
                                                                                                                                                                                                                                                                                                                x-ms-request-id: 8e9c869d-201e-000c-4b8c-1579c4000000
                                                                                                                                                                                                                                                                                                                x-ms-version: 2018-03-28
                                                                                                                                                                                                                                                                                                                x-azure-ref: 20241004T140104Z-15767c5fc55tsfp92w7yna557w0000000chg00000000pdhz
                                                                                                                                                                                                                                                                                                                x-fd-int-roxy-purgeid: 0
                                                                                                                                                                                                                                                                                                                X-Cache: TCP_HIT
                                                                                                                                                                                                                                                                                                                Accept-Ranges: bytes
                                                                                                                                                                                                                                                                                                                2024-10-04 14:01:04 UTC472INData Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 32 36 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 32 35 22 20 2f 3e 0d 0a 20 20 20 20 3c 54 48 20 54 3d 22 32 22 3e 0d 0a 20 20 20 20 20 20 3c 4f 20 54 3d 22 45 51 22 3e 0d 0a 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 55 20 54 3d 22 45 71 75 61 6c 73 4e 75 6c 6c 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 30 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 20 20
                                                                                                                                                                                                                                                                                                                Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120626" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120625" /> <TH T="2"> <O T="EQ"> <L> <U T="EqualsNull"> <S T="1" F="0" M="Ignore" />


                                                                                                                                                                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination Port
                                                                                                                                                                                                                                                                                                                92192.168.2.46309313.107.246.60443
                                                                                                                                                                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                2024-10-04 14:01:03 UTC192OUTGET /rules/rule120628v0s19.xml HTTP/1.1
                                                                                                                                                                                                                                                                                                                Connection: Keep-Alive
                                                                                                                                                                                                                                                                                                                Accept-Encoding: gzip
                                                                                                                                                                                                                                                                                                                User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
                                                                                                                                                                                                                                                                                                                Host: otelrules.azureedge.net
                                                                                                                                                                                                                                                                                                                2024-10-04 14:01:04 UTC470INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                Date: Fri, 04 Oct 2024 14:01:04 GMT
                                                                                                                                                                                                                                                                                                                Content-Type: text/xml
                                                                                                                                                                                                                                                                                                                Content-Length: 468
                                                                                                                                                                                                                                                                                                                Connection: close
                                                                                                                                                                                                                                                                                                                Cache-Control: public, max-age=604800, immutable
                                                                                                                                                                                                                                                                                                                Last-Modified: Tue, 09 Apr 2024 00:25:51 GMT
                                                                                                                                                                                                                                                                                                                ETag: "0x8DC582B9C8E04C8"
                                                                                                                                                                                                                                                                                                                x-ms-request-id: 09e6f7ee-001e-0034-548c-15dd04000000
                                                                                                                                                                                                                                                                                                                x-ms-version: 2018-03-28
                                                                                                                                                                                                                                                                                                                x-azure-ref: 20241004T140104Z-15767c5fc55sdcjq8ksxt4n9mc00000001zg000000008pte
                                                                                                                                                                                                                                                                                                                x-fd-int-roxy-purgeid: 0
                                                                                                                                                                                                                                                                                                                X-Cache: TCP_HIT
                                                                                                                                                                                                                                                                                                                Accept-Ranges: bytes
                                                                                                                                                                                                                                                                                                                2024-10-04 14:01:04 UTC468INData Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 32 38 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 32 37 22 20 2f 3e 0d 0a 20 20 20 20 3c 54 48 20 54 3d 22 32 22 3e 0d 0a 20 20 20 20 20 20 3c 4f 20 54 3d 22 45 51 22 3e 0d 0a 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 55 20 54 3d 22 45 71 75 61 6c 73 4e 75 6c 6c 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 30 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 20 20
                                                                                                                                                                                                                                                                                                                Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120628" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120627" /> <TH T="2"> <O T="EQ"> <L> <U T="EqualsNull"> <S T="1" F="0" M="Ignore" />


                                                                                                                                                                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination Port
                                                                                                                                                                                                                                                                                                                93192.168.2.46309413.107.246.60443
                                                                                                                                                                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                2024-10-04 14:01:04 UTC192OUTGET /rules/rule120629v0s19.xml HTTP/1.1
                                                                                                                                                                                                                                                                                                                Connection: Keep-Alive
                                                                                                                                                                                                                                                                                                                Accept-Encoding: gzip
                                                                                                                                                                                                                                                                                                                User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
                                                                                                                                                                                                                                                                                                                Host: otelrules.azureedge.net
                                                                                                                                                                                                                                                                                                                2024-10-04 14:01:04 UTC470INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                Date: Fri, 04 Oct 2024 14:01:04 GMT
                                                                                                                                                                                                                                                                                                                Content-Type: text/xml
                                                                                                                                                                                                                                                                                                                Content-Length: 428
                                                                                                                                                                                                                                                                                                                Connection: close
                                                                                                                                                                                                                                                                                                                Cache-Control: public, max-age=604800, immutable
                                                                                                                                                                                                                                                                                                                Last-Modified: Tue, 09 Apr 2024 00:26:17 GMT
                                                                                                                                                                                                                                                                                                                ETag: "0x8DC582BAC4F34CA"
                                                                                                                                                                                                                                                                                                                x-ms-request-id: 82f8b22c-c01e-0014-5a8c-15a6a3000000
                                                                                                                                                                                                                                                                                                                x-ms-version: 2018-03-28
                                                                                                                                                                                                                                                                                                                x-azure-ref: 20241004T140104Z-15767c5fc554l9xf959gp9cb1s00000006ug0000000099db
                                                                                                                                                                                                                                                                                                                x-fd-int-roxy-purgeid: 0
                                                                                                                                                                                                                                                                                                                X-Cache: TCP_HIT
                                                                                                                                                                                                                                                                                                                Accept-Ranges: bytes
                                                                                                                                                                                                                                                                                                                2024-10-04 14:01:04 UTC428INData Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 32 39 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 32 37 22 20 2f 3e 0d 0a 20 20 20 20 3c 53 52 20 54 3d 22 32 22 20 52 3d 22 28 5b 4d 6d 5d 5b 49 69 5d 5b 43 63 5d 5b 52 72 5d 5b 4f 6f 5d 2d 5b 53 73 5d 5b 54 74 5d 5b 41 61 5d 5b 52 72 5d 29 22 3e 0d 0a 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 31 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 3c 2f 53 52 3e 0d 0a 20 20 3c 2f 53 3e 0d 0a 20 20 3c 43 20 54 3d 22 57 22
                                                                                                                                                                                                                                                                                                                Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120629" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120627" /> <SR T="2" R="([Mm][Ii][Cc][Rr][Oo]-[Ss][Tt][Aa][Rr])"> <S T="1" F="1" M="Ignore" /> </SR> </S> <C T="W"


                                                                                                                                                                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination Port
                                                                                                                                                                                                                                                                                                                94192.168.2.46309213.107.246.60443
                                                                                                                                                                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                2024-10-04 14:01:04 UTC192OUTGET /rules/rule120627v0s19.xml HTTP/1.1
                                                                                                                                                                                                                                                                                                                Connection: Keep-Alive
                                                                                                                                                                                                                                                                                                                Accept-Encoding: gzip
                                                                                                                                                                                                                                                                                                                User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
                                                                                                                                                                                                                                                                                                                Host: otelrules.azureedge.net
                                                                                                                                                                                                                                                                                                                2024-10-04 14:01:04 UTC470INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                Date: Fri, 04 Oct 2024 14:01:04 GMT
                                                                                                                                                                                                                                                                                                                Content-Type: text/xml
                                                                                                                                                                                                                                                                                                                Content-Length: 404
                                                                                                                                                                                                                                                                                                                Connection: close
                                                                                                                                                                                                                                                                                                                Cache-Control: public, max-age=604800, immutable
                                                                                                                                                                                                                                                                                                                Last-Modified: Tue, 09 Apr 2024 00:25:54 GMT
                                                                                                                                                                                                                                                                                                                ETag: "0x8DC582B9E8EE0F3"
                                                                                                                                                                                                                                                                                                                x-ms-request-id: 4f10c824-e01e-0085-1c8c-15c311000000
                                                                                                                                                                                                                                                                                                                x-ms-version: 2018-03-28
                                                                                                                                                                                                                                                                                                                x-azure-ref: 20241004T140104Z-15767c5fc55jdxmppy6cmd24bn00000004x00000000083hn
                                                                                                                                                                                                                                                                                                                x-fd-int-roxy-purgeid: 0
                                                                                                                                                                                                                                                                                                                X-Cache: TCP_HIT
                                                                                                                                                                                                                                                                                                                Accept-Ranges: bytes
                                                                                                                                                                                                                                                                                                                2024-10-04 14:01:04 UTC404INData Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 32 37 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 32 35 22 20 2f 3e 0d 0a 20 20 20 20 3c 53 52 20 54 3d 22 32 22 20 52 3d 22 5e 28 5b 4e 6e 5d 5b 45 65 5d 5b 43 63 5d 29 22 3e 0d 0a 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 31 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 3c 2f 53 52 3e 0d 0a 20 20 3c 2f 53 3e 0d 0a 20 20 3c 43 20 54 3d 22 57 22 20 49 3d 22 30 22 20 4f 3d 22 74 72 75 65 22 3e 0d 0a 20 20 20 20 3c 53
                                                                                                                                                                                                                                                                                                                Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120627" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120625" /> <SR T="2" R="^([Nn][Ee][Cc])"> <S T="1" F="1" M="Ignore" /> </SR> </S> <C T="W" I="0" O="true"> <S


                                                                                                                                                                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination Port
                                                                                                                                                                                                                                                                                                                95192.168.2.46309513.107.246.60443
                                                                                                                                                                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                2024-10-04 14:01:04 UTC192OUTGET /rules/rule120631v0s19.xml HTTP/1.1
                                                                                                                                                                                                                                                                                                                Connection: Keep-Alive
                                                                                                                                                                                                                                                                                                                Accept-Encoding: gzip
                                                                                                                                                                                                                                                                                                                User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
                                                                                                                                                                                                                                                                                                                Host: otelrules.azureedge.net
                                                                                                                                                                                                                                                                                                                2024-10-04 14:01:04 UTC470INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                Date: Fri, 04 Oct 2024 14:01:04 GMT
                                                                                                                                                                                                                                                                                                                Content-Type: text/xml
                                                                                                                                                                                                                                                                                                                Content-Length: 415
                                                                                                                                                                                                                                                                                                                Connection: close
                                                                                                                                                                                                                                                                                                                Cache-Control: public, max-age=604800, immutable
                                                                                                                                                                                                                                                                                                                Last-Modified: Tue, 09 Apr 2024 00:25:44 GMT
                                                                                                                                                                                                                                                                                                                ETag: "0x8DC582B988EBD12"
                                                                                                                                                                                                                                                                                                                x-ms-request-id: 6a901ce3-301e-005d-708c-15e448000000
                                                                                                                                                                                                                                                                                                                x-ms-version: 2018-03-28
                                                                                                                                                                                                                                                                                                                x-azure-ref: 20241004T140104Z-15767c5fc55rg5b7sh1vuv8t7n0000000d00000000008r3q
                                                                                                                                                                                                                                                                                                                x-fd-int-roxy-purgeid: 0
                                                                                                                                                                                                                                                                                                                X-Cache: TCP_HIT
                                                                                                                                                                                                                                                                                                                Accept-Ranges: bytes
                                                                                                                                                                                                                                                                                                                2024-10-04 14:01:04 UTC415INData Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 33 31 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 32 39 22 20 2f 3e 0d 0a 20 20 20 20 3c 53 52 20 54 3d 22 32 22 20 52 3d 22 28 5b 48 68 5d 5b 55 75 5d 5b 41 61 5d 5b 57 77 5d 5b 45 65 5d 5b 49 69 5d 29 22 3e 0d 0a 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 31 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 3c 2f 53 52 3e 0d 0a 20 20 3c 2f 53 3e 0d 0a 20 20 3c 43 20 54 3d 22 57 22 20 49 3d 22 30 22 20 4f 3d 22 74 72 75
                                                                                                                                                                                                                                                                                                                Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120631" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120629" /> <SR T="2" R="([Hh][Uu][Aa][Ww][Ee][Ii])"> <S T="1" F="1" M="Ignore" /> </SR> </S> <C T="W" I="0" O="tru


                                                                                                                                                                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination Port
                                                                                                                                                                                                                                                                                                                96192.168.2.46309613.107.246.60443
                                                                                                                                                                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                2024-10-04 14:01:04 UTC192OUTGET /rules/rule120630v0s19.xml HTTP/1.1
                                                                                                                                                                                                                                                                                                                Connection: Keep-Alive
                                                                                                                                                                                                                                                                                                                Accept-Encoding: gzip
                                                                                                                                                                                                                                                                                                                User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
                                                                                                                                                                                                                                                                                                                Host: otelrules.azureedge.net
                                                                                                                                                                                                                                                                                                                2024-10-04 14:01:04 UTC470INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                Date: Fri, 04 Oct 2024 14:01:04 GMT
                                                                                                                                                                                                                                                                                                                Content-Type: text/xml
                                                                                                                                                                                                                                                                                                                Content-Length: 499
                                                                                                                                                                                                                                                                                                                Connection: close
                                                                                                                                                                                                                                                                                                                Cache-Control: public, max-age=604800, immutable
                                                                                                                                                                                                                                                                                                                Last-Modified: Tue, 09 Apr 2024 00:25:45 GMT
                                                                                                                                                                                                                                                                                                                ETag: "0x8DC582B98CEC9F6"
                                                                                                                                                                                                                                                                                                                x-ms-request-id: 30fd46b0-d01e-00a1-368c-1535b1000000
                                                                                                                                                                                                                                                                                                                x-ms-version: 2018-03-28
                                                                                                                                                                                                                                                                                                                x-azure-ref: 20241004T140104Z-15767c5fc55w69c2zvnrz0gmgw0000000cug00000000gk6x
                                                                                                                                                                                                                                                                                                                x-fd-int-roxy-purgeid: 0
                                                                                                                                                                                                                                                                                                                X-Cache: TCP_HIT
                                                                                                                                                                                                                                                                                                                Accept-Ranges: bytes
                                                                                                                                                                                                                                                                                                                2024-10-04 14:01:04 UTC499INData Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 33 30 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 32 39 22 20 2f 3e 0d 0a 20 20 20 20 3c 54 48 20 54 3d 22 32 22 3e 0d 0a 20 20 20 20 20 20 3c 4f 20 54 3d 22 45 51 22 3e 0d 0a 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 55 20 54 3d 22 45 71 75 61 6c 73 4e 75 6c 6c 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 30 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 20 20
                                                                                                                                                                                                                                                                                                                Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120630" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120629" /> <TH T="2"> <O T="EQ"> <L> <U T="EqualsNull"> <S T="1" F="0" M="Ignore" />


                                                                                                                                                                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                                97192.168.2.46309945.32.1.234437872C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                2024-10-04 14:01:04 UTC924OUTPOST /api/api.php HTTP/1.1
                                                                                                                                                                                                                                                                                                                Host: pcapp.store
                                                                                                                                                                                                                                                                                                                Connection: keep-alive
                                                                                                                                                                                                                                                                                                                Content-Length: 96
                                                                                                                                                                                                                                                                                                                sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"
                                                                                                                                                                                                                                                                                                                sec-ch-ua-platform: "Windows"
                                                                                                                                                                                                                                                                                                                sec-ch-ua-mobile: ?0
                                                                                                                                                                                                                                                                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36
                                                                                                                                                                                                                                                                                                                Content-Type: application/json;charset=UTF-8
                                                                                                                                                                                                                                                                                                                Accept: */*
                                                                                                                                                                                                                                                                                                                Origin: https://pcapp.store
                                                                                                                                                                                                                                                                                                                Sec-Fetch-Site: same-origin
                                                                                                                                                                                                                                                                                                                Sec-Fetch-Mode: cors
                                                                                                                                                                                                                                                                                                                Sec-Fetch-Dest: empty
                                                                                                                                                                                                                                                                                                                Referer: https://pcapp.store/?p=lpd_installing_r2&guid=71434D56-1548-ED3D-AEE6-C75AECD93BF0&_fcid=1728048003008516&_winver=19045&version=fa.1091x
                                                                                                                                                                                                                                                                                                                Accept-Encoding: gzip, deflate, br
                                                                                                                                                                                                                                                                                                                Accept-Language: en-US,en;q=0.9
                                                                                                                                                                                                                                                                                                                Cookie: _fcid=1728048003008516; _gcl_au=1.1.1413056622.1728050423; _ga=GA1.1.1613511744.1728050423; guid=71434D56-1548-ED3D-AEE6-C75AECD93BF0; _ga_VFQWFX3X1C=GS1.1.1728050423.1.0.1728050423.60.0.0
                                                                                                                                                                                                                                                                                                                2024-10-04 14:01:04 UTC96OUTData Raw: 7b 22 63 22 3a 22 66 72 6f 6e 74 2f 69 6e 73 74 61 6c 6c 69 6e 67 22 2c 22 61 22 3a 22 69 6e 73 74 61 6c 6c 53 74 61 74 75 73 22 2c 22 70 22 3a 7b 22 67 75 69 64 22 3a 22 37 31 34 33 34 44 35 36 2d 31 35 34 38 2d 45 44 33 44 2d 41 45 45 36 2d 43 37 35 41 45 43 44 39 33 42 46 30 22 7d 7d
                                                                                                                                                                                                                                                                                                                Data Ascii: {"c":"front/installing","a":"installStatus","p":{"guid":"71434D56-1548-ED3D-AEE6-C75AECD93BF0"}}
                                                                                                                                                                                                                                                                                                                2024-10-04 14:01:04 UTC551INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                Server: nginx
                                                                                                                                                                                                                                                                                                                Date: Fri, 04 Oct 2024 14:01:04 GMT
                                                                                                                                                                                                                                                                                                                Content-Type: application/json
                                                                                                                                                                                                                                                                                                                Transfer-Encoding: chunked
                                                                                                                                                                                                                                                                                                                Connection: close
                                                                                                                                                                                                                                                                                                                Vary: Accept-Encoding
                                                                                                                                                                                                                                                                                                                Vary: Accept-Encoding
                                                                                                                                                                                                                                                                                                                Access-Control-Allow-Origin: https://pcapp.store
                                                                                                                                                                                                                                                                                                                Access-Control-Allow-Credentials: true
                                                                                                                                                                                                                                                                                                                Access-Control-Allow-Methods: GET, POST, OPTIONS
                                                                                                                                                                                                                                                                                                                Access-Control-Allow-Headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
                                                                                                                                                                                                                                                                                                                Cache-Control: no-store, no-cache, must-revalidate, proxy-revalidate, max-age=0
                                                                                                                                                                                                                                                                                                                2024-10-04 14:01:04 UTC44INData Raw: 32 31 0d 0a 7b 22 73 74 61 74 65 22 3a 22 6f 6b 22 2c 22 72 65 73 75 6c 74 22 3a 22 6e 6f 20 69 6e 66 6f 22 7d 0d 0a 30 0d 0a 0d 0a
                                                                                                                                                                                                                                                                                                                Data Ascii: 21{"state":"ok","result":"no info"}0


                                                                                                                                                                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination Port
                                                                                                                                                                                                                                                                                                                98192.168.2.46309713.107.246.60443
                                                                                                                                                                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                2024-10-04 14:01:04 UTC192OUTGET /rules/rule120632v0s19.xml HTTP/1.1
                                                                                                                                                                                                                                                                                                                Connection: Keep-Alive
                                                                                                                                                                                                                                                                                                                Accept-Encoding: gzip
                                                                                                                                                                                                                                                                                                                User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
                                                                                                                                                                                                                                                                                                                Host: otelrules.azureedge.net
                                                                                                                                                                                                                                                                                                                2024-10-04 14:01:04 UTC470INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                Date: Fri, 04 Oct 2024 14:01:04 GMT
                                                                                                                                                                                                                                                                                                                Content-Type: text/xml
                                                                                                                                                                                                                                                                                                                Content-Length: 471
                                                                                                                                                                                                                                                                                                                Connection: close
                                                                                                                                                                                                                                                                                                                Cache-Control: public, max-age=604800, immutable
                                                                                                                                                                                                                                                                                                                Last-Modified: Tue, 09 Apr 2024 00:26:33 GMT
                                                                                                                                                                                                                                                                                                                ETag: "0x8DC582BB5815C4C"
                                                                                                                                                                                                                                                                                                                x-ms-request-id: 75493038-e01e-00aa-508c-15ceda000000
                                                                                                                                                                                                                                                                                                                x-ms-version: 2018-03-28
                                                                                                                                                                                                                                                                                                                x-azure-ref: 20241004T140104Z-15767c5fc55v7j95gq2uzq37a00000000cr000000000qyzk
                                                                                                                                                                                                                                                                                                                x-fd-int-roxy-purgeid: 0
                                                                                                                                                                                                                                                                                                                X-Cache: TCP_HIT
                                                                                                                                                                                                                                                                                                                Accept-Ranges: bytes
                                                                                                                                                                                                                                                                                                                2024-10-04 14:01:04 UTC471INData Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 33 32 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 33 31 22 20 2f 3e 0d 0a 20 20 20 20 3c 54 48 20 54 3d 22 32 22 3e 0d 0a 20 20 20 20 20 20 3c 4f 20 54 3d 22 45 51 22 3e 0d 0a 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 55 20 54 3d 22 45 71 75 61 6c 73 4e 75 6c 6c 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 30 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 20 20
                                                                                                                                                                                                                                                                                                                Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120632" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120631" /> <TH T="2"> <O T="EQ"> <L> <U T="EqualsNull"> <S T="1" F="0" M="Ignore" />


                                                                                                                                                                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination Port
                                                                                                                                                                                                                                                                                                                99192.168.2.46309813.107.246.60443
                                                                                                                                                                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                2024-10-04 14:01:04 UTC192OUTGET /rules/rule120633v0s19.xml HTTP/1.1
                                                                                                                                                                                                                                                                                                                Connection: Keep-Alive
                                                                                                                                                                                                                                                                                                                Accept-Encoding: gzip
                                                                                                                                                                                                                                                                                                                User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
                                                                                                                                                                                                                                                                                                                Host: otelrules.azureedge.net
                                                                                                                                                                                                                                                                                                                2024-10-04 14:01:04 UTC470INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                Date: Fri, 04 Oct 2024 14:01:04 GMT
                                                                                                                                                                                                                                                                                                                Content-Type: text/xml
                                                                                                                                                                                                                                                                                                                Content-Length: 419
                                                                                                                                                                                                                                                                                                                Connection: close
                                                                                                                                                                                                                                                                                                                Cache-Control: public, max-age=604800, immutable
                                                                                                                                                                                                                                                                                                                Last-Modified: Tue, 09 Apr 2024 00:26:29 GMT
                                                                                                                                                                                                                                                                                                                ETag: "0x8DC582BB32BB5CB"
                                                                                                                                                                                                                                                                                                                x-ms-request-id: 6a54f784-b01e-0097-0be7-154f33000000
                                                                                                                                                                                                                                                                                                                x-ms-version: 2018-03-28
                                                                                                                                                                                                                                                                                                                x-azure-ref: 20241004T140104Z-15767c5fc55gq5fmm10nm5qqr80000000cq000000000gzwt
                                                                                                                                                                                                                                                                                                                x-fd-int-roxy-purgeid: 0
                                                                                                                                                                                                                                                                                                                X-Cache: TCP_HIT
                                                                                                                                                                                                                                                                                                                Accept-Ranges: bytes
                                                                                                                                                                                                                                                                                                                2024-10-04 14:01:04 UTC419INData Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 33 33 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 33 31 22 20 2f 3e 0d 0a 20 20 20 20 3c 53 52 20 54 3d 22 32 22 20 52 3d 22 28 5b 53 73 5d 5b 41 61 5d 5b 4d 6d 5d 5b 53 73 5d 5b 55 75 5d 5b 4e 6e 5d 5b 47 67 5d 29 22 3e 0d 0a 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 31 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 3c 2f 53 52 3e 0d 0a 20 20 3c 2f 53 3e 0d 0a 20 20 3c 43 20 54 3d 22 57 22 20 49 3d 22 30 22 20 4f 3d
                                                                                                                                                                                                                                                                                                                Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120633" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120631" /> <SR T="2" R="([Ss][Aa][Mm][Ss][Uu][Nn][Gg])"> <S T="1" F="1" M="Ignore" /> </SR> </S> <C T="W" I="0" O=


                                                                                                                                                                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination Port
                                                                                                                                                                                                                                                                                                                100192.168.2.46310013.107.246.60443
                                                                                                                                                                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                2024-10-04 14:01:05 UTC192OUTGET /rules/rule120634v0s19.xml HTTP/1.1
                                                                                                                                                                                                                                                                                                                Connection: Keep-Alive
                                                                                                                                                                                                                                                                                                                Accept-Encoding: gzip
                                                                                                                                                                                                                                                                                                                User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
                                                                                                                                                                                                                                                                                                                Host: otelrules.azureedge.net
                                                                                                                                                                                                                                                                                                                2024-10-04 14:01:05 UTC470INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                Date: Fri, 04 Oct 2024 14:01:05 GMT
                                                                                                                                                                                                                                                                                                                Content-Type: text/xml
                                                                                                                                                                                                                                                                                                                Content-Length: 494
                                                                                                                                                                                                                                                                                                                Connection: close
                                                                                                                                                                                                                                                                                                                Cache-Control: public, max-age=604800, immutable
                                                                                                                                                                                                                                                                                                                Last-Modified: Tue, 09 Apr 2024 00:26:38 GMT
                                                                                                                                                                                                                                                                                                                ETag: "0x8DC582BB8972972"
                                                                                                                                                                                                                                                                                                                x-ms-request-id: 831ef799-b01e-0098-7b8c-15cead000000
                                                                                                                                                                                                                                                                                                                x-ms-version: 2018-03-28
                                                                                                                                                                                                                                                                                                                x-azure-ref: 20241004T140105Z-15767c5fc55rg5b7sh1vuv8t7n0000000d20000000000g62
                                                                                                                                                                                                                                                                                                                x-fd-int-roxy-purgeid: 0
                                                                                                                                                                                                                                                                                                                X-Cache: TCP_HIT
                                                                                                                                                                                                                                                                                                                Accept-Ranges: bytes
                                                                                                                                                                                                                                                                                                                2024-10-04 14:01:05 UTC494INData Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 33 34 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 33 33 22 20 2f 3e 0d 0a 20 20 20 20 3c 54 48 20 54 3d 22 32 22 3e 0d 0a 20 20 20 20 20 20 3c 4f 20 54 3d 22 45 51 22 3e 0d 0a 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 55 20 54 3d 22 45 71 75 61 6c 73 4e 75 6c 6c 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 30 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 20 20
                                                                                                                                                                                                                                                                                                                Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120634" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120633" /> <TH T="2"> <O T="EQ"> <L> <U T="EqualsNull"> <S T="1" F="0" M="Ignore" />


                                                                                                                                                                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                                101192.168.2.46310445.32.1.234437872C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                2024-10-04 14:01:05 UTC544OUTGET /api/api.php HTTP/1.1
                                                                                                                                                                                                                                                                                                                Host: pcapp.store
                                                                                                                                                                                                                                                                                                                Connection: keep-alive
                                                                                                                                                                                                                                                                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36
                                                                                                                                                                                                                                                                                                                Accept: */*
                                                                                                                                                                                                                                                                                                                Sec-Fetch-Site: none
                                                                                                                                                                                                                                                                                                                Sec-Fetch-Mode: cors
                                                                                                                                                                                                                                                                                                                Sec-Fetch-Dest: empty
                                                                                                                                                                                                                                                                                                                Accept-Encoding: gzip, deflate, br
                                                                                                                                                                                                                                                                                                                Accept-Language: en-US,en;q=0.9
                                                                                                                                                                                                                                                                                                                Cookie: _fcid=1728048003008516; _gcl_au=1.1.1413056622.1728050423; _ga=GA1.1.1613511744.1728050423; guid=71434D56-1548-ED3D-AEE6-C75AECD93BF0; _ga_VFQWFX3X1C=GS1.1.1728050423.1.0.1728050423.60.0.0
                                                                                                                                                                                                                                                                                                                2024-10-04 14:01:05 UTC211INHTTP/1.1 404 Not Found
                                                                                                                                                                                                                                                                                                                Server: nginx
                                                                                                                                                                                                                                                                                                                Date: Fri, 04 Oct 2024 14:01:05 GMT
                                                                                                                                                                                                                                                                                                                Content-Type: text/html; charset=UTF-8
                                                                                                                                                                                                                                                                                                                Transfer-Encoding: chunked
                                                                                                                                                                                                                                                                                                                Connection: close
                                                                                                                                                                                                                                                                                                                Vary: Accept-Encoding
                                                                                                                                                                                                                                                                                                                Vary: Accept-Encoding
                                                                                                                                                                                                                                                                                                                2024-10-04 14:01:05 UTC5INData Raw: 30 0d 0a 0d 0a
                                                                                                                                                                                                                                                                                                                Data Ascii: 0


                                                                                                                                                                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination Port
                                                                                                                                                                                                                                                                                                                102192.168.2.46310113.107.246.60443
                                                                                                                                                                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                2024-10-04 14:01:05 UTC192OUTGET /rules/rule120636v0s19.xml HTTP/1.1
                                                                                                                                                                                                                                                                                                                Connection: Keep-Alive
                                                                                                                                                                                                                                                                                                                Accept-Encoding: gzip
                                                                                                                                                                                                                                                                                                                User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
                                                                                                                                                                                                                                                                                                                Host: otelrules.azureedge.net
                                                                                                                                                                                                                                                                                                                2024-10-04 14:01:05 UTC470INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                Date: Fri, 04 Oct 2024 14:01:05 GMT
                                                                                                                                                                                                                                                                                                                Content-Type: text/xml
                                                                                                                                                                                                                                                                                                                Content-Length: 472
                                                                                                                                                                                                                                                                                                                Connection: close
                                                                                                                                                                                                                                                                                                                Cache-Control: public, max-age=604800, immutable
                                                                                                                                                                                                                                                                                                                Last-Modified: Tue, 09 Apr 2024 00:25:52 GMT
                                                                                                                                                                                                                                                                                                                ETag: "0x8DC582B9D43097E"
                                                                                                                                                                                                                                                                                                                x-ms-request-id: 4b0a3852-c01e-00ad-3b8c-15a2b9000000
                                                                                                                                                                                                                                                                                                                x-ms-version: 2018-03-28
                                                                                                                                                                                                                                                                                                                x-azure-ref: 20241004T140105Z-15767c5fc55tsfp92w7yna557w0000000ck000000000p2sf
                                                                                                                                                                                                                                                                                                                x-fd-int-roxy-purgeid: 0
                                                                                                                                                                                                                                                                                                                X-Cache: TCP_HIT
                                                                                                                                                                                                                                                                                                                Accept-Ranges: bytes
                                                                                                                                                                                                                                                                                                                2024-10-04 14:01:05 UTC472INData Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 33 36 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 33 35 22 20 2f 3e 0d 0a 20 20 20 20 3c 54 48 20 54 3d 22 32 22 3e 0d 0a 20 20 20 20 20 20 3c 4f 20 54 3d 22 45 51 22 3e 0d 0a 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 55 20 54 3d 22 45 71 75 61 6c 73 4e 75 6c 6c 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 30 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 20 20
                                                                                                                                                                                                                                                                                                                Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120636" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120635" /> <TH T="2"> <O T="EQ"> <L> <U T="EqualsNull"> <S T="1" F="0" M="Ignore" />


                                                                                                                                                                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination Port
                                                                                                                                                                                                                                                                                                                103192.168.2.46310213.107.246.60443
                                                                                                                                                                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                2024-10-04 14:01:05 UTC192OUTGET /rules/rule120635v0s19.xml HTTP/1.1
                                                                                                                                                                                                                                                                                                                Connection: Keep-Alive
                                                                                                                                                                                                                                                                                                                Accept-Encoding: gzip
                                                                                                                                                                                                                                                                                                                User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
                                                                                                                                                                                                                                                                                                                Host: otelrules.azureedge.net
                                                                                                                                                                                                                                                                                                                2024-10-04 14:01:05 UTC470INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                Date: Fri, 04 Oct 2024 14:01:05 GMT
                                                                                                                                                                                                                                                                                                                Content-Type: text/xml
                                                                                                                                                                                                                                                                                                                Content-Length: 420
                                                                                                                                                                                                                                                                                                                Connection: close
                                                                                                                                                                                                                                                                                                                Cache-Control: public, max-age=604800, immutable
                                                                                                                                                                                                                                                                                                                Last-Modified: Tue, 09 Apr 2024 00:25:53 GMT
                                                                                                                                                                                                                                                                                                                ETag: "0x8DC582B9DAE3EC0"
                                                                                                                                                                                                                                                                                                                x-ms-request-id: a7623418-001e-00a2-348c-15d4d5000000
                                                                                                                                                                                                                                                                                                                x-ms-version: 2018-03-28
                                                                                                                                                                                                                                                                                                                x-azure-ref: 20241004T140105Z-15767c5fc55xsgnlxyxy40f4m00000000ce000000000nq25
                                                                                                                                                                                                                                                                                                                x-fd-int-roxy-purgeid: 0
                                                                                                                                                                                                                                                                                                                X-Cache: TCP_HIT
                                                                                                                                                                                                                                                                                                                Accept-Ranges: bytes
                                                                                                                                                                                                                                                                                                                2024-10-04 14:01:05 UTC420INData Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 33 35 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 33 33 22 20 2f 3e 0d 0a 20 20 20 20 3c 53 52 20 54 3d 22 32 22 20 52 3d 22 5e 28 5b 54 74 5d 5b 4f 6f 5d 5b 53 73 5d 5b 48 68 5d 5b 49 69 5d 5b 42 62 5d 5b 41 61 5d 29 22 3e 0d 0a 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 31 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 3c 2f 53 52 3e 0d 0a 20 20 3c 2f 53 3e 0d 0a 20 20 3c 43 20 54 3d 22 57 22 20 49 3d 22 30 22 20 4f
                                                                                                                                                                                                                                                                                                                Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120635" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120633" /> <SR T="2" R="^([Tt][Oo][Ss][Hh][Ii][Bb][Aa])"> <S T="1" F="1" M="Ignore" /> </SR> </S> <C T="W" I="0" O


                                                                                                                                                                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination Port
                                                                                                                                                                                                                                                                                                                104192.168.2.46310313.107.246.60443
                                                                                                                                                                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                2024-10-04 14:01:05 UTC192OUTGET /rules/rule120637v0s19.xml HTTP/1.1
                                                                                                                                                                                                                                                                                                                Connection: Keep-Alive
                                                                                                                                                                                                                                                                                                                Accept-Encoding: gzip
                                                                                                                                                                                                                                                                                                                User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
                                                                                                                                                                                                                                                                                                                Host: otelrules.azureedge.net
                                                                                                                                                                                                                                                                                                                2024-10-04 14:01:05 UTC470INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                Date: Fri, 04 Oct 2024 14:01:05 GMT
                                                                                                                                                                                                                                                                                                                Content-Type: text/xml
                                                                                                                                                                                                                                                                                                                Content-Length: 427
                                                                                                                                                                                                                                                                                                                Connection: close
                                                                                                                                                                                                                                                                                                                Cache-Control: public, max-age=604800, immutable
                                                                                                                                                                                                                                                                                                                Last-Modified: Tue, 09 Apr 2024 00:26:12 GMT
                                                                                                                                                                                                                                                                                                                ETag: "0x8DC582BA909FA21"
                                                                                                                                                                                                                                                                                                                x-ms-request-id: eccf174e-001e-0079-238c-1512e8000000
                                                                                                                                                                                                                                                                                                                x-ms-version: 2018-03-28
                                                                                                                                                                                                                                                                                                                x-azure-ref: 20241004T140105Z-15767c5fc55rv8zjq9dg0musxg0000000cqg000000005ab9
                                                                                                                                                                                                                                                                                                                x-fd-int-roxy-purgeid: 0
                                                                                                                                                                                                                                                                                                                X-Cache: TCP_HIT
                                                                                                                                                                                                                                                                                                                Accept-Ranges: bytes
                                                                                                                                                                                                                                                                                                                2024-10-04 14:01:05 UTC427INData Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 33 37 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 33 35 22 20 2f 3e 0d 0a 20 20 20 20 3c 53 52 20 54 3d 22 32 22 20 52 3d 22 28 5b 50 70 5d 5b 41 61 5d 5b 4e 6e 5d 5b 41 61 5d 5b 53 73 5d 5b 4f 6f 5d 5b 4e 6e 5d 5b 49 69 5d 5b 43 63 5d 29 22 3e 0d 0a 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 31 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 3c 2f 53 52 3e 0d 0a 20 20 3c 2f 53 3e 0d 0a 20 20 3c 43 20 54 3d 22 57 22 20
                                                                                                                                                                                                                                                                                                                Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120637" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120635" /> <SR T="2" R="([Pp][Aa][Nn][Aa][Ss][Oo][Nn][Ii][Cc])"> <S T="1" F="1" M="Ignore" /> </SR> </S> <C T="W"


                                                                                                                                                                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination Port
                                                                                                                                                                                                                                                                                                                105192.168.2.46310513.107.246.60443
                                                                                                                                                                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                2024-10-04 14:01:05 UTC192OUTGET /rules/rule120638v0s19.xml HTTP/1.1
                                                                                                                                                                                                                                                                                                                Connection: Keep-Alive
                                                                                                                                                                                                                                                                                                                Accept-Encoding: gzip
                                                                                                                                                                                                                                                                                                                User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
                                                                                                                                                                                                                                                                                                                Host: otelrules.azureedge.net
                                                                                                                                                                                                                                                                                                                2024-10-04 14:01:05 UTC470INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                Date: Fri, 04 Oct 2024 14:01:05 GMT
                                                                                                                                                                                                                                                                                                                Content-Type: text/xml
                                                                                                                                                                                                                                                                                                                Content-Length: 486
                                                                                                                                                                                                                                                                                                                Connection: close
                                                                                                                                                                                                                                                                                                                Cache-Control: public, max-age=604800, immutable
                                                                                                                                                                                                                                                                                                                Last-Modified: Tue, 09 Apr 2024 00:25:35 GMT
                                                                                                                                                                                                                                                                                                                ETag: "0x8DC582B92FCB436"
                                                                                                                                                                                                                                                                                                                x-ms-request-id: 76615707-c01e-0082-6a8c-15af72000000
                                                                                                                                                                                                                                                                                                                x-ms-version: 2018-03-28
                                                                                                                                                                                                                                                                                                                x-azure-ref: 20241004T140105Z-15767c5fc55852fxfeh7csa2dn0000000ckg000000008rxh
                                                                                                                                                                                                                                                                                                                x-fd-int-roxy-purgeid: 0
                                                                                                                                                                                                                                                                                                                X-Cache: TCP_HIT
                                                                                                                                                                                                                                                                                                                Accept-Ranges: bytes
                                                                                                                                                                                                                                                                                                                2024-10-04 14:01:05 UTC486INData Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 33 38 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 33 37 22 20 2f 3e 0d 0a 20 20 20 20 3c 54 48 20 54 3d 22 32 22 3e 0d 0a 20 20 20 20 20 20 3c 4f 20 54 3d 22 45 51 22 3e 0d 0a 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 55 20 54 3d 22 45 71 75 61 6c 73 4e 75 6c 6c 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 30 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 20 20
                                                                                                                                                                                                                                                                                                                Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120638" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120637" /> <TH T="2"> <O T="EQ"> <L> <U T="EqualsNull"> <S T="1" F="0" M="Ignore" />


                                                                                                                                                                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination Port
                                                                                                                                                                                                                                                                                                                106192.168.2.46310613.107.246.60443
                                                                                                                                                                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                2024-10-04 14:01:05 UTC192OUTGET /rules/rule120639v0s19.xml HTTP/1.1
                                                                                                                                                                                                                                                                                                                Connection: Keep-Alive
                                                                                                                                                                                                                                                                                                                Accept-Encoding: gzip
                                                                                                                                                                                                                                                                                                                User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
                                                                                                                                                                                                                                                                                                                Host: otelrules.azureedge.net
                                                                                                                                                                                                                                                                                                                2024-10-04 14:01:05 UTC470INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                Date: Fri, 04 Oct 2024 14:01:05 GMT
                                                                                                                                                                                                                                                                                                                Content-Type: text/xml
                                                                                                                                                                                                                                                                                                                Content-Length: 423
                                                                                                                                                                                                                                                                                                                Connection: close
                                                                                                                                                                                                                                                                                                                Cache-Control: public, max-age=604800, immutable
                                                                                                                                                                                                                                                                                                                Last-Modified: Tue, 09 Apr 2024 00:26:36 GMT
                                                                                                                                                                                                                                                                                                                ETag: "0x8DC582BB7564CE8"
                                                                                                                                                                                                                                                                                                                x-ms-request-id: bb2e28bd-501e-0016-0b8c-15181b000000
                                                                                                                                                                                                                                                                                                                x-ms-version: 2018-03-28
                                                                                                                                                                                                                                                                                                                x-azure-ref: 20241004T140105Z-15767c5fc55fdfx81a30vtr1fw0000000d10000000004ecp
                                                                                                                                                                                                                                                                                                                x-fd-int-roxy-purgeid: 0
                                                                                                                                                                                                                                                                                                                X-Cache: TCP_HIT
                                                                                                                                                                                                                                                                                                                Accept-Ranges: bytes
                                                                                                                                                                                                                                                                                                                2024-10-04 14:01:05 UTC423INData Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 33 39 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 33 37 22 20 2f 3e 0d 0a 20 20 20 20 3c 53 52 20 54 3d 22 32 22 20 52 3d 22 28 5b 44 64 5d 5b 59 79 5d 5b 4e 6e 5d 5b 41 61 5d 5b 42 62 5d 5b 4f 6f 5d 5b 4f 6f 5d 5b 4b 6b 5d 29 22 3e 0d 0a 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 31 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 3c 2f 53 52 3e 0d 0a 20 20 3c 2f 53 3e 0d 0a 20 20 3c 43 20 54 3d 22 57 22 20 49 3d 22 30
                                                                                                                                                                                                                                                                                                                Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120639" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120637" /> <SR T="2" R="([Dd][Yy][Nn][Aa][Bb][Oo][Oo][Kk])"> <S T="1" F="1" M="Ignore" /> </SR> </S> <C T="W" I="0


                                                                                                                                                                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination Port
                                                                                                                                                                                                                                                                                                                107192.168.2.46310713.107.246.60443
                                                                                                                                                                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                2024-10-04 14:01:06 UTC192OUTGET /rules/rule120640v0s19.xml HTTP/1.1
                                                                                                                                                                                                                                                                                                                Connection: Keep-Alive
                                                                                                                                                                                                                                                                                                                Accept-Encoding: gzip
                                                                                                                                                                                                                                                                                                                User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
                                                                                                                                                                                                                                                                                                                Host: otelrules.azureedge.net
                                                                                                                                                                                                                                                                                                                2024-10-04 14:01:06 UTC470INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                Date: Fri, 04 Oct 2024 14:01:06 GMT
                                                                                                                                                                                                                                                                                                                Content-Type: text/xml
                                                                                                                                                                                                                                                                                                                Content-Length: 478
                                                                                                                                                                                                                                                                                                                Connection: close
                                                                                                                                                                                                                                                                                                                Cache-Control: public, max-age=604800, immutable
                                                                                                                                                                                                                                                                                                                Last-Modified: Tue, 09 Apr 2024 00:25:48 GMT
                                                                                                                                                                                                                                                                                                                ETag: "0x8DC582B9B233827"
                                                                                                                                                                                                                                                                                                                x-ms-request-id: 4da5bf60-a01e-0070-668c-15573b000000
                                                                                                                                                                                                                                                                                                                x-ms-version: 2018-03-28
                                                                                                                                                                                                                                                                                                                x-azure-ref: 20241004T140106Z-15767c5fc55852fxfeh7csa2dn0000000chg00000000crke
                                                                                                                                                                                                                                                                                                                x-fd-int-roxy-purgeid: 0
                                                                                                                                                                                                                                                                                                                X-Cache: TCP_HIT
                                                                                                                                                                                                                                                                                                                Accept-Ranges: bytes
                                                                                                                                                                                                                                                                                                                2024-10-04 14:01:06 UTC478INData Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 34 30 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 33 39 22 20 2f 3e 0d 0a 20 20 20 20 3c 54 48 20 54 3d 22 32 22 3e 0d 0a 20 20 20 20 20 20 3c 4f 20 54 3d 22 45 51 22 3e 0d 0a 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 55 20 54 3d 22 45 71 75 61 6c 73 4e 75 6c 6c 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 30 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 20 20
                                                                                                                                                                                                                                                                                                                Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120640" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120639" /> <TH T="2"> <O T="EQ"> <L> <U T="EqualsNull"> <S T="1" F="0" M="Ignore" />


                                                                                                                                                                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination Port
                                                                                                                                                                                                                                                                                                                108192.168.2.46310913.107.246.60443
                                                                                                                                                                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                2024-10-04 14:01:06 UTC192OUTGET /rules/rule120642v0s19.xml HTTP/1.1
                                                                                                                                                                                                                                                                                                                Connection: Keep-Alive
                                                                                                                                                                                                                                                                                                                Accept-Encoding: gzip
                                                                                                                                                                                                                                                                                                                User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
                                                                                                                                                                                                                                                                                                                Host: otelrules.azureedge.net
                                                                                                                                                                                                                                                                                                                2024-10-04 14:01:06 UTC470INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                Date: Fri, 04 Oct 2024 14:01:06 GMT
                                                                                                                                                                                                                                                                                                                Content-Type: text/xml
                                                                                                                                                                                                                                                                                                                Content-Length: 468
                                                                                                                                                                                                                                                                                                                Connection: close
                                                                                                                                                                                                                                                                                                                Cache-Control: public, max-age=604800, immutable
                                                                                                                                                                                                                                                                                                                Last-Modified: Tue, 09 Apr 2024 00:26:24 GMT
                                                                                                                                                                                                                                                                                                                ETag: "0x8DC582BB046B576"
                                                                                                                                                                                                                                                                                                                x-ms-request-id: 8789ddbb-a01e-0084-6a8c-159ccd000000
                                                                                                                                                                                                                                                                                                                x-ms-version: 2018-03-28
                                                                                                                                                                                                                                                                                                                x-azure-ref: 20241004T140106Z-15767c5fc55xsgnlxyxy40f4m00000000cng0000000004ch
                                                                                                                                                                                                                                                                                                                x-fd-int-roxy-purgeid: 0
                                                                                                                                                                                                                                                                                                                X-Cache: TCP_HIT
                                                                                                                                                                                                                                                                                                                Accept-Ranges: bytes
                                                                                                                                                                                                                                                                                                                2024-10-04 14:01:06 UTC468INData Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 34 32 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 34 31 22 20 2f 3e 0d 0a 20 20 20 20 3c 54 48 20 54 3d 22 32 22 3e 0d 0a 20 20 20 20 20 20 3c 4f 20 54 3d 22 45 51 22 3e 0d 0a 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 55 20 54 3d 22 45 71 75 61 6c 73 4e 75 6c 6c 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 30 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 20 20
                                                                                                                                                                                                                                                                                                                Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120642" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120641" /> <TH T="2"> <O T="EQ"> <L> <U T="EqualsNull"> <S T="1" F="0" M="Ignore" />


                                                                                                                                                                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination Port
                                                                                                                                                                                                                                                                                                                109192.168.2.46310813.107.246.60443
                                                                                                                                                                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                2024-10-04 14:01:06 UTC192OUTGET /rules/rule120641v0s19.xml HTTP/1.1
                                                                                                                                                                                                                                                                                                                Connection: Keep-Alive
                                                                                                                                                                                                                                                                                                                Accept-Encoding: gzip
                                                                                                                                                                                                                                                                                                                User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
                                                                                                                                                                                                                                                                                                                Host: otelrules.azureedge.net
                                                                                                                                                                                                                                                                                                                2024-10-04 14:01:06 UTC470INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                Date: Fri, 04 Oct 2024 14:01:06 GMT
                                                                                                                                                                                                                                                                                                                Content-Type: text/xml
                                                                                                                                                                                                                                                                                                                Content-Length: 404
                                                                                                                                                                                                                                                                                                                Connection: close
                                                                                                                                                                                                                                                                                                                Cache-Control: public, max-age=604800, immutable
                                                                                                                                                                                                                                                                                                                Last-Modified: Tue, 09 Apr 2024 00:25:39 GMT
                                                                                                                                                                                                                                                                                                                ETag: "0x8DC582B95C61A3C"
                                                                                                                                                                                                                                                                                                                x-ms-request-id: 0dcb6c6d-e01e-0003-668c-150fa8000000
                                                                                                                                                                                                                                                                                                                x-ms-version: 2018-03-28
                                                                                                                                                                                                                                                                                                                x-azure-ref: 20241004T140106Z-15767c5fc55jdxmppy6cmd24bn00000004z00000000006xe
                                                                                                                                                                                                                                                                                                                x-fd-int-roxy-purgeid: 0
                                                                                                                                                                                                                                                                                                                X-Cache: TCP_HIT
                                                                                                                                                                                                                                                                                                                Accept-Ranges: bytes
                                                                                                                                                                                                                                                                                                                2024-10-04 14:01:06 UTC404INData Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 34 31 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 33 39 22 20 2f 3e 0d 0a 20 20 20 20 3c 53 52 20 54 3d 22 32 22 20 52 3d 22 5e 28 5b 4d 6d 5d 5b 53 73 5d 5b 49 69 5d 29 22 3e 0d 0a 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 31 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 3c 2f 53 52 3e 0d 0a 20 20 3c 2f 53 3e 0d 0a 20 20 3c 43 20 54 3d 22 57 22 20 49 3d 22 30 22 20 4f 3d 22 74 72 75 65 22 3e 0d 0a 20 20 20 20 3c 53
                                                                                                                                                                                                                                                                                                                Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120641" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120639" /> <SR T="2" R="^([Mm][Ss][Ii])"> <S T="1" F="1" M="Ignore" /> </SR> </S> <C T="W" I="0" O="true"> <S


                                                                                                                                                                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination Port
                                                                                                                                                                                                                                                                                                                110192.168.2.46311013.107.246.60443
                                                                                                                                                                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                2024-10-04 14:01:06 UTC192OUTGET /rules/rule120643v0s19.xml HTTP/1.1
                                                                                                                                                                                                                                                                                                                Connection: Keep-Alive
                                                                                                                                                                                                                                                                                                                Accept-Encoding: gzip
                                                                                                                                                                                                                                                                                                                User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
                                                                                                                                                                                                                                                                                                                Host: otelrules.azureedge.net
                                                                                                                                                                                                                                                                                                                2024-10-04 14:01:06 UTC470INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                Date: Fri, 04 Oct 2024 14:01:06 GMT
                                                                                                                                                                                                                                                                                                                Content-Type: text/xml
                                                                                                                                                                                                                                                                                                                Content-Length: 400
                                                                                                                                                                                                                                                                                                                Connection: close
                                                                                                                                                                                                                                                                                                                Cache-Control: public, max-age=604800, immutable
                                                                                                                                                                                                                                                                                                                Last-Modified: Tue, 09 Apr 2024 00:26:28 GMT
                                                                                                                                                                                                                                                                                                                ETag: "0x8DC582BB2D62837"
                                                                                                                                                                                                                                                                                                                x-ms-request-id: 9bed673a-001e-0046-278c-15da4b000000
                                                                                                                                                                                                                                                                                                                x-ms-version: 2018-03-28
                                                                                                                                                                                                                                                                                                                x-azure-ref: 20241004T140106Z-15767c5fc55v7j95gq2uzq37a00000000cs000000000pzdt
                                                                                                                                                                                                                                                                                                                x-fd-int-roxy-purgeid: 0
                                                                                                                                                                                                                                                                                                                X-Cache: TCP_HIT
                                                                                                                                                                                                                                                                                                                Accept-Ranges: bytes
                                                                                                                                                                                                                                                                                                                2024-10-04 14:01:06 UTC400INData Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 34 33 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 34 31 22 20 2f 3e 0d 0a 20 20 20 20 3c 53 52 20 54 3d 22 32 22 20 52 3d 22 5e 28 5b 4c 6c 5d 5b 47 67 5d 29 22 3e 0d 0a 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 31 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 3c 2f 53 52 3e 0d 0a 20 20 3c 2f 53 3e 0d 0a 20 20 3c 43 20 54 3d 22 57 22 20 49 3d 22 30 22 20 4f 3d 22 74 72 75 65 22 3e 0d 0a 20 20 20 20 3c 53 20 54 3d 22
                                                                                                                                                                                                                                                                                                                Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120643" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120641" /> <SR T="2" R="^([Ll][Gg])"> <S T="1" F="1" M="Ignore" /> </SR> </S> <C T="W" I="0" O="true"> <S T="


                                                                                                                                                                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination Port
                                                                                                                                                                                                                                                                                                                111192.168.2.46311113.107.246.60443
                                                                                                                                                                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                2024-10-04 14:01:06 UTC192OUTGET /rules/rule120644v0s19.xml HTTP/1.1
                                                                                                                                                                                                                                                                                                                Connection: Keep-Alive
                                                                                                                                                                                                                                                                                                                Accept-Encoding: gzip
                                                                                                                                                                                                                                                                                                                User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
                                                                                                                                                                                                                                                                                                                Host: otelrules.azureedge.net
                                                                                                                                                                                                                                                                                                                2024-10-04 14:01:06 UTC470INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                Date: Fri, 04 Oct 2024 14:01:06 GMT
                                                                                                                                                                                                                                                                                                                Content-Type: text/xml
                                                                                                                                                                                                                                                                                                                Content-Length: 479
                                                                                                                                                                                                                                                                                                                Connection: close
                                                                                                                                                                                                                                                                                                                Cache-Control: public, max-age=604800, immutable
                                                                                                                                                                                                                                                                                                                Last-Modified: Tue, 09 Apr 2024 00:26:37 GMT
                                                                                                                                                                                                                                                                                                                ETag: "0x8DC582BB7D702D0"
                                                                                                                                                                                                                                                                                                                x-ms-request-id: 772ea1ab-e01e-003c-188c-15c70b000000
                                                                                                                                                                                                                                                                                                                x-ms-version: 2018-03-28
                                                                                                                                                                                                                                                                                                                x-azure-ref: 20241004T140106Z-15767c5fc55rv8zjq9dg0musxg0000000cqg000000005ade
                                                                                                                                                                                                                                                                                                                x-fd-int-roxy-purgeid: 0
                                                                                                                                                                                                                                                                                                                X-Cache: TCP_HIT
                                                                                                                                                                                                                                                                                                                Accept-Ranges: bytes
                                                                                                                                                                                                                                                                                                                2024-10-04 14:01:06 UTC479INData Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 34 34 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 34 33 22 20 2f 3e 0d 0a 20 20 20 20 3c 54 48 20 54 3d 22 32 22 3e 0d 0a 20 20 20 20 20 20 3c 4f 20 54 3d 22 45 51 22 3e 0d 0a 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 55 20 54 3d 22 45 71 75 61 6c 73 4e 75 6c 6c 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 30 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 20 20
                                                                                                                                                                                                                                                                                                                Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120644" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120643" /> <TH T="2"> <O T="EQ"> <L> <U T="EqualsNull"> <S T="1" F="0" M="Ignore" />


                                                                                                                                                                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination Port
                                                                                                                                                                                                                                                                                                                112192.168.2.46311213.107.246.60443
                                                                                                                                                                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                2024-10-04 14:01:07 UTC192OUTGET /rules/rule120645v0s19.xml HTTP/1.1
                                                                                                                                                                                                                                                                                                                Connection: Keep-Alive
                                                                                                                                                                                                                                                                                                                Accept-Encoding: gzip
                                                                                                                                                                                                                                                                                                                User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
                                                                                                                                                                                                                                                                                                                Host: otelrules.azureedge.net
                                                                                                                                                                                                                                                                                                                2024-10-04 14:01:07 UTC470INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                Date: Fri, 04 Oct 2024 14:01:07 GMT
                                                                                                                                                                                                                                                                                                                Content-Type: text/xml
                                                                                                                                                                                                                                                                                                                Content-Length: 425
                                                                                                                                                                                                                                                                                                                Connection: close
                                                                                                                                                                                                                                                                                                                Cache-Control: public, max-age=604800, immutable
                                                                                                                                                                                                                                                                                                                Last-Modified: Tue, 09 Apr 2024 00:26:40 GMT
                                                                                                                                                                                                                                                                                                                ETag: "0x8DC582BBA25094F"
                                                                                                                                                                                                                                                                                                                x-ms-request-id: 3a0dcc46-601e-0032-6c8c-15eebb000000
                                                                                                                                                                                                                                                                                                                x-ms-version: 2018-03-28
                                                                                                                                                                                                                                                                                                                x-azure-ref: 20241004T140107Z-15767c5fc55gs96cphvgp5f5vc0000000cn0000000002ggf
                                                                                                                                                                                                                                                                                                                x-fd-int-roxy-purgeid: 0
                                                                                                                                                                                                                                                                                                                X-Cache: TCP_HIT
                                                                                                                                                                                                                                                                                                                Accept-Ranges: bytes
                                                                                                                                                                                                                                                                                                                2024-10-04 14:01:07 UTC425INData Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 34 35 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 34 33 22 20 2f 3e 0d 0a 20 20 20 20 3c 53 52 20 54 3d 22 32 22 20 52 3d 22 28 5b 41 61 5d 5b 4d 6d 5d 5b 41 61 5d 5b 5a 7a 5d 5b 4f 6f 5d 5b 4e 6e 5d 20 5b 45 65 5d 5b 43 63 5d 32 29 22 3e 0d 0a 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 31 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 3c 2f 53 52 3e 0d 0a 20 20 3c 2f 53 3e 0d 0a 20 20 3c 43 20 54 3d 22 57 22 20 49 3d
                                                                                                                                                                                                                                                                                                                Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120645" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120643" /> <SR T="2" R="([Aa][Mm][Aa][Zz][Oo][Nn] [Ee][Cc]2)"> <S T="1" F="1" M="Ignore" /> </SR> </S> <C T="W" I=


                                                                                                                                                                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination Port
                                                                                                                                                                                                                                                                                                                113192.168.2.46311413.107.246.60443
                                                                                                                                                                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                2024-10-04 14:01:07 UTC192OUTGET /rules/rule120647v0s19.xml HTTP/1.1
                                                                                                                                                                                                                                                                                                                Connection: Keep-Alive
                                                                                                                                                                                                                                                                                                                Accept-Encoding: gzip
                                                                                                                                                                                                                                                                                                                User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
                                                                                                                                                                                                                                                                                                                Host: otelrules.azureedge.net
                                                                                                                                                                                                                                                                                                                2024-10-04 14:01:07 UTC470INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                Date: Fri, 04 Oct 2024 14:01:07 GMT
                                                                                                                                                                                                                                                                                                                Content-Type: text/xml
                                                                                                                                                                                                                                                                                                                Content-Length: 448
                                                                                                                                                                                                                                                                                                                Connection: close
                                                                                                                                                                                                                                                                                                                Cache-Control: public, max-age=604800, immutable
                                                                                                                                                                                                                                                                                                                Last-Modified: Tue, 09 Apr 2024 00:26:29 GMT
                                                                                                                                                                                                                                                                                                                ETag: "0x8DC582BB389F49B"
                                                                                                                                                                                                                                                                                                                x-ms-request-id: 1f480944-c01e-002b-018c-156e00000000
                                                                                                                                                                                                                                                                                                                x-ms-version: 2018-03-28
                                                                                                                                                                                                                                                                                                                x-azure-ref: 20241004T140107Z-15767c5fc55v7j95gq2uzq37a00000000csg00000000my92
                                                                                                                                                                                                                                                                                                                x-fd-int-roxy-purgeid: 0
                                                                                                                                                                                                                                                                                                                X-Cache: TCP_HIT
                                                                                                                                                                                                                                                                                                                Accept-Ranges: bytes
                                                                                                                                                                                                                                                                                                                2024-10-04 14:01:07 UTC448INData Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 34 37 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 34 35 22 20 2f 3e 0d 0a 20 20 20 20 3c 53 52 20 54 3d 22 32 22 20 52 3d 22 28 5b 41 61 5d 5b 50 70 5d 5b 41 61 5d 5b 43 63 5d 5b 48 68 5d 5b 45 65 5d 20 5b 53 73 5d 5b 4f 6f 5d 5b 46 66 5d 5b 54 74 5d 5b 57 77 5d 5b 41 61 5d 5b 52 72 5d 5b 45 65 5d 29 22 3e 0d 0a 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 31 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 3c 2f 53 52 3e
                                                                                                                                                                                                                                                                                                                Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120647" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120645" /> <SR T="2" R="([Aa][Pp][Aa][Cc][Hh][Ee] [Ss][Oo][Ff][Tt][Ww][Aa][Rr][Ee])"> <S T="1" F="1" M="Ignore" /> </SR>


                                                                                                                                                                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination Port
                                                                                                                                                                                                                                                                                                                114192.168.2.46311313.107.246.60443
                                                                                                                                                                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                2024-10-04 14:01:07 UTC192OUTGET /rules/rule120646v0s19.xml HTTP/1.1
                                                                                                                                                                                                                                                                                                                Connection: Keep-Alive
                                                                                                                                                                                                                                                                                                                Accept-Encoding: gzip
                                                                                                                                                                                                                                                                                                                User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
                                                                                                                                                                                                                                                                                                                Host: otelrules.azureedge.net
                                                                                                                                                                                                                                                                                                                2024-10-04 14:01:07 UTC470INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                Date: Fri, 04 Oct 2024 14:01:07 GMT
                                                                                                                                                                                                                                                                                                                Content-Type: text/xml
                                                                                                                                                                                                                                                                                                                Content-Length: 475
                                                                                                                                                                                                                                                                                                                Connection: close
                                                                                                                                                                                                                                                                                                                Cache-Control: public, max-age=604800, immutable
                                                                                                                                                                                                                                                                                                                Last-Modified: Tue, 09 Apr 2024 00:26:28 GMT
                                                                                                                                                                                                                                                                                                                ETag: "0x8DC582BB2BE84FD"
                                                                                                                                                                                                                                                                                                                x-ms-request-id: 15fe0b87-a01e-0002-3b8c-155074000000
                                                                                                                                                                                                                                                                                                                x-ms-version: 2018-03-28
                                                                                                                                                                                                                                                                                                                x-azure-ref: 20241004T140107Z-15767c5fc55n4msds84xh4z67w000000066000000000sv1s
                                                                                                                                                                                                                                                                                                                x-fd-int-roxy-purgeid: 0
                                                                                                                                                                                                                                                                                                                X-Cache: TCP_HIT
                                                                                                                                                                                                                                                                                                                Accept-Ranges: bytes
                                                                                                                                                                                                                                                                                                                2024-10-04 14:01:07 UTC475INData Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 34 36 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 34 35 22 20 2f 3e 0d 0a 20 20 20 20 3c 54 48 20 54 3d 22 32 22 3e 0d 0a 20 20 20 20 20 20 3c 4f 20 54 3d 22 45 51 22 3e 0d 0a 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 55 20 54 3d 22 45 71 75 61 6c 73 4e 75 6c 6c 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 30 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 20 20
                                                                                                                                                                                                                                                                                                                Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120646" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120645" /> <TH T="2"> <O T="EQ"> <L> <U T="EqualsNull"> <S T="1" F="0" M="Ignore" />


                                                                                                                                                                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination Port
                                                                                                                                                                                                                                                                                                                115192.168.2.46311513.107.246.60443
                                                                                                                                                                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                2024-10-04 14:01:07 UTC192OUTGET /rules/rule120648v0s19.xml HTTP/1.1
                                                                                                                                                                                                                                                                                                                Connection: Keep-Alive
                                                                                                                                                                                                                                                                                                                Accept-Encoding: gzip
                                                                                                                                                                                                                                                                                                                User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
                                                                                                                                                                                                                                                                                                                Host: otelrules.azureedge.net
                                                                                                                                                                                                                                                                                                                2024-10-04 14:01:07 UTC470INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                Date: Fri, 04 Oct 2024 14:01:07 GMT
                                                                                                                                                                                                                                                                                                                Content-Type: text/xml
                                                                                                                                                                                                                                                                                                                Content-Length: 491
                                                                                                                                                                                                                                                                                                                Connection: close
                                                                                                                                                                                                                                                                                                                Cache-Control: public, max-age=604800, immutable
                                                                                                                                                                                                                                                                                                                Last-Modified: Tue, 09 Apr 2024 00:25:44 GMT
                                                                                                                                                                                                                                                                                                                ETag: "0x8DC582B98B88612"
                                                                                                                                                                                                                                                                                                                x-ms-request-id: c54fbac1-901e-008f-588c-1567a6000000
                                                                                                                                                                                                                                                                                                                x-ms-version: 2018-03-28
                                                                                                                                                                                                                                                                                                                x-azure-ref: 20241004T140107Z-15767c5fc55rv8zjq9dg0musxg0000000cmg00000000fbts
                                                                                                                                                                                                                                                                                                                x-fd-int-roxy-purgeid: 0
                                                                                                                                                                                                                                                                                                                X-Cache: TCP_HIT
                                                                                                                                                                                                                                                                                                                Accept-Ranges: bytes
                                                                                                                                                                                                                                                                                                                2024-10-04 14:01:07 UTC491INData Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 34 38 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 34 37 22 20 2f 3e 0d 0a 20 20 20 20 3c 54 48 20 54 3d 22 32 22 3e 0d 0a 20 20 20 20 20 20 3c 4f 20 54 3d 22 45 51 22 3e 0d 0a 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 55 20 54 3d 22 45 71 75 61 6c 73 4e 75 6c 6c 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 30 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 20 20
                                                                                                                                                                                                                                                                                                                Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120648" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120647" /> <TH T="2"> <O T="EQ"> <L> <U T="EqualsNull"> <S T="1" F="0" M="Ignore" />


                                                                                                                                                                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination Port
                                                                                                                                                                                                                                                                                                                116192.168.2.46311613.107.246.60443
                                                                                                                                                                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                2024-10-04 14:01:07 UTC192OUTGET /rules/rule120649v0s19.xml HTTP/1.1
                                                                                                                                                                                                                                                                                                                Connection: Keep-Alive
                                                                                                                                                                                                                                                                                                                Accept-Encoding: gzip
                                                                                                                                                                                                                                                                                                                User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
                                                                                                                                                                                                                                                                                                                Host: otelrules.azureedge.net
                                                                                                                                                                                                                                                                                                                2024-10-04 14:01:07 UTC470INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                Date: Fri, 04 Oct 2024 14:01:07 GMT
                                                                                                                                                                                                                                                                                                                Content-Type: text/xml
                                                                                                                                                                                                                                                                                                                Content-Length: 416
                                                                                                                                                                                                                                                                                                                Connection: close
                                                                                                                                                                                                                                                                                                                Cache-Control: public, max-age=604800, immutable
                                                                                                                                                                                                                                                                                                                Last-Modified: Tue, 09 Apr 2024 00:26:21 GMT
                                                                                                                                                                                                                                                                                                                ETag: "0x8DC582BAEA4B445"
                                                                                                                                                                                                                                                                                                                x-ms-request-id: 75858473-001e-000b-318c-1515a7000000
                                                                                                                                                                                                                                                                                                                x-ms-version: 2018-03-28
                                                                                                                                                                                                                                                                                                                x-azure-ref: 20241004T140107Z-15767c5fc55qkvj6n60pxm9mbw00000001qg00000000n8un
                                                                                                                                                                                                                                                                                                                x-fd-int-roxy-purgeid: 0
                                                                                                                                                                                                                                                                                                                X-Cache: TCP_HIT
                                                                                                                                                                                                                                                                                                                Accept-Ranges: bytes
                                                                                                                                                                                                                                                                                                                2024-10-04 14:01:07 UTC416INData Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 34 39 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 34 37 22 20 2f 3e 0d 0a 20 20 20 20 3c 53 52 20 54 3d 22 32 22 20 52 3d 22 5e 28 5b 46 66 5d 5b 45 65 5d 5b 44 64 5d 5b 4f 6f 5d 5b 52 72 5d 5b 41 61 5d 29 22 3e 0d 0a 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 31 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 3c 2f 53 52 3e 0d 0a 20 20 3c 2f 53 3e 0d 0a 20 20 3c 43 20 54 3d 22 57 22 20 49 3d 22 30 22 20 4f 3d 22 74 72
                                                                                                                                                                                                                                                                                                                Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120649" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120647" /> <SR T="2" R="^([Ff][Ee][Dd][Oo][Rr][Aa])"> <S T="1" F="1" M="Ignore" /> </SR> </S> <C T="W" I="0" O="tr


                                                                                                                                                                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination Port
                                                                                                                                                                                                                                                                                                                117192.168.2.46311813.107.246.60443
                                                                                                                                                                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                2024-10-04 14:01:07 UTC192OUTGET /rules/rule120651v0s19.xml HTTP/1.1
                                                                                                                                                                                                                                                                                                                Connection: Keep-Alive
                                                                                                                                                                                                                                                                                                                Accept-Encoding: gzip
                                                                                                                                                                                                                                                                                                                User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
                                                                                                                                                                                                                                                                                                                Host: otelrules.azureedge.net
                                                                                                                                                                                                                                                                                                                2024-10-04 14:01:08 UTC470INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                Date: Fri, 04 Oct 2024 14:01:07 GMT
                                                                                                                                                                                                                                                                                                                Content-Type: text/xml
                                                                                                                                                                                                                                                                                                                Content-Length: 415
                                                                                                                                                                                                                                                                                                                Connection: close
                                                                                                                                                                                                                                                                                                                Cache-Control: public, max-age=604800, immutable
                                                                                                                                                                                                                                                                                                                Last-Modified: Tue, 09 Apr 2024 00:26:10 GMT
                                                                                                                                                                                                                                                                                                                ETag: "0x8DC582BA80D96A1"
                                                                                                                                                                                                                                                                                                                x-ms-request-id: b9a197f6-401e-0078-3b8c-154d34000000
                                                                                                                                                                                                                                                                                                                x-ms-version: 2018-03-28
                                                                                                                                                                                                                                                                                                                x-azure-ref: 20241004T140107Z-15767c5fc5546rn6ch9zv310e000000005q00000000027rg
                                                                                                                                                                                                                                                                                                                x-fd-int-roxy-purgeid: 0
                                                                                                                                                                                                                                                                                                                X-Cache: TCP_HIT
                                                                                                                                                                                                                                                                                                                Accept-Ranges: bytes
                                                                                                                                                                                                                                                                                                                2024-10-04 14:01:08 UTC415INData Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 35 31 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 34 39 22 20 2f 3e 0d 0a 20 20 20 20 3c 53 52 20 54 3d 22 32 22 20 52 3d 22 28 5b 47 67 5d 5b 4f 6f 5d 5b 4f 6f 5d 5b 47 67 5d 5b 4c 6c 5d 5b 45 65 5d 29 22 3e 0d 0a 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 31 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 3c 2f 53 52 3e 0d 0a 20 20 3c 2f 53 3e 0d 0a 20 20 3c 43 20 54 3d 22 57 22 20 49 3d 22 30 22 20 4f 3d 22 74 72 75
                                                                                                                                                                                                                                                                                                                Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120651" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120649" /> <SR T="2" R="([Gg][Oo][Oo][Gg][Ll][Ee])"> <S T="1" F="1" M="Ignore" /> </SR> </S> <C T="W" I="0" O="tru


                                                                                                                                                                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination Port
                                                                                                                                                                                                                                                                                                                118192.168.2.46311713.107.246.60443
                                                                                                                                                                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                2024-10-04 14:01:07 UTC192OUTGET /rules/rule120650v0s19.xml HTTP/1.1
                                                                                                                                                                                                                                                                                                                Connection: Keep-Alive
                                                                                                                                                                                                                                                                                                                Accept-Encoding: gzip
                                                                                                                                                                                                                                                                                                                User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
                                                                                                                                                                                                                                                                                                                Host: otelrules.azureedge.net
                                                                                                                                                                                                                                                                                                                2024-10-04 14:01:08 UTC470INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                Date: Fri, 04 Oct 2024 14:01:07 GMT
                                                                                                                                                                                                                                                                                                                Content-Type: text/xml
                                                                                                                                                                                                                                                                                                                Content-Length: 479
                                                                                                                                                                                                                                                                                                                Connection: close
                                                                                                                                                                                                                                                                                                                Cache-Control: public, max-age=604800, immutable
                                                                                                                                                                                                                                                                                                                Last-Modified: Tue, 09 Apr 2024 00:25:44 GMT
                                                                                                                                                                                                                                                                                                                ETag: "0x8DC582B989EE75B"
                                                                                                                                                                                                                                                                                                                x-ms-request-id: 76252b1b-c01e-0066-488c-15a1ec000000
                                                                                                                                                                                                                                                                                                                x-ms-version: 2018-03-28
                                                                                                                                                                                                                                                                                                                x-azure-ref: 20241004T140107Z-15767c5fc55qkvj6n60pxm9mbw00000001w0000000002eby
                                                                                                                                                                                                                                                                                                                x-fd-int-roxy-purgeid: 0
                                                                                                                                                                                                                                                                                                                X-Cache: TCP_HIT
                                                                                                                                                                                                                                                                                                                Accept-Ranges: bytes
                                                                                                                                                                                                                                                                                                                2024-10-04 14:01:08 UTC479INData Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 35 30 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 34 39 22 20 2f 3e 0d 0a 20 20 20 20 3c 54 48 20 54 3d 22 32 22 3e 0d 0a 20 20 20 20 20 20 3c 4f 20 54 3d 22 45 51 22 3e 0d 0a 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 55 20 54 3d 22 45 71 75 61 6c 73 4e 75 6c 6c 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 30 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 20 20
                                                                                                                                                                                                                                                                                                                Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120650" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120649" /> <TH T="2"> <O T="EQ"> <L> <U T="EqualsNull"> <S T="1" F="0" M="Ignore" />


                                                                                                                                                                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination Port
                                                                                                                                                                                                                                                                                                                119192.168.2.46311913.107.246.60443
                                                                                                                                                                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                2024-10-04 14:01:07 UTC192OUTGET /rules/rule120652v0s19.xml HTTP/1.1
                                                                                                                                                                                                                                                                                                                Connection: Keep-Alive
                                                                                                                                                                                                                                                                                                                Accept-Encoding: gzip
                                                                                                                                                                                                                                                                                                                User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
                                                                                                                                                                                                                                                                                                                Host: otelrules.azureedge.net
                                                                                                                                                                                                                                                                                                                2024-10-04 14:01:08 UTC470INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                Date: Fri, 04 Oct 2024 14:01:07 GMT
                                                                                                                                                                                                                                                                                                                Content-Type: text/xml
                                                                                                                                                                                                                                                                                                                Content-Length: 471
                                                                                                                                                                                                                                                                                                                Connection: close
                                                                                                                                                                                                                                                                                                                Cache-Control: public, max-age=604800, immutable
                                                                                                                                                                                                                                                                                                                Last-Modified: Tue, 09 Apr 2024 00:25:43 GMT
                                                                                                                                                                                                                                                                                                                ETag: "0x8DC582B97E6FCDD"
                                                                                                                                                                                                                                                                                                                x-ms-request-id: b83a8dc4-f01e-003f-308c-15d19d000000
                                                                                                                                                                                                                                                                                                                x-ms-version: 2018-03-28
                                                                                                                                                                                                                                                                                                                x-azure-ref: 20241004T140107Z-15767c5fc55rv8zjq9dg0musxg0000000crg000000001hc1
                                                                                                                                                                                                                                                                                                                x-fd-int-roxy-purgeid: 0
                                                                                                                                                                                                                                                                                                                X-Cache: TCP_HIT
                                                                                                                                                                                                                                                                                                                Accept-Ranges: bytes
                                                                                                                                                                                                                                                                                                                2024-10-04 14:01:08 UTC471INData Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 35 32 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 35 31 22 20 2f 3e 0d 0a 20 20 20 20 3c 54 48 20 54 3d 22 32 22 3e 0d 0a 20 20 20 20 20 20 3c 4f 20 54 3d 22 45 51 22 3e 0d 0a 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 55 20 54 3d 22 45 71 75 61 6c 73 4e 75 6c 6c 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 30 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 20 20
                                                                                                                                                                                                                                                                                                                Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120652" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120651" /> <TH T="2"> <O T="EQ"> <L> <U T="EqualsNull"> <S T="1" F="0" M="Ignore" />


                                                                                                                                                                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination Port
                                                                                                                                                                                                                                                                                                                120192.168.2.46312013.107.246.60443
                                                                                                                                                                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                2024-10-04 14:01:08 UTC192OUTGET /rules/rule120653v0s19.xml HTTP/1.1
                                                                                                                                                                                                                                                                                                                Connection: Keep-Alive
                                                                                                                                                                                                                                                                                                                Accept-Encoding: gzip
                                                                                                                                                                                                                                                                                                                User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
                                                                                                                                                                                                                                                                                                                Host: otelrules.azureedge.net
                                                                                                                                                                                                                                                                                                                2024-10-04 14:01:08 UTC470INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                Date: Fri, 04 Oct 2024 14:01:08 GMT
                                                                                                                                                                                                                                                                                                                Content-Type: text/xml
                                                                                                                                                                                                                                                                                                                Content-Length: 419
                                                                                                                                                                                                                                                                                                                Connection: close
                                                                                                                                                                                                                                                                                                                Cache-Control: public, max-age=604800, immutable
                                                                                                                                                                                                                                                                                                                Last-Modified: Tue, 09 Apr 2024 00:25:51 GMT
                                                                                                                                                                                                                                                                                                                ETag: "0x8DC582B9C710B28"
                                                                                                                                                                                                                                                                                                                x-ms-request-id: 2f8443ca-b01e-0070-308c-151cc0000000
                                                                                                                                                                                                                                                                                                                x-ms-version: 2018-03-28
                                                                                                                                                                                                                                                                                                                x-azure-ref: 20241004T140108Z-15767c5fc55sdcjq8ksxt4n9mc00000001u000000000szq4
                                                                                                                                                                                                                                                                                                                x-fd-int-roxy-purgeid: 0
                                                                                                                                                                                                                                                                                                                X-Cache: TCP_HIT
                                                                                                                                                                                                                                                                                                                Accept-Ranges: bytes
                                                                                                                                                                                                                                                                                                                2024-10-04 14:01:08 UTC419INData Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 35 33 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 35 31 22 20 2f 3e 0d 0a 20 20 20 20 3c 53 52 20 54 3d 22 32 22 20 52 3d 22 28 5b 49 69 5d 5b 4e 6e 5d 5b 4e 6e 5d 5b 4f 6f 5d 5b 54 74 5d 5b 45 65 5d 5b 4b 6b 5d 29 22 3e 0d 0a 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 31 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 3c 2f 53 52 3e 0d 0a 20 20 3c 2f 53 3e 0d 0a 20 20 3c 43 20 54 3d 22 57 22 20 49 3d 22 30 22 20 4f 3d
                                                                                                                                                                                                                                                                                                                Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120653" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120651" /> <SR T="2" R="([Ii][Nn][Nn][Oo][Tt][Ee][Kk])"> <S T="1" F="1" M="Ignore" /> </SR> </S> <C T="W" I="0" O=


                                                                                                                                                                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination Port
                                                                                                                                                                                                                                                                                                                121192.168.2.46312113.107.246.60443
                                                                                                                                                                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                2024-10-04 14:01:08 UTC192OUTGET /rules/rule120654v0s19.xml HTTP/1.1
                                                                                                                                                                                                                                                                                                                Connection: Keep-Alive
                                                                                                                                                                                                                                                                                                                Accept-Encoding: gzip
                                                                                                                                                                                                                                                                                                                User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
                                                                                                                                                                                                                                                                                                                Host: otelrules.azureedge.net
                                                                                                                                                                                                                                                                                                                2024-10-04 14:01:08 UTC470INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                Date: Fri, 04 Oct 2024 14:01:08 GMT
                                                                                                                                                                                                                                                                                                                Content-Type: text/xml
                                                                                                                                                                                                                                                                                                                Content-Length: 477
                                                                                                                                                                                                                                                                                                                Connection: close
                                                                                                                                                                                                                                                                                                                Cache-Control: public, max-age=604800, immutable
                                                                                                                                                                                                                                                                                                                Last-Modified: Tue, 09 Apr 2024 00:26:05 GMT
                                                                                                                                                                                                                                                                                                                ETag: "0x8DC582BA54DCC28"
                                                                                                                                                                                                                                                                                                                x-ms-request-id: 7be6812e-d01e-008e-528c-15387a000000
                                                                                                                                                                                                                                                                                                                x-ms-version: 2018-03-28
                                                                                                                                                                                                                                                                                                                x-azure-ref: 20241004T140108Z-15767c5fc55gs96cphvgp5f5vc0000000ce000000000q27v
                                                                                                                                                                                                                                                                                                                x-fd-int-roxy-purgeid: 0
                                                                                                                                                                                                                                                                                                                X-Cache: TCP_HIT
                                                                                                                                                                                                                                                                                                                Accept-Ranges: bytes
                                                                                                                                                                                                                                                                                                                2024-10-04 14:01:08 UTC477INData Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 35 34 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 35 33 22 20 2f 3e 0d 0a 20 20 20 20 3c 54 48 20 54 3d 22 32 22 3e 0d 0a 20 20 20 20 20 20 3c 4f 20 54 3d 22 45 51 22 3e 0d 0a 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 55 20 54 3d 22 45 71 75 61 6c 73 4e 75 6c 6c 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 30 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 20 20
                                                                                                                                                                                                                                                                                                                Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120654" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120653" /> <TH T="2"> <O T="EQ"> <L> <U T="EqualsNull"> <S T="1" F="0" M="Ignore" />


                                                                                                                                                                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination Port
                                                                                                                                                                                                                                                                                                                122192.168.2.46312313.107.246.60443
                                                                                                                                                                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                2024-10-04 14:01:08 UTC192OUTGET /rules/rule120656v0s19.xml HTTP/1.1
                                                                                                                                                                                                                                                                                                                Connection: Keep-Alive
                                                                                                                                                                                                                                                                                                                Accept-Encoding: gzip
                                                                                                                                                                                                                                                                                                                User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
                                                                                                                                                                                                                                                                                                                Host: otelrules.azureedge.net
                                                                                                                                                                                                                                                                                                                2024-10-04 14:01:08 UTC470INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                Date: Fri, 04 Oct 2024 14:01:08 GMT
                                                                                                                                                                                                                                                                                                                Content-Type: text/xml
                                                                                                                                                                                                                                                                                                                Content-Length: 477
                                                                                                                                                                                                                                                                                                                Connection: close
                                                                                                                                                                                                                                                                                                                Cache-Control: public, max-age=604800, immutable
                                                                                                                                                                                                                                                                                                                Last-Modified: Tue, 09 Apr 2024 00:26:04 GMT
                                                                                                                                                                                                                                                                                                                ETag: "0x8DC582BA48B5BDD"
                                                                                                                                                                                                                                                                                                                x-ms-request-id: 7be6821c-d01e-008e-398c-15387a000000
                                                                                                                                                                                                                                                                                                                x-ms-version: 2018-03-28
                                                                                                                                                                                                                                                                                                                x-azure-ref: 20241004T140108Z-15767c5fc554wklc0x4mc5pq0w0000000cy000000000g767
                                                                                                                                                                                                                                                                                                                x-fd-int-roxy-purgeid: 0
                                                                                                                                                                                                                                                                                                                X-Cache: TCP_HIT
                                                                                                                                                                                                                                                                                                                Accept-Ranges: bytes
                                                                                                                                                                                                                                                                                                                2024-10-04 14:01:08 UTC477INData Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 35 36 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 35 35 22 20 2f 3e 0d 0a 20 20 20 20 3c 54 48 20 54 3d 22 32 22 3e 0d 0a 20 20 20 20 20 20 3c 4f 20 54 3d 22 45 51 22 3e 0d 0a 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 55 20 54 3d 22 45 71 75 61 6c 73 4e 75 6c 6c 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 30 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 20 20
                                                                                                                                                                                                                                                                                                                Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120656" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120655" /> <TH T="2"> <O T="EQ"> <L> <U T="EqualsNull"> <S T="1" F="0" M="Ignore" />


                                                                                                                                                                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination Port
                                                                                                                                                                                                                                                                                                                123192.168.2.46312213.107.246.60443
                                                                                                                                                                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                2024-10-04 14:01:08 UTC192OUTGET /rules/rule120655v0s19.xml HTTP/1.1
                                                                                                                                                                                                                                                                                                                Connection: Keep-Alive
                                                                                                                                                                                                                                                                                                                Accept-Encoding: gzip
                                                                                                                                                                                                                                                                                                                User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
                                                                                                                                                                                                                                                                                                                Host: otelrules.azureedge.net
                                                                                                                                                                                                                                                                                                                2024-10-04 14:01:08 UTC470INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                Date: Fri, 04 Oct 2024 14:01:08 GMT
                                                                                                                                                                                                                                                                                                                Content-Type: text/xml
                                                                                                                                                                                                                                                                                                                Content-Length: 419
                                                                                                                                                                                                                                                                                                                Connection: close
                                                                                                                                                                                                                                                                                                                Cache-Control: public, max-age=604800, immutable
                                                                                                                                                                                                                                                                                                                Last-Modified: Tue, 09 Apr 2024 00:26:37 GMT
                                                                                                                                                                                                                                                                                                                ETag: "0x8DC582BB7F164C3"
                                                                                                                                                                                                                                                                                                                x-ms-request-id: 1f480aea-c01e-002b-028c-156e00000000
                                                                                                                                                                                                                                                                                                                x-ms-version: 2018-03-28
                                                                                                                                                                                                                                                                                                                x-azure-ref: 20241004T140108Z-15767c5fc55qkvj6n60pxm9mbw00000001vg000000004hcx
                                                                                                                                                                                                                                                                                                                x-fd-int-roxy-purgeid: 0
                                                                                                                                                                                                                                                                                                                X-Cache: TCP_HIT
                                                                                                                                                                                                                                                                                                                Accept-Ranges: bytes
                                                                                                                                                                                                                                                                                                                2024-10-04 14:01:08 UTC419INData Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 35 35 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 35 33 22 20 2f 3e 0d 0a 20 20 20 20 3c 53 52 20 54 3d 22 32 22 20 52 3d 22 28 5b 4e 6e 5d 5b 49 69 5d 5b 4d 6d 5d 5b 42 62 5d 5b 4f 6f 5d 5b 58 78 5d 5b 58 78 5d 29 22 3e 0d 0a 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 31 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 3c 2f 53 52 3e 0d 0a 20 20 3c 2f 53 3e 0d 0a 20 20 3c 43 20 54 3d 22 57 22 20 49 3d 22 30 22 20 4f 3d
                                                                                                                                                                                                                                                                                                                Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120655" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120653" /> <SR T="2" R="([Nn][Ii][Mm][Bb][Oo][Xx][Xx])"> <S T="1" F="1" M="Ignore" /> </SR> </S> <C T="W" I="0" O=


                                                                                                                                                                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination Port
                                                                                                                                                                                                                                                                                                                124192.168.2.46312513.107.246.60443
                                                                                                                                                                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                2024-10-04 14:01:09 UTC192OUTGET /rules/rule120658v0s19.xml HTTP/1.1
                                                                                                                                                                                                                                                                                                                Connection: Keep-Alive
                                                                                                                                                                                                                                                                                                                Accept-Encoding: gzip
                                                                                                                                                                                                                                                                                                                User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
                                                                                                                                                                                                                                                                                                                Host: otelrules.azureedge.net
                                                                                                                                                                                                                                                                                                                2024-10-04 14:01:09 UTC470INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                Date: Fri, 04 Oct 2024 14:01:09 GMT
                                                                                                                                                                                                                                                                                                                Content-Type: text/xml
                                                                                                                                                                                                                                                                                                                Content-Length: 472
                                                                                                                                                                                                                                                                                                                Connection: close
                                                                                                                                                                                                                                                                                                                Cache-Control: public, max-age=604800, immutable
                                                                                                                                                                                                                                                                                                                Last-Modified: Tue, 09 Apr 2024 00:26:34 GMT
                                                                                                                                                                                                                                                                                                                ETag: "0x8DC582BB650C2EC"
                                                                                                                                                                                                                                                                                                                x-ms-request-id: aa883537-b01e-0053-4c8c-15cdf8000000
                                                                                                                                                                                                                                                                                                                x-ms-version: 2018-03-28
                                                                                                                                                                                                                                                                                                                x-azure-ref: 20241004T140109Z-15767c5fc55whfstvfw43u8fp40000000ct0000000009t90
                                                                                                                                                                                                                                                                                                                x-fd-int-roxy-purgeid: 0
                                                                                                                                                                                                                                                                                                                X-Cache: TCP_HIT
                                                                                                                                                                                                                                                                                                                Accept-Ranges: bytes
                                                                                                                                                                                                                                                                                                                2024-10-04 14:01:09 UTC472INData Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 35 38 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 35 37 22 20 2f 3e 0d 0a 20 20 20 20 3c 54 48 20 54 3d 22 32 22 3e 0d 0a 20 20 20 20 20 20 3c 4f 20 54 3d 22 45 51 22 3e 0d 0a 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 55 20 54 3d 22 45 71 75 61 6c 73 4e 75 6c 6c 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 30 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 20 20
                                                                                                                                                                                                                                                                                                                Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120658" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120657" /> <TH T="2"> <O T="EQ"> <L> <U T="EqualsNull"> <S T="1" F="0" M="Ignore" />


                                                                                                                                                                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination Port
                                                                                                                                                                                                                                                                                                                125192.168.2.46312613.107.246.60443
                                                                                                                                                                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                2024-10-04 14:01:09 UTC192OUTGET /rules/rule120659v0s19.xml HTTP/1.1
                                                                                                                                                                                                                                                                                                                Connection: Keep-Alive
                                                                                                                                                                                                                                                                                                                Accept-Encoding: gzip
                                                                                                                                                                                                                                                                                                                User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
                                                                                                                                                                                                                                                                                                                Host: otelrules.azureedge.net
                                                                                                                                                                                                                                                                                                                2024-10-04 14:01:09 UTC470INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                Date: Fri, 04 Oct 2024 14:01:09 GMT
                                                                                                                                                                                                                                                                                                                Content-Type: text/xml
                                                                                                                                                                                                                                                                                                                Content-Length: 468
                                                                                                                                                                                                                                                                                                                Connection: close
                                                                                                                                                                                                                                                                                                                Cache-Control: public, max-age=604800, immutable
                                                                                                                                                                                                                                                                                                                Last-Modified: Tue, 09 Apr 2024 00:26:30 GMT
                                                                                                                                                                                                                                                                                                                ETag: "0x8DC582BB3EAF226"
                                                                                                                                                                                                                                                                                                                x-ms-request-id: cce0beff-001e-0082-398c-155880000000
                                                                                                                                                                                                                                                                                                                x-ms-version: 2018-03-28
                                                                                                                                                                                                                                                                                                                x-azure-ref: 20241004T140109Z-15767c5fc55rg5b7sh1vuv8t7n0000000cxg00000000hvsr
                                                                                                                                                                                                                                                                                                                x-fd-int-roxy-purgeid: 0
                                                                                                                                                                                                                                                                                                                X-Cache: TCP_HIT
                                                                                                                                                                                                                                                                                                                Accept-Ranges: bytes
                                                                                                                                                                                                                                                                                                                2024-10-04 14:01:09 UTC468INData Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 35 39 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 35 37 22 20 2f 3e 0d 0a 20 20 20 20 3c 53 52 20 54 3d 22 32 22 20 52 3d 22 28 5b 4f 6f 5d 5b 50 70 5d 5b 45 65 5d 5b 4e 6e 5d 5b 53 73 5d 5b 54 74 5d 5b 41 61 5d 5b 43 63 5d 5b 4b 6b 5d 20 5b 46 66 5d 5b 4f 6f 5d 5b 55 75 5d 5b 4e 6e 5d 5b 44 64 5d 5b 41 61 5d 5b 54 74 5d 5b 49 69 5d 5b 4f 6f 5d 5b 4e 6e 5d 29 22 3e 0d 0a 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 31 22 20 4d 3d 22 49
                                                                                                                                                                                                                                                                                                                Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120659" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120657" /> <SR T="2" R="([Oo][Pp][Ee][Nn][Ss][Tt][Aa][Cc][Kk] [Ff][Oo][Uu][Nn][Dd][Aa][Tt][Ii][Oo][Nn])"> <S T="1" F="1" M="I


                                                                                                                                                                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination Port
                                                                                                                                                                                                                                                                                                                126192.168.2.46312713.107.246.60443
                                                                                                                                                                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                2024-10-04 14:01:09 UTC192OUTGET /rules/rule120660v0s19.xml HTTP/1.1
                                                                                                                                                                                                                                                                                                                Connection: Keep-Alive
                                                                                                                                                                                                                                                                                                                Accept-Encoding: gzip
                                                                                                                                                                                                                                                                                                                User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
                                                                                                                                                                                                                                                                                                                Host: otelrules.azureedge.net
                                                                                                                                                                                                                                                                                                                2024-10-04 14:01:09 UTC470INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                Date: Fri, 04 Oct 2024 14:01:09 GMT
                                                                                                                                                                                                                                                                                                                Content-Type: text/xml
                                                                                                                                                                                                                                                                                                                Content-Length: 485
                                                                                                                                                                                                                                                                                                                Connection: close
                                                                                                                                                                                                                                                                                                                Cache-Control: public, max-age=604800, immutable
                                                                                                                                                                                                                                                                                                                Last-Modified: Tue, 09 Apr 2024 00:26:39 GMT
                                                                                                                                                                                                                                                                                                                ETag: "0x8DC582BB9769355"
                                                                                                                                                                                                                                                                                                                x-ms-request-id: dc68dac5-201e-006e-298c-15bbe3000000
                                                                                                                                                                                                                                                                                                                x-ms-version: 2018-03-28
                                                                                                                                                                                                                                                                                                                x-azure-ref: 20241004T140109Z-15767c5fc55gs96cphvgp5f5vc0000000cgg00000000fw60
                                                                                                                                                                                                                                                                                                                x-fd-int-roxy-purgeid: 0
                                                                                                                                                                                                                                                                                                                X-Cache: TCP_HIT
                                                                                                                                                                                                                                                                                                                Accept-Ranges: bytes
                                                                                                                                                                                                                                                                                                                2024-10-04 14:01:09 UTC485INData Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 36 30 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 35 39 22 20 2f 3e 0d 0a 20 20 20 20 3c 54 48 20 54 3d 22 32 22 3e 0d 0a 20 20 20 20 20 20 3c 4f 20 54 3d 22 45 51 22 3e 0d 0a 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 55 20 54 3d 22 45 71 75 61 6c 73 4e 75 6c 6c 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 30 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 20 20
                                                                                                                                                                                                                                                                                                                Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120660" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120659" /> <TH T="2"> <O T="EQ"> <L> <U T="EqualsNull"> <S T="1" F="0" M="Ignore" />


                                                                                                                                                                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination Port
                                                                                                                                                                                                                                                                                                                127192.168.2.46312413.107.246.60443
                                                                                                                                                                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                2024-10-04 14:01:09 UTC192OUTGET /rules/rule120657v0s19.xml HTTP/1.1
                                                                                                                                                                                                                                                                                                                Connection: Keep-Alive
                                                                                                                                                                                                                                                                                                                Accept-Encoding: gzip
                                                                                                                                                                                                                                                                                                                User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
                                                                                                                                                                                                                                                                                                                Host: otelrules.azureedge.net
                                                                                                                                                                                                                                                                                                                2024-10-04 14:01:09 UTC470INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                Date: Fri, 04 Oct 2024 14:01:09 GMT
                                                                                                                                                                                                                                                                                                                Content-Type: text/xml
                                                                                                                                                                                                                                                                                                                Content-Length: 419
                                                                                                                                                                                                                                                                                                                Connection: close
                                                                                                                                                                                                                                                                                                                Cache-Control: public, max-age=604800, immutable
                                                                                                                                                                                                                                                                                                                Last-Modified: Tue, 09 Apr 2024 00:25:57 GMT
                                                                                                                                                                                                                                                                                                                ETag: "0x8DC582B9FF95F80"
                                                                                                                                                                                                                                                                                                                x-ms-request-id: 16d3a614-701e-0032-288c-15a540000000
                                                                                                                                                                                                                                                                                                                x-ms-version: 2018-03-28
                                                                                                                                                                                                                                                                                                                x-azure-ref: 20241004T140109Z-15767c5fc55852fxfeh7csa2dn0000000cm0000000006gzk
                                                                                                                                                                                                                                                                                                                x-fd-int-roxy-purgeid: 0
                                                                                                                                                                                                                                                                                                                X-Cache: TCP_HIT
                                                                                                                                                                                                                                                                                                                Accept-Ranges: bytes
                                                                                                                                                                                                                                                                                                                2024-10-04 14:01:09 UTC419INData Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 35 37 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 35 35 22 20 2f 3e 0d 0a 20 20 20 20 3c 53 52 20 54 3d 22 32 22 20 52 3d 22 28 5b 4e 6e 5d 5b 55 75 5d 5b 54 74 5d 5b 41 61 5d 5b 4e 6e 5d 5b 49 69 5d 5b 58 78 5d 29 22 3e 0d 0a 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 31 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 3c 2f 53 52 3e 0d 0a 20 20 3c 2f 53 3e 0d 0a 20 20 3c 43 20 54 3d 22 57 22 20 49 3d 22 30 22 20 4f 3d
                                                                                                                                                                                                                                                                                                                Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120657" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120655" /> <SR T="2" R="([Nn][Uu][Tt][Aa][Nn][Ii][Xx])"> <S T="1" F="1" M="Ignore" /> </SR> </S> <C T="W" I="0" O=


                                                                                                                                                                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                                128192.168.2.46313145.32.1.234437872C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                2024-10-04 14:01:09 UTC924OUTPOST /api/api.php HTTP/1.1
                                                                                                                                                                                                                                                                                                                Host: pcapp.store
                                                                                                                                                                                                                                                                                                                Connection: keep-alive
                                                                                                                                                                                                                                                                                                                Content-Length: 96
                                                                                                                                                                                                                                                                                                                sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"
                                                                                                                                                                                                                                                                                                                sec-ch-ua-platform: "Windows"
                                                                                                                                                                                                                                                                                                                sec-ch-ua-mobile: ?0
                                                                                                                                                                                                                                                                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36
                                                                                                                                                                                                                                                                                                                Content-Type: application/json;charset=UTF-8
                                                                                                                                                                                                                                                                                                                Accept: */*
                                                                                                                                                                                                                                                                                                                Origin: https://pcapp.store
                                                                                                                                                                                                                                                                                                                Sec-Fetch-Site: same-origin
                                                                                                                                                                                                                                                                                                                Sec-Fetch-Mode: cors
                                                                                                                                                                                                                                                                                                                Sec-Fetch-Dest: empty
                                                                                                                                                                                                                                                                                                                Referer: https://pcapp.store/?p=lpd_installing_r2&guid=71434D56-1548-ED3D-AEE6-C75AECD93BF0&_fcid=1728048003008516&_winver=19045&version=fa.1091x
                                                                                                                                                                                                                                                                                                                Accept-Encoding: gzip, deflate, br
                                                                                                                                                                                                                                                                                                                Accept-Language: en-US,en;q=0.9
                                                                                                                                                                                                                                                                                                                Cookie: _fcid=1728048003008516; _gcl_au=1.1.1413056622.1728050423; _ga=GA1.1.1613511744.1728050423; guid=71434D56-1548-ED3D-AEE6-C75AECD93BF0; _ga_VFQWFX3X1C=GS1.1.1728050423.1.0.1728050423.60.0.0
                                                                                                                                                                                                                                                                                                                2024-10-04 14:01:09 UTC96OUTData Raw: 7b 22 63 22 3a 22 66 72 6f 6e 74 2f 69 6e 73 74 61 6c 6c 69 6e 67 22 2c 22 61 22 3a 22 69 6e 73 74 61 6c 6c 53 74 61 74 75 73 22 2c 22 70 22 3a 7b 22 67 75 69 64 22 3a 22 37 31 34 33 34 44 35 36 2d 31 35 34 38 2d 45 44 33 44 2d 41 45 45 36 2d 43 37 35 41 45 43 44 39 33 42 46 30 22 7d 7d
                                                                                                                                                                                                                                                                                                                Data Ascii: {"c":"front/installing","a":"installStatus","p":{"guid":"71434D56-1548-ED3D-AEE6-C75AECD93BF0"}}
                                                                                                                                                                                                                                                                                                                2024-10-04 14:01:09 UTC551INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                Server: nginx
                                                                                                                                                                                                                                                                                                                Date: Fri, 04 Oct 2024 14:01:09 GMT
                                                                                                                                                                                                                                                                                                                Content-Type: application/json
                                                                                                                                                                                                                                                                                                                Transfer-Encoding: chunked
                                                                                                                                                                                                                                                                                                                Connection: close
                                                                                                                                                                                                                                                                                                                Vary: Accept-Encoding
                                                                                                                                                                                                                                                                                                                Vary: Accept-Encoding
                                                                                                                                                                                                                                                                                                                Access-Control-Allow-Origin: https://pcapp.store
                                                                                                                                                                                                                                                                                                                Access-Control-Allow-Credentials: true
                                                                                                                                                                                                                                                                                                                Access-Control-Allow-Methods: GET, POST, OPTIONS
                                                                                                                                                                                                                                                                                                                Access-Control-Allow-Headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
                                                                                                                                                                                                                                                                                                                Cache-Control: no-store, no-cache, must-revalidate, proxy-revalidate, max-age=0
                                                                                                                                                                                                                                                                                                                2024-10-04 14:01:09 UTC44INData Raw: 32 31 0d 0a 7b 22 73 74 61 74 65 22 3a 22 6f 6b 22 2c 22 72 65 73 75 6c 74 22 3a 22 6e 6f 20 69 6e 66 6f 22 7d 0d 0a 30 0d 0a 0d 0a
                                                                                                                                                                                                                                                                                                                Data Ascii: 21{"state":"ok","result":"no info"}0


                                                                                                                                                                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination Port
                                                                                                                                                                                                                                                                                                                129192.168.2.46312813.107.246.60443
                                                                                                                                                                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                2024-10-04 14:01:09 UTC192OUTGET /rules/rule120661v0s19.xml HTTP/1.1
                                                                                                                                                                                                                                                                                                                Connection: Keep-Alive
                                                                                                                                                                                                                                                                                                                Accept-Encoding: gzip
                                                                                                                                                                                                                                                                                                                User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
                                                                                                                                                                                                                                                                                                                Host: otelrules.azureedge.net
                                                                                                                                                                                                                                                                                                                2024-10-04 14:01:09 UTC470INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                Date: Fri, 04 Oct 2024 14:01:09 GMT
                                                                                                                                                                                                                                                                                                                Content-Type: text/xml
                                                                                                                                                                                                                                                                                                                Content-Length: 411
                                                                                                                                                                                                                                                                                                                Connection: close
                                                                                                                                                                                                                                                                                                                Cache-Control: public, max-age=604800, immutable
                                                                                                                                                                                                                                                                                                                Last-Modified: Tue, 09 Apr 2024 00:25:44 GMT
                                                                                                                                                                                                                                                                                                                ETag: "0x8DC582B989AF051"
                                                                                                                                                                                                                                                                                                                x-ms-request-id: be018b72-401e-0035-7e8c-1582d8000000
                                                                                                                                                                                                                                                                                                                x-ms-version: 2018-03-28
                                                                                                                                                                                                                                                                                                                x-azure-ref: 20241004T140109Z-15767c5fc55dtdv4d4saq7t47n0000000ccg00000000fhdq
                                                                                                                                                                                                                                                                                                                x-fd-int-roxy-purgeid: 0
                                                                                                                                                                                                                                                                                                                X-Cache: TCP_HIT
                                                                                                                                                                                                                                                                                                                Accept-Ranges: bytes
                                                                                                                                                                                                                                                                                                                2024-10-04 14:01:09 UTC411INData Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 36 31 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 35 39 22 20 2f 3e 0d 0a 20 20 20 20 3c 53 52 20 54 3d 22 32 22 20 52 3d 22 28 5b 4f 6f 5d 5b 56 76 5d 5b 49 69 5d 5b 52 72 5d 5b 54 74 5d 29 22 3e 0d 0a 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 31 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 3c 2f 53 52 3e 0d 0a 20 20 3c 2f 53 3e 0d 0a 20 20 3c 43 20 54 3d 22 57 22 20 49 3d 22 30 22 20 4f 3d 22 74 72 75 65 22 3e 0d
                                                                                                                                                                                                                                                                                                                Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120661" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120659" /> <SR T="2" R="([Oo][Vv][Ii][Rr][Tt])"> <S T="1" F="1" M="Ignore" /> </SR> </S> <C T="W" I="0" O="true">


                                                                                                                                                                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination Port
                                                                                                                                                                                                                                                                                                                130192.168.2.46312913.107.246.60443
                                                                                                                                                                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                2024-10-04 14:01:09 UTC192OUTGET /rules/rule120662v0s19.xml HTTP/1.1
                                                                                                                                                                                                                                                                                                                Connection: Keep-Alive
                                                                                                                                                                                                                                                                                                                Accept-Encoding: gzip
                                                                                                                                                                                                                                                                                                                User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
                                                                                                                                                                                                                                                                                                                Host: otelrules.azureedge.net
                                                                                                                                                                                                                                                                                                                2024-10-04 14:01:09 UTC470INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                Date: Fri, 04 Oct 2024 14:01:09 GMT
                                                                                                                                                                                                                                                                                                                Content-Type: text/xml
                                                                                                                                                                                                                                                                                                                Content-Length: 470
                                                                                                                                                                                                                                                                                                                Connection: close
                                                                                                                                                                                                                                                                                                                Cache-Control: public, max-age=604800, immutable
                                                                                                                                                                                                                                                                                                                Last-Modified: Tue, 09 Apr 2024 00:26:42 GMT
                                                                                                                                                                                                                                                                                                                ETag: "0x8DC582BBB181F65"
                                                                                                                                                                                                                                                                                                                x-ms-request-id: 4da5c699-a01e-0070-198c-15573b000000
                                                                                                                                                                                                                                                                                                                x-ms-version: 2018-03-28
                                                                                                                                                                                                                                                                                                                x-azure-ref: 20241004T140109Z-15767c5fc55qdcd62bsn50hd6s0000000cb000000000mshg
                                                                                                                                                                                                                                                                                                                x-fd-int-roxy-purgeid: 0
                                                                                                                                                                                                                                                                                                                X-Cache: TCP_HIT
                                                                                                                                                                                                                                                                                                                Accept-Ranges: bytes
                                                                                                                                                                                                                                                                                                                2024-10-04 14:01:09 UTC470INData Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 36 32 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 36 31 22 20 2f 3e 0d 0a 20 20 20 20 3c 54 48 20 54 3d 22 32 22 3e 0d 0a 20 20 20 20 20 20 3c 4f 20 54 3d 22 45 51 22 3e 0d 0a 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 55 20 54 3d 22 45 71 75 61 6c 73 4e 75 6c 6c 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 30 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 20 20
                                                                                                                                                                                                                                                                                                                Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120662" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120661" /> <TH T="2"> <O T="EQ"> <L> <U T="EqualsNull"> <S T="1" F="0" M="Ignore" />


                                                                                                                                                                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination Port
                                                                                                                                                                                                                                                                                                                131192.168.2.46313013.107.246.60443
                                                                                                                                                                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                2024-10-04 14:01:09 UTC192OUTGET /rules/rule120663v0s19.xml HTTP/1.1
                                                                                                                                                                                                                                                                                                                Connection: Keep-Alive
                                                                                                                                                                                                                                                                                                                Accept-Encoding: gzip
                                                                                                                                                                                                                                                                                                                User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
                                                                                                                                                                                                                                                                                                                Host: otelrules.azureedge.net
                                                                                                                                                                                                                                                                                                                2024-10-04 14:01:09 UTC470INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                Date: Fri, 04 Oct 2024 14:01:09 GMT
                                                                                                                                                                                                                                                                                                                Content-Type: text/xml
                                                                                                                                                                                                                                                                                                                Content-Length: 427
                                                                                                                                                                                                                                                                                                                Connection: close
                                                                                                                                                                                                                                                                                                                Cache-Control: public, max-age=604800, immutable
                                                                                                                                                                                                                                                                                                                Last-Modified: Tue, 09 Apr 2024 00:26:32 GMT
                                                                                                                                                                                                                                                                                                                ETag: "0x8DC582BB556A907"
                                                                                                                                                                                                                                                                                                                x-ms-request-id: be018b82-401e-0035-0c8c-1582d8000000
                                                                                                                                                                                                                                                                                                                x-ms-version: 2018-03-28
                                                                                                                                                                                                                                                                                                                x-azure-ref: 20241004T140109Z-15767c5fc554l9xf959gp9cb1s00000006v0000000007dsk
                                                                                                                                                                                                                                                                                                                x-fd-int-roxy-purgeid: 0
                                                                                                                                                                                                                                                                                                                X-Cache: TCP_HIT
                                                                                                                                                                                                                                                                                                                Accept-Ranges: bytes
                                                                                                                                                                                                                                                                                                                2024-10-04 14:01:09 UTC427INData Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 36 33 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 36 31 22 20 2f 3e 0d 0a 20 20 20 20 3c 53 52 20 54 3d 22 32 22 20 52 3d 22 28 5b 50 70 5d 5b 41 61 5d 5b 52 72 5d 5b 41 61 5d 5b 4c 6c 5d 5b 4c 6c 5d 5b 45 65 5d 5b 4c 6c 5d 5b 53 73 5d 29 22 3e 0d 0a 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 31 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 3c 2f 53 52 3e 0d 0a 20 20 3c 2f 53 3e 0d 0a 20 20 3c 43 20 54 3d 22 57 22 20
                                                                                                                                                                                                                                                                                                                Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120663" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120661" /> <SR T="2" R="([Pp][Aa][Rr][Aa][Ll][Ll][Ee][Ll][Ss])"> <S T="1" F="1" M="Ignore" /> </SR> </S> <C T="W"


                                                                                                                                                                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination Port
                                                                                                                                                                                                                                                                                                                132192.168.2.46313213.107.246.60443
                                                                                                                                                                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                2024-10-04 14:01:10 UTC192OUTGET /rules/rule120664v0s19.xml HTTP/1.1
                                                                                                                                                                                                                                                                                                                Connection: Keep-Alive
                                                                                                                                                                                                                                                                                                                Accept-Encoding: gzip
                                                                                                                                                                                                                                                                                                                User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
                                                                                                                                                                                                                                                                                                                Host: otelrules.azureedge.net
                                                                                                                                                                                                                                                                                                                2024-10-04 14:01:10 UTC470INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                Date: Fri, 04 Oct 2024 14:01:10 GMT
                                                                                                                                                                                                                                                                                                                Content-Type: text/xml
                                                                                                                                                                                                                                                                                                                Content-Length: 502
                                                                                                                                                                                                                                                                                                                Connection: close
                                                                                                                                                                                                                                                                                                                Cache-Control: public, max-age=604800, immutable
                                                                                                                                                                                                                                                                                                                Last-Modified: Tue, 09 Apr 2024 00:26:35 GMT
                                                                                                                                                                                                                                                                                                                ETag: "0x8DC582BB6A0D312"
                                                                                                                                                                                                                                                                                                                x-ms-request-id: 801e2bd2-b01e-0021-6a8c-15cab7000000
                                                                                                                                                                                                                                                                                                                x-ms-version: 2018-03-28
                                                                                                                                                                                                                                                                                                                x-azure-ref: 20241004T140110Z-15767c5fc55lghvzbxktxfqntw0000000cdg000000001t9m
                                                                                                                                                                                                                                                                                                                x-fd-int-roxy-purgeid: 0
                                                                                                                                                                                                                                                                                                                X-Cache: TCP_HIT
                                                                                                                                                                                                                                                                                                                Accept-Ranges: bytes
                                                                                                                                                                                                                                                                                                                2024-10-04 14:01:10 UTC502INData Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 36 34 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 36 33 22 20 2f 3e 0d 0a 20 20 20 20 3c 54 48 20 54 3d 22 32 22 3e 0d 0a 20 20 20 20 20 20 3c 4f 20 54 3d 22 45 51 22 3e 0d 0a 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 55 20 54 3d 22 45 71 75 61 6c 73 4e 75 6c 6c 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 30 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 20 20
                                                                                                                                                                                                                                                                                                                Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120664" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120663" /> <TH T="2"> <O T="EQ"> <L> <U T="EqualsNull"> <S T="1" F="0" M="Ignore" />


                                                                                                                                                                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                                133192.168.2.46313545.32.1.234437872C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                2024-10-04 14:01:10 UTC544OUTGET /api/api.php HTTP/1.1
                                                                                                                                                                                                                                                                                                                Host: pcapp.store
                                                                                                                                                                                                                                                                                                                Connection: keep-alive
                                                                                                                                                                                                                                                                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36
                                                                                                                                                                                                                                                                                                                Accept: */*
                                                                                                                                                                                                                                                                                                                Sec-Fetch-Site: none
                                                                                                                                                                                                                                                                                                                Sec-Fetch-Mode: cors
                                                                                                                                                                                                                                                                                                                Sec-Fetch-Dest: empty
                                                                                                                                                                                                                                                                                                                Accept-Encoding: gzip, deflate, br
                                                                                                                                                                                                                                                                                                                Accept-Language: en-US,en;q=0.9
                                                                                                                                                                                                                                                                                                                Cookie: _fcid=1728048003008516; _gcl_au=1.1.1413056622.1728050423; _ga=GA1.1.1613511744.1728050423; guid=71434D56-1548-ED3D-AEE6-C75AECD93BF0; _ga_VFQWFX3X1C=GS1.1.1728050423.1.0.1728050423.60.0.0
                                                                                                                                                                                                                                                                                                                2024-10-04 14:01:10 UTC211INHTTP/1.1 404 Not Found
                                                                                                                                                                                                                                                                                                                Server: nginx
                                                                                                                                                                                                                                                                                                                Date: Fri, 04 Oct 2024 14:01:10 GMT
                                                                                                                                                                                                                                                                                                                Content-Type: text/html; charset=UTF-8
                                                                                                                                                                                                                                                                                                                Transfer-Encoding: chunked
                                                                                                                                                                                                                                                                                                                Connection: close
                                                                                                                                                                                                                                                                                                                Vary: Accept-Encoding
                                                                                                                                                                                                                                                                                                                Vary: Accept-Encoding
                                                                                                                                                                                                                                                                                                                2024-10-04 14:01:10 UTC5INData Raw: 30 0d 0a 0d 0a
                                                                                                                                                                                                                                                                                                                Data Ascii: 0


                                                                                                                                                                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination Port
                                                                                                                                                                                                                                                                                                                134192.168.2.46313313.107.246.60443
                                                                                                                                                                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                2024-10-04 14:01:10 UTC192OUTGET /rules/rule120665v0s19.xml HTTP/1.1
                                                                                                                                                                                                                                                                                                                Connection: Keep-Alive
                                                                                                                                                                                                                                                                                                                Accept-Encoding: gzip
                                                                                                                                                                                                                                                                                                                User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
                                                                                                                                                                                                                                                                                                                Host: otelrules.azureedge.net
                                                                                                                                                                                                                                                                                                                2024-10-04 14:01:10 UTC470INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                Date: Fri, 04 Oct 2024 14:01:10 GMT
                                                                                                                                                                                                                                                                                                                Content-Type: text/xml
                                                                                                                                                                                                                                                                                                                Content-Length: 407
                                                                                                                                                                                                                                                                                                                Connection: close
                                                                                                                                                                                                                                                                                                                Cache-Control: public, max-age=604800, immutable
                                                                                                                                                                                                                                                                                                                Last-Modified: Tue, 09 Apr 2024 00:25:52 GMT
                                                                                                                                                                                                                                                                                                                ETag: "0x8DC582B9D30478D"
                                                                                                                                                                                                                                                                                                                x-ms-request-id: 285c7e33-c01e-008e-718c-157381000000
                                                                                                                                                                                                                                                                                                                x-ms-version: 2018-03-28
                                                                                                                                                                                                                                                                                                                x-azure-ref: 20241004T140110Z-15767c5fc55gq5fmm10nm5qqr80000000ctg000000006bzf
                                                                                                                                                                                                                                                                                                                x-fd-int-roxy-purgeid: 0
                                                                                                                                                                                                                                                                                                                X-Cache: TCP_HIT
                                                                                                                                                                                                                                                                                                                Accept-Ranges: bytes
                                                                                                                                                                                                                                                                                                                2024-10-04 14:01:10 UTC407INData Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 36 35 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 36 33 22 20 2f 3e 0d 0a 20 20 20 20 3c 53 52 20 54 3d 22 32 22 20 52 3d 22 28 5b 50 70 5d 5b 53 73 5d 5b 53 73 5d 5b 43 63 5d 29 22 3e 0d 0a 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 31 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 3c 2f 53 52 3e 0d 0a 20 20 3c 2f 53 3e 0d 0a 20 20 3c 43 20 54 3d 22 57 22 20 49 3d 22 30 22 20 4f 3d 22 74 72 75 65 22 3e 0d 0a 20 20 20
                                                                                                                                                                                                                                                                                                                Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120665" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120663" /> <SR T="2" R="([Pp][Ss][Ss][Cc])"> <S T="1" F="1" M="Ignore" /> </SR> </S> <C T="W" I="0" O="true">


                                                                                                                                                                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination Port
                                                                                                                                                                                                                                                                                                                135192.168.2.46313413.107.246.60443
                                                                                                                                                                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                2024-10-04 14:01:10 UTC192OUTGET /rules/rule120666v0s19.xml HTTP/1.1
                                                                                                                                                                                                                                                                                                                Connection: Keep-Alive
                                                                                                                                                                                                                                                                                                                Accept-Encoding: gzip
                                                                                                                                                                                                                                                                                                                User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
                                                                                                                                                                                                                                                                                                                Host: otelrules.azureedge.net
                                                                                                                                                                                                                                                                                                                2024-10-04 14:01:10 UTC470INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                Date: Fri, 04 Oct 2024 14:01:10 GMT
                                                                                                                                                                                                                                                                                                                Content-Type: text/xml
                                                                                                                                                                                                                                                                                                                Content-Length: 474
                                                                                                                                                                                                                                                                                                                Connection: close
                                                                                                                                                                                                                                                                                                                Cache-Control: public, max-age=604800, immutable
                                                                                                                                                                                                                                                                                                                Last-Modified: Tue, 09 Apr 2024 00:26:30 GMT
                                                                                                                                                                                                                                                                                                                ETag: "0x8DC582BB3F48DAE"
                                                                                                                                                                                                                                                                                                                x-ms-request-id: 1cc309a5-e01e-0071-358c-1508e7000000
                                                                                                                                                                                                                                                                                                                x-ms-version: 2018-03-28
                                                                                                                                                                                                                                                                                                                x-azure-ref: 20241004T140110Z-15767c5fc55n4msds84xh4z67w000000066g00000000qyxy
                                                                                                                                                                                                                                                                                                                x-fd-int-roxy-purgeid: 0
                                                                                                                                                                                                                                                                                                                X-Cache: TCP_HIT
                                                                                                                                                                                                                                                                                                                Accept-Ranges: bytes
                                                                                                                                                                                                                                                                                                                2024-10-04 14:01:10 UTC474INData Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 36 36 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 36 35 22 20 2f 3e 0d 0a 20 20 20 20 3c 54 48 20 54 3d 22 32 22 3e 0d 0a 20 20 20 20 20 20 3c 4f 20 54 3d 22 45 51 22 3e 0d 0a 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 55 20 54 3d 22 45 71 75 61 6c 73 4e 75 6c 6c 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 30 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 20 20
                                                                                                                                                                                                                                                                                                                Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120666" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120665" /> <TH T="2"> <O T="EQ"> <L> <U T="EqualsNull"> <S T="1" F="0" M="Ignore" />


                                                                                                                                                                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination Port
                                                                                                                                                                                                                                                                                                                136192.168.2.46313713.107.246.60443
                                                                                                                                                                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                2024-10-04 14:01:10 UTC192OUTGET /rules/rule120668v0s19.xml HTTP/1.1
                                                                                                                                                                                                                                                                                                                Connection: Keep-Alive
                                                                                                                                                                                                                                                                                                                Accept-Encoding: gzip
                                                                                                                                                                                                                                                                                                                User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
                                                                                                                                                                                                                                                                                                                Host: otelrules.azureedge.net
                                                                                                                                                                                                                                                                                                                2024-10-04 14:01:10 UTC470INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                Date: Fri, 04 Oct 2024 14:01:10 GMT
                                                                                                                                                                                                                                                                                                                Content-Type: text/xml
                                                                                                                                                                                                                                                                                                                Content-Length: 469
                                                                                                                                                                                                                                                                                                                Connection: close
                                                                                                                                                                                                                                                                                                                Cache-Control: public, max-age=604800, immutable
                                                                                                                                                                                                                                                                                                                Last-Modified: Tue, 09 Apr 2024 00:26:30 GMT
                                                                                                                                                                                                                                                                                                                ETag: "0x8DC582BB3CAEBB8"
                                                                                                                                                                                                                                                                                                                x-ms-request-id: 6a902a44-301e-005d-788c-15e448000000
                                                                                                                                                                                                                                                                                                                x-ms-version: 2018-03-28
                                                                                                                                                                                                                                                                                                                x-azure-ref: 20241004T140110Z-15767c5fc55lghvzbxktxfqntw0000000cbg00000000931n
                                                                                                                                                                                                                                                                                                                x-fd-int-roxy-purgeid: 0
                                                                                                                                                                                                                                                                                                                X-Cache: TCP_HIT
                                                                                                                                                                                                                                                                                                                Accept-Ranges: bytes
                                                                                                                                                                                                                                                                                                                2024-10-04 14:01:10 UTC469INData Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 36 38 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 36 37 22 20 2f 3e 0d 0a 20 20 20 20 3c 54 48 20 54 3d 22 32 22 3e 0d 0a 20 20 20 20 20 20 3c 4f 20 54 3d 22 45 51 22 3e 0d 0a 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 55 20 54 3d 22 45 71 75 61 6c 73 4e 75 6c 6c 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 30 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 20 20
                                                                                                                                                                                                                                                                                                                Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120668" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120667" /> <TH T="2"> <O T="EQ"> <L> <U T="EqualsNull"> <S T="1" F="0" M="Ignore" />


                                                                                                                                                                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination Port
                                                                                                                                                                                                                                                                                                                137192.168.2.46313613.107.246.60443
                                                                                                                                                                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                2024-10-04 14:01:10 UTC192OUTGET /rules/rule120667v0s19.xml HTTP/1.1
                                                                                                                                                                                                                                                                                                                Connection: Keep-Alive
                                                                                                                                                                                                                                                                                                                Accept-Encoding: gzip
                                                                                                                                                                                                                                                                                                                User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
                                                                                                                                                                                                                                                                                                                Host: otelrules.azureedge.net
                                                                                                                                                                                                                                                                                                                2024-10-04 14:01:10 UTC470INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                Date: Fri, 04 Oct 2024 14:01:10 GMT
                                                                                                                                                                                                                                                                                                                Content-Type: text/xml
                                                                                                                                                                                                                                                                                                                Content-Length: 408
                                                                                                                                                                                                                                                                                                                Connection: close
                                                                                                                                                                                                                                                                                                                Cache-Control: public, max-age=604800, immutable
                                                                                                                                                                                                                                                                                                                Last-Modified: Tue, 09 Apr 2024 00:26:40 GMT
                                                                                                                                                                                                                                                                                                                ETag: "0x8DC582BB9B6040B"
                                                                                                                                                                                                                                                                                                                x-ms-request-id: 04c46130-501e-0064-028c-151f54000000
                                                                                                                                                                                                                                                                                                                x-ms-version: 2018-03-28
                                                                                                                                                                                                                                                                                                                x-azure-ref: 20241004T140110Z-15767c5fc552g4w83buhsr3htc0000000cn000000000ed8x
                                                                                                                                                                                                                                                                                                                x-fd-int-roxy-purgeid: 0
                                                                                                                                                                                                                                                                                                                X-Cache: TCP_HIT
                                                                                                                                                                                                                                                                                                                Accept-Ranges: bytes
                                                                                                                                                                                                                                                                                                                2024-10-04 14:01:10 UTC408INData Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 36 37 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 36 35 22 20 2f 3e 0d 0a 20 20 20 20 3c 53 52 20 54 3d 22 32 22 20 52 3d 22 5e 28 5b 51 71 5d 5b 45 65 5d 5b 4d 6d 5d 5b 55 75 5d 29 22 3e 0d 0a 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 31 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 3c 2f 53 52 3e 0d 0a 20 20 3c 2f 53 3e 0d 0a 20 20 3c 43 20 54 3d 22 57 22 20 49 3d 22 30 22 20 4f 3d 22 74 72 75 65 22 3e 0d 0a 20 20
                                                                                                                                                                                                                                                                                                                Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120667" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120665" /> <SR T="2" R="^([Qq][Ee][Mm][Uu])"> <S T="1" F="1" M="Ignore" /> </SR> </S> <C T="W" I="0" O="true">


                                                                                                                                                                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination Port
                                                                                                                                                                                                                                                                                                                138192.168.2.46313813.107.246.60443
                                                                                                                                                                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                2024-10-04 14:01:10 UTC192OUTGET /rules/rule120669v0s19.xml HTTP/1.1
                                                                                                                                                                                                                                                                                                                Connection: Keep-Alive
                                                                                                                                                                                                                                                                                                                Accept-Encoding: gzip
                                                                                                                                                                                                                                                                                                                User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
                                                                                                                                                                                                                                                                                                                Host: otelrules.azureedge.net
                                                                                                                                                                                                                                                                                                                2024-10-04 14:01:11 UTC470INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                Date: Fri, 04 Oct 2024 14:01:11 GMT
                                                                                                                                                                                                                                                                                                                Content-Type: text/xml
                                                                                                                                                                                                                                                                                                                Content-Length: 416
                                                                                                                                                                                                                                                                                                                Connection: close
                                                                                                                                                                                                                                                                                                                Cache-Control: public, max-age=604800, immutable
                                                                                                                                                                                                                                                                                                                Last-Modified: Tue, 09 Apr 2024 00:26:32 GMT
                                                                                                                                                                                                                                                                                                                ETag: "0x8DC582BB5284CCE"
                                                                                                                                                                                                                                                                                                                x-ms-request-id: 15fe14b4-a01e-0002-638c-155074000000
                                                                                                                                                                                                                                                                                                                x-ms-version: 2018-03-28
                                                                                                                                                                                                                                                                                                                x-azure-ref: 20241004T140111Z-15767c5fc55gq5fmm10nm5qqr80000000ctg000000006c0u
                                                                                                                                                                                                                                                                                                                x-fd-int-roxy-purgeid: 0
                                                                                                                                                                                                                                                                                                                X-Cache: TCP_HIT
                                                                                                                                                                                                                                                                                                                Accept-Ranges: bytes
                                                                                                                                                                                                                                                                                                                2024-10-04 14:01:11 UTC416INData Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 36 39 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 36 37 22 20 2f 3e 0d 0a 20 20 20 20 3c 53 52 20 54 3d 22 32 22 20 52 3d 22 28 5b 52 72 5d 5b 45 65 5d 5b 44 64 5d 20 5b 48 68 5d 5b 41 61 5d 5b 54 74 5d 29 22 3e 0d 0a 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 31 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 3c 2f 53 52 3e 0d 0a 20 20 3c 2f 53 3e 0d 0a 20 20 3c 43 20 54 3d 22 57 22 20 49 3d 22 30 22 20 4f 3d 22 74 72
                                                                                                                                                                                                                                                                                                                Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120669" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120667" /> <SR T="2" R="([Rr][Ee][Dd] [Hh][Aa][Tt])"> <S T="1" F="1" M="Ignore" /> </SR> </S> <C T="W" I="0" O="tr


                                                                                                                                                                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination Port
                                                                                                                                                                                                                                                                                                                139192.168.2.46313913.107.246.60443
                                                                                                                                                                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                2024-10-04 14:01:11 UTC192OUTGET /rules/rule120670v0s19.xml HTTP/1.1
                                                                                                                                                                                                                                                                                                                Connection: Keep-Alive
                                                                                                                                                                                                                                                                                                                Accept-Encoding: gzip
                                                                                                                                                                                                                                                                                                                User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
                                                                                                                                                                                                                                                                                                                Host: otelrules.azureedge.net
                                                                                                                                                                                                                                                                                                                2024-10-04 14:01:11 UTC470INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                Date: Fri, 04 Oct 2024 14:01:11 GMT
                                                                                                                                                                                                                                                                                                                Content-Type: text/xml
                                                                                                                                                                                                                                                                                                                Content-Length: 472
                                                                                                                                                                                                                                                                                                                Connection: close
                                                                                                                                                                                                                                                                                                                Cache-Control: public, max-age=604800, immutable
                                                                                                                                                                                                                                                                                                                Last-Modified: Tue, 09 Apr 2024 00:25:33 GMT
                                                                                                                                                                                                                                                                                                                ETag: "0x8DC582B91EAD002"
                                                                                                                                                                                                                                                                                                                x-ms-request-id: 4da5c882-a01e-0070-628c-15573b000000
                                                                                                                                                                                                                                                                                                                x-ms-version: 2018-03-28
                                                                                                                                                                                                                                                                                                                x-azure-ref: 20241004T140111Z-15767c5fc55dtdv4d4saq7t47n0000000cc000000000fkqq
                                                                                                                                                                                                                                                                                                                x-fd-int-roxy-purgeid: 0
                                                                                                                                                                                                                                                                                                                X-Cache: TCP_HIT
                                                                                                                                                                                                                                                                                                                Accept-Ranges: bytes
                                                                                                                                                                                                                                                                                                                2024-10-04 14:01:11 UTC472INData Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 37 30 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 36 39 22 20 2f 3e 0d 0a 20 20 20 20 3c 54 48 20 54 3d 22 32 22 3e 0d 0a 20 20 20 20 20 20 3c 4f 20 54 3d 22 45 51 22 3e 0d 0a 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 55 20 54 3d 22 45 71 75 61 6c 73 4e 75 6c 6c 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 30 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 20 20
                                                                                                                                                                                                                                                                                                                Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120670" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120669" /> <TH T="2"> <O T="EQ"> <L> <U T="EqualsNull"> <S T="1" F="0" M="Ignore" />


                                                                                                                                                                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination Port
                                                                                                                                                                                                                                                                                                                140192.168.2.46314013.107.246.60443
                                                                                                                                                                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                2024-10-04 14:01:11 UTC192OUTGET /rules/rule120671v0s19.xml HTTP/1.1
                                                                                                                                                                                                                                                                                                                Connection: Keep-Alive
                                                                                                                                                                                                                                                                                                                Accept-Encoding: gzip
                                                                                                                                                                                                                                                                                                                User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
                                                                                                                                                                                                                                                                                                                Host: otelrules.azureedge.net
                                                                                                                                                                                                                                                                                                                2024-10-04 14:01:11 UTC470INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                Date: Fri, 04 Oct 2024 14:01:11 GMT
                                                                                                                                                                                                                                                                                                                Content-Type: text/xml
                                                                                                                                                                                                                                                                                                                Content-Length: 432
                                                                                                                                                                                                                                                                                                                Connection: close
                                                                                                                                                                                                                                                                                                                Cache-Control: public, max-age=604800, immutable
                                                                                                                                                                                                                                                                                                                Last-Modified: Tue, 09 Apr 2024 00:26:15 GMT
                                                                                                                                                                                                                                                                                                                ETag: "0x8DC582BAABA2A10"
                                                                                                                                                                                                                                                                                                                x-ms-request-id: 15fe1592-a01e-0002-378c-155074000000
                                                                                                                                                                                                                                                                                                                x-ms-version: 2018-03-28
                                                                                                                                                                                                                                                                                                                x-azure-ref: 20241004T140111Z-15767c5fc55v7j95gq2uzq37a00000000crg00000000qt2q
                                                                                                                                                                                                                                                                                                                x-fd-int-roxy-purgeid: 0
                                                                                                                                                                                                                                                                                                                X-Cache: TCP_HIT
                                                                                                                                                                                                                                                                                                                Accept-Ranges: bytes
                                                                                                                                                                                                                                                                                                                2024-10-04 14:01:11 UTC432INData Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 37 31 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 36 39 22 20 2f 3e 0d 0a 20 20 20 20 3c 53 52 20 54 3d 22 32 22 20 52 3d 22 5e 28 5b 53 73 5d 5b 55 75 5d 5b 50 70 5d 5b 45 65 5d 5b 52 72 5d 5b 4d 6d 5d 5b 49 69 5d 5b 43 63 5d 5b 52 72 5d 5b 4f 6f 5d 29 22 3e 0d 0a 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 31 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 3c 2f 53 52 3e 0d 0a 20 20 3c 2f 53 3e 0d 0a 20 20 3c 43 20 54
                                                                                                                                                                                                                                                                                                                Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120671" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120669" /> <SR T="2" R="^([Ss][Uu][Pp][Ee][Rr][Mm][Ii][Cc][Rr][Oo])"> <S T="1" F="1" M="Ignore" /> </SR> </S> <C T


                                                                                                                                                                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination Port
                                                                                                                                                                                                                                                                                                                141192.168.2.46314113.107.246.60443
                                                                                                                                                                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                2024-10-04 14:01:11 UTC192OUTGET /rules/rule120672v0s19.xml HTTP/1.1
                                                                                                                                                                                                                                                                                                                Connection: Keep-Alive
                                                                                                                                                                                                                                                                                                                Accept-Encoding: gzip
                                                                                                                                                                                                                                                                                                                User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
                                                                                                                                                                                                                                                                                                                Host: otelrules.azureedge.net
                                                                                                                                                                                                                                                                                                                2024-10-04 14:01:11 UTC470INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                Date: Fri, 04 Oct 2024 14:01:11 GMT
                                                                                                                                                                                                                                                                                                                Content-Type: text/xml
                                                                                                                                                                                                                                                                                                                Content-Length: 475
                                                                                                                                                                                                                                                                                                                Connection: close
                                                                                                                                                                                                                                                                                                                Cache-Control: public, max-age=604800, immutable
                                                                                                                                                                                                                                                                                                                Last-Modified: Tue, 09 Apr 2024 00:26:41 GMT
                                                                                                                                                                                                                                                                                                                ETag: "0x8DC582BBA740822"
                                                                                                                                                                                                                                                                                                                x-ms-request-id: b9a19b13-401e-0078-148c-154d34000000
                                                                                                                                                                                                                                                                                                                x-ms-version: 2018-03-28
                                                                                                                                                                                                                                                                                                                x-azure-ref: 20241004T140111Z-15767c5fc55gq5fmm10nm5qqr80000000cu0000000004w6u
                                                                                                                                                                                                                                                                                                                x-fd-int-roxy-purgeid: 0
                                                                                                                                                                                                                                                                                                                X-Cache: TCP_HIT
                                                                                                                                                                                                                                                                                                                Accept-Ranges: bytes
                                                                                                                                                                                                                                                                                                                2024-10-04 14:01:11 UTC475INData Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 37 32 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 37 31 22 20 2f 3e 0d 0a 20 20 20 20 3c 54 48 20 54 3d 22 32 22 3e 0d 0a 20 20 20 20 20 20 3c 4f 20 54 3d 22 45 51 22 3e 0d 0a 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 55 20 54 3d 22 45 71 75 61 6c 73 4e 75 6c 6c 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 30 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 20 20
                                                                                                                                                                                                                                                                                                                Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120672" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120671" /> <TH T="2"> <O T="EQ"> <L> <U T="EqualsNull"> <S T="1" F="0" M="Ignore" />


                                                                                                                                                                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination Port
                                                                                                                                                                                                                                                                                                                142192.168.2.46314213.107.246.60443
                                                                                                                                                                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                2024-10-04 14:01:11 UTC192OUTGET /rules/rule120673v0s19.xml HTTP/1.1
                                                                                                                                                                                                                                                                                                                Connection: Keep-Alive
                                                                                                                                                                                                                                                                                                                Accept-Encoding: gzip
                                                                                                                                                                                                                                                                                                                User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
                                                                                                                                                                                                                                                                                                                Host: otelrules.azureedge.net
                                                                                                                                                                                                                                                                                                                2024-10-04 14:01:11 UTC470INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                Date: Fri, 04 Oct 2024 14:01:11 GMT
                                                                                                                                                                                                                                                                                                                Content-Type: text/xml
                                                                                                                                                                                                                                                                                                                Content-Length: 427
                                                                                                                                                                                                                                                                                                                Connection: close
                                                                                                                                                                                                                                                                                                                Cache-Control: public, max-age=604800, immutable
                                                                                                                                                                                                                                                                                                                Last-Modified: Tue, 09 Apr 2024 00:26:31 GMT
                                                                                                                                                                                                                                                                                                                ETag: "0x8DC582BB464F255"
                                                                                                                                                                                                                                                                                                                x-ms-request-id: 9bed6e8e-001e-0046-5b8c-15da4b000000
                                                                                                                                                                                                                                                                                                                x-ms-version: 2018-03-28
                                                                                                                                                                                                                                                                                                                x-azure-ref: 20241004T140111Z-15767c5fc55qdcd62bsn50hd6s0000000cb000000000msr0
                                                                                                                                                                                                                                                                                                                x-fd-int-roxy-purgeid: 0
                                                                                                                                                                                                                                                                                                                X-Cache: TCP_HIT
                                                                                                                                                                                                                                                                                                                Accept-Ranges: bytes
                                                                                                                                                                                                                                                                                                                2024-10-04 14:01:11 UTC427INData Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 37 33 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 37 31 22 20 2f 3e 0d 0a 20 20 20 20 3c 53 52 20 54 3d 22 32 22 20 52 3d 22 28 5b 54 74 5d 5b 48 68 5d 5b 49 69 5d 5b 4e 6e 5d 5b 50 70 5d 5b 55 75 5d 5b 54 74 5d 5b 45 65 5d 5b 52 72 5d 29 22 3e 0d 0a 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 31 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 3c 2f 53 52 3e 0d 0a 20 20 3c 2f 53 3e 0d 0a 20 20 3c 43 20 54 3d 22 57 22 20
                                                                                                                                                                                                                                                                                                                Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120673" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120671" /> <SR T="2" R="([Tt][Hh][Ii][Nn][Pp][Uu][Tt][Ee][Rr])"> <S T="1" F="1" M="Ignore" /> </SR> </S> <C T="W"


                                                                                                                                                                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination Port
                                                                                                                                                                                                                                                                                                                143192.168.2.46314313.107.246.60443
                                                                                                                                                                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                2024-10-04 14:01:11 UTC192OUTGET /rules/rule120674v0s19.xml HTTP/1.1
                                                                                                                                                                                                                                                                                                                Connection: Keep-Alive
                                                                                                                                                                                                                                                                                                                Accept-Encoding: gzip
                                                                                                                                                                                                                                                                                                                User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
                                                                                                                                                                                                                                                                                                                Host: otelrules.azureedge.net
                                                                                                                                                                                                                                                                                                                2024-10-04 14:01:11 UTC470INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                Date: Fri, 04 Oct 2024 14:01:11 GMT
                                                                                                                                                                                                                                                                                                                Content-Type: text/xml
                                                                                                                                                                                                                                                                                                                Content-Length: 474
                                                                                                                                                                                                                                                                                                                Connection: close
                                                                                                                                                                                                                                                                                                                Cache-Control: public, max-age=604800, immutable
                                                                                                                                                                                                                                                                                                                Last-Modified: Tue, 09 Apr 2024 00:26:03 GMT
                                                                                                                                                                                                                                                                                                                ETag: "0x8DC582BA4037B0D"
                                                                                                                                                                                                                                                                                                                x-ms-request-id: e08726cd-901e-00a0-738c-156a6d000000
                                                                                                                                                                                                                                                                                                                x-ms-version: 2018-03-28
                                                                                                                                                                                                                                                                                                                x-azure-ref: 20241004T140111Z-15767c5fc55852fxfeh7csa2dn0000000cm0000000006h5f
                                                                                                                                                                                                                                                                                                                x-fd-int-roxy-purgeid: 0
                                                                                                                                                                                                                                                                                                                X-Cache: TCP_HIT
                                                                                                                                                                                                                                                                                                                Accept-Ranges: bytes
                                                                                                                                                                                                                                                                                                                2024-10-04 14:01:11 UTC474INData Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 37 34 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 37 33 22 20 2f 3e 0d 0a 20 20 20 20 3c 54 48 20 54 3d 22 32 22 3e 0d 0a 20 20 20 20 20 20 3c 4f 20 54 3d 22 45 51 22 3e 0d 0a 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 55 20 54 3d 22 45 71 75 61 6c 73 4e 75 6c 6c 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 30 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 20 20
                                                                                                                                                                                                                                                                                                                Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120674" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120673" /> <TH T="2"> <O T="EQ"> <L> <U T="EqualsNull"> <S T="1" F="0" M="Ignore" />


                                                                                                                                                                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination Port
                                                                                                                                                                                                                                                                                                                144192.168.2.46314513.107.246.60443
                                                                                                                                                                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                2024-10-04 14:01:12 UTC192OUTGET /rules/rule120675v0s19.xml HTTP/1.1
                                                                                                                                                                                                                                                                                                                Connection: Keep-Alive
                                                                                                                                                                                                                                                                                                                Accept-Encoding: gzip
                                                                                                                                                                                                                                                                                                                User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
                                                                                                                                                                                                                                                                                                                Host: otelrules.azureedge.net
                                                                                                                                                                                                                                                                                                                2024-10-04 14:01:12 UTC470INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                Date: Fri, 04 Oct 2024 14:01:12 GMT
                                                                                                                                                                                                                                                                                                                Content-Type: text/xml
                                                                                                                                                                                                                                                                                                                Content-Length: 419
                                                                                                                                                                                                                                                                                                                Connection: close
                                                                                                                                                                                                                                                                                                                Cache-Control: public, max-age=604800, immutable
                                                                                                                                                                                                                                                                                                                Last-Modified: Tue, 09 Apr 2024 00:26:08 GMT
                                                                                                                                                                                                                                                                                                                ETag: "0x8DC582BA6CF78C8"
                                                                                                                                                                                                                                                                                                                x-ms-request-id: 766164d5-c01e-0082-668c-15af72000000
                                                                                                                                                                                                                                                                                                                x-ms-version: 2018-03-28
                                                                                                                                                                                                                                                                                                                x-azure-ref: 20241004T140112Z-15767c5fc55jdxmppy6cmd24bn00000004sg00000000n59m
                                                                                                                                                                                                                                                                                                                x-fd-int-roxy-purgeid: 0
                                                                                                                                                                                                                                                                                                                X-Cache: TCP_HIT
                                                                                                                                                                                                                                                                                                                Accept-Ranges: bytes
                                                                                                                                                                                                                                                                                                                2024-10-04 14:01:12 UTC419INData Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 37 35 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 37 33 22 20 2f 3e 0d 0a 20 20 20 20 3c 53 52 20 54 3d 22 32 22 20 52 3d 22 28 5b 55 75 5d 5b 50 70 5d 5b 43 63 5d 5b 4c 6c 5d 5b 4f 6f 5d 5b 55 75 5d 5b 44 64 5d 29 22 3e 0d 0a 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 31 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 3c 2f 53 52 3e 0d 0a 20 20 3c 2f 53 3e 0d 0a 20 20 3c 43 20 54 3d 22 57 22 20 49 3d 22 30 22 20 4f 3d
                                                                                                                                                                                                                                                                                                                Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120675" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120673" /> <SR T="2" R="([Uu][Pp][Cc][Ll][Oo][Uu][Dd])"> <S T="1" F="1" M="Ignore" /> </SR> </S> <C T="W" I="0" O=


                                                                                                                                                                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination Port
                                                                                                                                                                                                                                                                                                                145192.168.2.46314413.107.246.60443
                                                                                                                                                                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                2024-10-04 14:01:12 UTC192OUTGET /rules/rule120676v0s19.xml HTTP/1.1
                                                                                                                                                                                                                                                                                                                Connection: Keep-Alive
                                                                                                                                                                                                                                                                                                                Accept-Encoding: gzip
                                                                                                                                                                                                                                                                                                                User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
                                                                                                                                                                                                                                                                                                                Host: otelrules.azureedge.net
                                                                                                                                                                                                                                                                                                                2024-10-04 14:01:12 UTC470INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                Date: Fri, 04 Oct 2024 14:01:12 GMT
                                                                                                                                                                                                                                                                                                                Content-Type: text/xml
                                                                                                                                                                                                                                                                                                                Content-Length: 472
                                                                                                                                                                                                                                                                                                                Connection: close
                                                                                                                                                                                                                                                                                                                Cache-Control: public, max-age=604800, immutable
                                                                                                                                                                                                                                                                                                                Last-Modified: Tue, 09 Apr 2024 00:25:44 GMT
                                                                                                                                                                                                                                                                                                                ETag: "0x8DC582B984BF177"
                                                                                                                                                                                                                                                                                                                x-ms-request-id: dcc4dd0d-f01e-0099-7c8c-159171000000
                                                                                                                                                                                                                                                                                                                x-ms-version: 2018-03-28
                                                                                                                                                                                                                                                                                                                x-azure-ref: 20241004T140112Z-15767c5fc552g4w83buhsr3htc0000000cq0000000007n2k
                                                                                                                                                                                                                                                                                                                x-fd-int-roxy-purgeid: 0
                                                                                                                                                                                                                                                                                                                X-Cache: TCP_HIT
                                                                                                                                                                                                                                                                                                                Accept-Ranges: bytes
                                                                                                                                                                                                                                                                                                                2024-10-04 14:01:12 UTC472INData Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 37 36 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 37 35 22 20 2f 3e 0d 0a 20 20 20 20 3c 54 48 20 54 3d 22 32 22 3e 0d 0a 20 20 20 20 20 20 3c 4f 20 54 3d 22 45 51 22 3e 0d 0a 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 55 20 54 3d 22 45 71 75 61 6c 73 4e 75 6c 6c 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 30 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 20 20
                                                                                                                                                                                                                                                                                                                Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120676" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120675" /> <TH T="2"> <O T="EQ"> <L> <U T="EqualsNull"> <S T="1" F="0" M="Ignore" />


                                                                                                                                                                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination Port
                                                                                                                                                                                                                                                                                                                146192.168.2.46314713.107.246.60443
                                                                                                                                                                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                2024-10-04 14:01:12 UTC192OUTGET /rules/rule120678v0s19.xml HTTP/1.1
                                                                                                                                                                                                                                                                                                                Connection: Keep-Alive
                                                                                                                                                                                                                                                                                                                Accept-Encoding: gzip
                                                                                                                                                                                                                                                                                                                User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
                                                                                                                                                                                                                                                                                                                Host: otelrules.azureedge.net
                                                                                                                                                                                                                                                                                                                2024-10-04 14:01:12 UTC470INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                Date: Fri, 04 Oct 2024 14:01:12 GMT
                                                                                                                                                                                                                                                                                                                Content-Type: text/xml
                                                                                                                                                                                                                                                                                                                Content-Length: 468
                                                                                                                                                                                                                                                                                                                Connection: close
                                                                                                                                                                                                                                                                                                                Cache-Control: public, max-age=604800, immutable
                                                                                                                                                                                                                                                                                                                Last-Modified: Tue, 09 Apr 2024 00:26:41 GMT
                                                                                                                                                                                                                                                                                                                ETag: "0x8DC582BBA642BF4"
                                                                                                                                                                                                                                                                                                                x-ms-request-id: 4a2177bf-401e-00a3-638c-158b09000000
                                                                                                                                                                                                                                                                                                                x-ms-version: 2018-03-28
                                                                                                                                                                                                                                                                                                                x-azure-ref: 20241004T140112Z-15767c5fc55gq5fmm10nm5qqr80000000cu0000000004w7g
                                                                                                                                                                                                                                                                                                                x-fd-int-roxy-purgeid: 0
                                                                                                                                                                                                                                                                                                                X-Cache: TCP_HIT
                                                                                                                                                                                                                                                                                                                Accept-Ranges: bytes
                                                                                                                                                                                                                                                                                                                2024-10-04 14:01:12 UTC468INData Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 37 38 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 37 37 22 20 2f 3e 0d 0a 20 20 20 20 3c 54 48 20 54 3d 22 32 22 3e 0d 0a 20 20 20 20 20 20 3c 4f 20 54 3d 22 45 51 22 3e 0d 0a 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 55 20 54 3d 22 45 71 75 61 6c 73 4e 75 6c 6c 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 30 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 20 20
                                                                                                                                                                                                                                                                                                                Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120678" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120677" /> <TH T="2"> <O T="EQ"> <L> <U T="EqualsNull"> <S T="1" F="0" M="Ignore" />


                                                                                                                                                                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination Port
                                                                                                                                                                                                                                                                                                                147192.168.2.46314613.107.246.60443
                                                                                                                                                                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                2024-10-04 14:01:12 UTC192OUTGET /rules/rule120677v0s19.xml HTTP/1.1
                                                                                                                                                                                                                                                                                                                Connection: Keep-Alive
                                                                                                                                                                                                                                                                                                                Accept-Encoding: gzip
                                                                                                                                                                                                                                                                                                                User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
                                                                                                                                                                                                                                                                                                                Host: otelrules.azureedge.net
                                                                                                                                                                                                                                                                                                                2024-10-04 14:01:12 UTC470INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                Date: Fri, 04 Oct 2024 14:01:12 GMT
                                                                                                                                                                                                                                                                                                                Content-Type: text/xml
                                                                                                                                                                                                                                                                                                                Content-Length: 405
                                                                                                                                                                                                                                                                                                                Connection: close
                                                                                                                                                                                                                                                                                                                Cache-Control: public, max-age=604800, immutable
                                                                                                                                                                                                                                                                                                                Last-Modified: Tue, 09 Apr 2024 00:25:37 GMT
                                                                                                                                                                                                                                                                                                                ETag: "0x8DC582B942B6AFF"
                                                                                                                                                                                                                                                                                                                x-ms-request-id: d59d44fd-601e-003e-698c-153248000000
                                                                                                                                                                                                                                                                                                                x-ms-version: 2018-03-28
                                                                                                                                                                                                                                                                                                                x-azure-ref: 20241004T140112Z-15767c5fc55fdfx81a30vtr1fw0000000cy000000000g5q1
                                                                                                                                                                                                                                                                                                                x-fd-int-roxy-purgeid: 0
                                                                                                                                                                                                                                                                                                                X-Cache: TCP_HIT
                                                                                                                                                                                                                                                                                                                Accept-Ranges: bytes
                                                                                                                                                                                                                                                                                                                2024-10-04 14:01:12 UTC405INData Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 37 37 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 37 35 22 20 2f 3e 0d 0a 20 20 20 20 3c 53 52 20 54 3d 22 32 22 20 52 3d 22 28 5e 5b 58 78 5d 5b 45 65 5d 5b 4e 6e 5d 24 29 22 3e 0d 0a 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 31 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 3c 2f 53 52 3e 0d 0a 20 20 3c 2f 53 3e 0d 0a 20 20 3c 43 20 54 3d 22 57 22 20 49 3d 22 30 22 20 4f 3d 22 74 72 75 65 22 3e 0d 0a 20 20 20 20 3c
                                                                                                                                                                                                                                                                                                                Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120677" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120675" /> <SR T="2" R="(^[Xx][Ee][Nn]$)"> <S T="1" F="1" M="Ignore" /> </SR> </S> <C T="W" I="0" O="true"> <


                                                                                                                                                                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination Port
                                                                                                                                                                                                                                                                                                                148192.168.2.46314813.107.246.60443
                                                                                                                                                                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                2024-10-04 14:01:12 UTC192OUTGET /rules/rule120679v0s19.xml HTTP/1.1
                                                                                                                                                                                                                                                                                                                Connection: Keep-Alive
                                                                                                                                                                                                                                                                                                                Accept-Encoding: gzip
                                                                                                                                                                                                                                                                                                                User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
                                                                                                                                                                                                                                                                                                                Host: otelrules.azureedge.net
                                                                                                                                                                                                                                                                                                                2024-10-04 14:01:12 UTC470INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                Date: Fri, 04 Oct 2024 14:01:12 GMT
                                                                                                                                                                                                                                                                                                                Content-Type: text/xml
                                                                                                                                                                                                                                                                                                                Content-Length: 174
                                                                                                                                                                                                                                                                                                                Connection: close
                                                                                                                                                                                                                                                                                                                Cache-Control: public, max-age=604800, immutable
                                                                                                                                                                                                                                                                                                                Last-Modified: Tue, 09 Apr 2024 00:25:33 GMT
                                                                                                                                                                                                                                                                                                                ETag: "0x8DC582B91D80E15"
                                                                                                                                                                                                                                                                                                                x-ms-request-id: 4da5cae8-a01e-0070-0e8c-15573b000000
                                                                                                                                                                                                                                                                                                                x-ms-version: 2018-03-28
                                                                                                                                                                                                                                                                                                                x-azure-ref: 20241004T140112Z-15767c5fc554w2fgapsyvy8ua00000000c1000000000prgr
                                                                                                                                                                                                                                                                                                                x-fd-int-roxy-purgeid: 0
                                                                                                                                                                                                                                                                                                                X-Cache: TCP_HIT
                                                                                                                                                                                                                                                                                                                Accept-Ranges: bytes
                                                                                                                                                                                                                                                                                                                2024-10-04 14:01:12 UTC174INData Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 37 39 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 37 37 22 20 2f 3e 0d 0a 20 20 3c 2f 53 3e 0d 0a 20 20 3c 54 3e 0d 0a 20 20 20 20 3c 53 20 54 3d 22 31 22 20 2f 3e 0d 0a 20 20 3c 2f 54 3e 0d 0a 3c 2f 52 3e
                                                                                                                                                                                                                                                                                                                Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120679" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120677" /> </S> <T> <S T="1" /> </T></R>


                                                                                                                                                                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination Port
                                                                                                                                                                                                                                                                                                                149192.168.2.46315013.107.246.60443
                                                                                                                                                                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                2024-10-04 14:01:13 UTC192OUTGET /rules/rule120681v0s19.xml HTTP/1.1
                                                                                                                                                                                                                                                                                                                Connection: Keep-Alive
                                                                                                                                                                                                                                                                                                                Accept-Encoding: gzip
                                                                                                                                                                                                                                                                                                                User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
                                                                                                                                                                                                                                                                                                                Host: otelrules.azureedge.net
                                                                                                                                                                                                                                                                                                                2024-10-04 14:01:13 UTC470INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                Date: Fri, 04 Oct 2024 14:01:13 GMT
                                                                                                                                                                                                                                                                                                                Content-Type: text/xml
                                                                                                                                                                                                                                                                                                                Content-Length: 958
                                                                                                                                                                                                                                                                                                                Connection: close
                                                                                                                                                                                                                                                                                                                Cache-Control: public, max-age=604800, immutable
                                                                                                                                                                                                                                                                                                                Last-Modified: Tue, 09 Apr 2024 00:25:58 GMT
                                                                                                                                                                                                                                                                                                                ETag: "0x8DC582BA0A31B3B"
                                                                                                                                                                                                                                                                                                                x-ms-request-id: 8e9c9a52-201e-000c-6b8c-1579c4000000
                                                                                                                                                                                                                                                                                                                x-ms-version: 2018-03-28
                                                                                                                                                                                                                                                                                                                x-azure-ref: 20241004T140113Z-15767c5fc55kg97hfq5uqyxxaw0000000crg000000001mwa
                                                                                                                                                                                                                                                                                                                x-fd-int-roxy-purgeid: 0
                                                                                                                                                                                                                                                                                                                X-Cache: TCP_HIT
                                                                                                                                                                                                                                                                                                                Accept-Ranges: bytes
                                                                                                                                                                                                                                                                                                                2024-10-04 14:01:13 UTC958INData Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 38 31 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 44 43 61 3d 22 50 53 55 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 30 38 22 20 2f 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 32 22 20 52 3d 22 31 32 30 36 38 30 22 20 2f 3e 0d 0a 20 20 20 20 3c 54 48 20 54 3d 22 33 22 3e 0d 0a 20 20 20 20 20 20 3c 4f 20 54 3d 22 41 4e 44 22 3e 0d 0a 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 4f 20 54 3d 22 45 51 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a
                                                                                                                                                                                                                                                                                                                Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120681" V="0" DC="SM" T="Subrule" DCa="PSU" xmlns=""> <S> <R T="1" R="120608" /> <R T="2" R="120680" /> <TH T="3"> <O T="AND"> <L> <O T="EQ"> <L>


                                                                                                                                                                                                                                                                                                                Statistics

                                                                                                                                                                                                                                                                                                                CPU Usage

                                                                                                                                                                                                                                                                                                                Click to jump to process

                                                                                                                                                                                                                                                                                                                Memory Usage

                                                                                                                                                                                                                                                                                                                Click to jump to process

                                                                                                                                                                                                                                                                                                                High Level Behavior Distribution

                                                                                                                                                                                                                                                                                                                Click to dive into process behavior distribution

                                                                                                                                                                                                                                                                                                                Behavior

                                                                                                                                                                                                                                                                                                                Click to jump to process

                                                                                                                                                                                                                                                                                                                System Behavior

                                                                                                                                                                                                                                                                                                                General

                                                                                                                                                                                                                                                                                                                Target ID:0
                                                                                                                                                                                                                                                                                                                Start time:10:00:09
                                                                                                                                                                                                                                                                                                                Start date:04/10/2024
                                                                                                                                                                                                                                                                                                                Path:C:\Users\user\Desktop\Setup.exe
                                                                                                                                                                                                                                                                                                                Wow64 process (32bit):true
                                                                                                                                                                                                                                                                                                                Commandline:"C:\Users\user\Desktop\Setup.exe"
                                                                                                                                                                                                                                                                                                                Imagebase:0x400000
                                                                                                                                                                                                                                                                                                                File size:120'440 bytes
                                                                                                                                                                                                                                                                                                                MD5 hash:A496DAE5F3D0664308AA6A8284EBED86
                                                                                                                                                                                                                                                                                                                Has elevated privileges:true
                                                                                                                                                                                                                                                                                                                Has administrator privileges:true
                                                                                                                                                                                                                                                                                                                Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                                                                Reputation:low
                                                                                                                                                                                                                                                                                                                Has exited:true

                                                                                                                                                                                                                                                                                                                General

                                                                                                                                                                                                                                                                                                                Target ID:2
                                                                                                                                                                                                                                                                                                                Start time:10:00:17
                                                                                                                                                                                                                                                                                                                Start date:04/10/2024
                                                                                                                                                                                                                                                                                                                Path:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                                                                                                                                Wow64 process (32bit):false
                                                                                                                                                                                                                                                                                                                Commandline:"C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized --single-argument https://pcapp.store/installing.php?guid=71434D56-1548-ED3D-AEE6-C75AECD93BF0&winver=19045&version=fa.1091x&nocache=20241004100016.659&_fcid=1728048003008516
                                                                                                                                                                                                                                                                                                                Imagebase:0x7ff76e190000
                                                                                                                                                                                                                                                                                                                File size:3'242'272 bytes
                                                                                                                                                                                                                                                                                                                MD5 hash:45DE480806D1B5D462A7DDE4DCEFC4E4
                                                                                                                                                                                                                                                                                                                Has elevated privileges:true
                                                                                                                                                                                                                                                                                                                Has administrator privileges:true
                                                                                                                                                                                                                                                                                                                Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                                                                Reputation:high
                                                                                                                                                                                                                                                                                                                Has exited:false

                                                                                                                                                                                                                                                                                                                General

                                                                                                                                                                                                                                                                                                                Target ID:4
                                                                                                                                                                                                                                                                                                                Start time:10:00:18
                                                                                                                                                                                                                                                                                                                Start date:04/10/2024
                                                                                                                                                                                                                                                                                                                Path:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                                                                                                                                Wow64 process (32bit):false
                                                                                                                                                                                                                                                                                                                Commandline:"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2072 --field-trial-handle=1976,i,400288646878977216,18295332373340912217,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
                                                                                                                                                                                                                                                                                                                Imagebase:0x7ff76e190000
                                                                                                                                                                                                                                                                                                                File size:3'242'272 bytes
                                                                                                                                                                                                                                                                                                                MD5 hash:45DE480806D1B5D462A7DDE4DCEFC4E4
                                                                                                                                                                                                                                                                                                                Has elevated privileges:true
                                                                                                                                                                                                                                                                                                                Has administrator privileges:true
                                                                                                                                                                                                                                                                                                                Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                                                                Reputation:high
                                                                                                                                                                                                                                                                                                                Has exited:false

                                                                                                                                                                                                                                                                                                                General

                                                                                                                                                                                                                                                                                                                Target ID:8
                                                                                                                                                                                                                                                                                                                Start time:10:00:23
                                                                                                                                                                                                                                                                                                                Start date:04/10/2024
                                                                                                                                                                                                                                                                                                                Path:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                                                                                                                                Wow64 process (32bit):false
                                                                                                                                                                                                                                                                                                                Commandline:"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=5280 --field-trial-handle=1976,i,400288646878977216,18295332373340912217,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
                                                                                                                                                                                                                                                                                                                Imagebase:0x7ff76e190000
                                                                                                                                                                                                                                                                                                                File size:3'242'272 bytes
                                                                                                                                                                                                                                                                                                                MD5 hash:45DE480806D1B5D462A7DDE4DCEFC4E4
                                                                                                                                                                                                                                                                                                                Has elevated privileges:false
                                                                                                                                                                                                                                                                                                                Has administrator privileges:false
                                                                                                                                                                                                                                                                                                                Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                                                                Reputation:high
                                                                                                                                                                                                                                                                                                                Has exited:false

                                                                                                                                                                                                                                                                                                                General

                                                                                                                                                                                                                                                                                                                Target ID:9
                                                                                                                                                                                                                                                                                                                Start time:10:00:24
                                                                                                                                                                                                                                                                                                                Start date:04/10/2024
                                                                                                                                                                                                                                                                                                                Path:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                                                                                                                                Wow64 process (32bit):false
                                                                                                                                                                                                                                                                                                                Commandline:"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5460 --field-trial-handle=1976,i,400288646878977216,18295332373340912217,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
                                                                                                                                                                                                                                                                                                                Imagebase:0x7ff72bec0000
                                                                                                                                                                                                                                                                                                                File size:3'242'272 bytes
                                                                                                                                                                                                                                                                                                                MD5 hash:45DE480806D1B5D462A7DDE4DCEFC4E4
                                                                                                                                                                                                                                                                                                                Has elevated privileges:true
                                                                                                                                                                                                                                                                                                                Has administrator privileges:true
                                                                                                                                                                                                                                                                                                                Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                                                                Reputation:high
                                                                                                                                                                                                                                                                                                                Has exited:true

                                                                                                                                                                                                                                                                                                                General

                                                                                                                                                                                                                                                                                                                Target ID:11
                                                                                                                                                                                                                                                                                                                Start time:10:01:28
                                                                                                                                                                                                                                                                                                                Start date:04/10/2024
                                                                                                                                                                                                                                                                                                                Path:C:\Users\user\AppData\Local\Temp\nsr7B99.tmp
                                                                                                                                                                                                                                                                                                                Wow64 process (32bit):true
                                                                                                                                                                                                                                                                                                                Commandline:"C:\Users\user\AppData\Local\Temp\nsr7B99.tmp" /internal 1728048003008516 /force
                                                                                                                                                                                                                                                                                                                Imagebase:0x400000
                                                                                                                                                                                                                                                                                                                File size:93'366'688 bytes
                                                                                                                                                                                                                                                                                                                MD5 hash:7D864ECA0B76FBC20223DFA8A0CBD588
                                                                                                                                                                                                                                                                                                                Has elevated privileges:true
                                                                                                                                                                                                                                                                                                                Has administrator privileges:true
                                                                                                                                                                                                                                                                                                                Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                                                                Reputation:low
                                                                                                                                                                                                                                                                                                                Has exited:false

                                                                                                                                                                                                                                                                                                                General

                                                                                                                                                                                                                                                                                                                Target ID:12
                                                                                                                                                                                                                                                                                                                Start time:10:02:07
                                                                                                                                                                                                                                                                                                                Start date:04/10/2024
                                                                                                                                                                                                                                                                                                                Path:C:\Users\user\PCAppStore\PcAppStore.exe
                                                                                                                                                                                                                                                                                                                Wow64 process (32bit):false
                                                                                                                                                                                                                                                                                                                Commandline:"C:\Users\user\PCAppStore\PcAppStore.exe" /init default
                                                                                                                                                                                                                                                                                                                Imagebase:0x7ff751a40000
                                                                                                                                                                                                                                                                                                                File size:3'007'328 bytes
                                                                                                                                                                                                                                                                                                                MD5 hash:B9769675AB9AA29B4D54C8140A1E218E
                                                                                                                                                                                                                                                                                                                Has elevated privileges:true
                                                                                                                                                                                                                                                                                                                Has administrator privileges:true
                                                                                                                                                                                                                                                                                                                Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                                                                Antivirus matches:
                                                                                                                                                                                                                                                                                                                • Detection: 0%, ReversingLabs
                                                                                                                                                                                                                                                                                                                Reputation:low
                                                                                                                                                                                                                                                                                                                Has exited:false

                                                                                                                                                                                                                                                                                                                General

                                                                                                                                                                                                                                                                                                                Target ID:13
                                                                                                                                                                                                                                                                                                                Start time:10:02:07
                                                                                                                                                                                                                                                                                                                Start date:04/10/2024
                                                                                                                                                                                                                                                                                                                Path:C:\Users\user\PCAppStore\Watchdog.exe
                                                                                                                                                                                                                                                                                                                Wow64 process (32bit):false
                                                                                                                                                                                                                                                                                                                Commandline:"C:\Users\user\PCAppStore\Watchdog.exe" /guid=71434D56-1548-ED3D-AEE6-C75AECD93BF0 /rid=20241004100207.8525974062 /ver=fa.1091x
                                                                                                                                                                                                                                                                                                                Imagebase:0x7ff74ede0000
                                                                                                                                                                                                                                                                                                                File size:276'320 bytes
                                                                                                                                                                                                                                                                                                                MD5 hash:C8C3AC12EF71E9CE0C7911250B85154C
                                                                                                                                                                                                                                                                                                                Has elevated privileges:true
                                                                                                                                                                                                                                                                                                                Has administrator privileges:true
                                                                                                                                                                                                                                                                                                                Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                                                                Reputation:low
                                                                                                                                                                                                                                                                                                                Has exited:false

                                                                                                                                                                                                                                                                                                                General

                                                                                                                                                                                                                                                                                                                Target ID:14
                                                                                                                                                                                                                                                                                                                Start time:10:02:09
                                                                                                                                                                                                                                                                                                                Start date:04/10/2024
                                                                                                                                                                                                                                                                                                                Path:C:\Windows\explorer.exe
                                                                                                                                                                                                                                                                                                                Wow64 process (32bit):false
                                                                                                                                                                                                                                                                                                                Commandline:C:\Windows\Explorer.EXE
                                                                                                                                                                                                                                                                                                                Imagebase:0x7ff72b770000
                                                                                                                                                                                                                                                                                                                File size:5'141'208 bytes
                                                                                                                                                                                                                                                                                                                MD5 hash:662F4F92FDE3557E86D110526BB578D5
                                                                                                                                                                                                                                                                                                                Has elevated privileges:false
                                                                                                                                                                                                                                                                                                                Has administrator privileges:false
                                                                                                                                                                                                                                                                                                                Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                                                                Reputation:high
                                                                                                                                                                                                                                                                                                                Has exited:false

                                                                                                                                                                                                                                                                                                                Disassembly

                                                                                                                                                                                                                                                                                                                Reset < >

                                                                                                                                                                                                                                                                                                                  Execution Graph

                                                                                                                                                                                                                                                                                                                  Execution Coverage:28.9%
                                                                                                                                                                                                                                                                                                                  Dynamic/Decrypted Code Coverage:0%
                                                                                                                                                                                                                                                                                                                  Signature Coverage:16.6%
                                                                                                                                                                                                                                                                                                                  Total number of Nodes:1349
                                                                                                                                                                                                                                                                                                                  Total number of Limit Nodes:40
                                                                                                                                                                                                                                                                                                                  execution_graph 2924 4015c1 2943 402da6 2924->2943 2928 401631 2930 401663 2928->2930 2931 401636 2928->2931 2933 401423 24 API calls 2930->2933 2970 401423 2931->2970 2940 40165b 2933->2940 2938 40164a SetCurrentDirectoryW 2938->2940 2939 401617 GetFileAttributesW 2941 4015d1 2939->2941 2941->2928 2941->2939 2955 405e39 2941->2955 2959 405b08 2941->2959 2962 405a6e CreateDirectoryW 2941->2962 2967 405aeb CreateDirectoryW 2941->2967 2944 402db2 2943->2944 2974 40657a 2944->2974 2947 4015c8 2949 405eb7 CharNextW CharNextW 2947->2949 2950 405ed4 2949->2950 2954 405ee6 2949->2954 2951 405ee1 CharNextW 2950->2951 2950->2954 2952 405f0a 2951->2952 2952->2941 2953 405e39 CharNextW 2953->2954 2954->2952 2954->2953 2956 405e3f 2955->2956 2957 405e55 2956->2957 2958 405e46 CharNextW 2956->2958 2957->2941 2958->2956 3012 40690a GetModuleHandleA 2959->3012 2963 405abb 2962->2963 2964 405abf GetLastError 2962->2964 2963->2941 2964->2963 2965 405ace SetFileSecurityW 2964->2965 2965->2963 2966 405ae4 GetLastError 2965->2966 2966->2963 2968 405afb 2967->2968 2969 405aff GetLastError 2967->2969 2968->2941 2969->2968 3021 40559f 2970->3021 2973 40653d lstrcpynW 2973->2938 2978 406587 2974->2978 2975 4067aa 2976 402dd3 2975->2976 3007 40653d lstrcpynW 2975->3007 2976->2947 2991 4067c4 2976->2991 2978->2975 2979 406778 lstrlenW 2978->2979 2982 40657a 10 API calls 2978->2982 2983 40668f GetSystemDirectoryW 2978->2983 2985 4066a2 GetWindowsDirectoryW 2978->2985 2986 406719 lstrcatW 2978->2986 2987 40657a 10 API calls 2978->2987 2988 4067c4 5 API calls 2978->2988 2989 4066d1 SHGetSpecialFolderLocation 2978->2989 3000 40640b 2978->3000 3005 406484 wsprintfW 2978->3005 3006 40653d lstrcpynW 2978->3006 2979->2978 2982->2979 2983->2978 2985->2978 2986->2978 2987->2978 2988->2978 2989->2978 2990 4066e9 SHGetPathFromIDListW CoTaskMemFree 2989->2990 2990->2978 2997 4067d1 2991->2997 2992 406847 2993 40684c CharPrevW 2992->2993 2995 40686d 2992->2995 2993->2992 2994 40683a CharNextW 2994->2992 2994->2997 2995->2947 2996 405e39 CharNextW 2996->2997 2997->2992 2997->2994 2997->2996 2998 406826 CharNextW 2997->2998 2999 406835 CharNextW 2997->2999 2998->2997 2999->2994 3008 4063aa 3000->3008 3003 40646f 3003->2978 3004 40643f RegQueryValueExW RegCloseKey 3004->3003 3005->2978 3006->2978 3007->2976 3009 4063b9 3008->3009 3010 4063c2 RegOpenKeyExW 3009->3010 3011 4063bd 3009->3011 3010->3011 3011->3003 3011->3004 3013 406930 GetProcAddress 3012->3013 3014 406926 3012->3014 3016 405b0f 3013->3016 3018 40689a GetSystemDirectoryW 3014->3018 3016->2941 3017 40692c 3017->3013 3017->3016 3019 4068bc wsprintfW LoadLibraryExW 3018->3019 3019->3017 3022 4055ba 3021->3022 3023 401431 3021->3023 3024 4055d6 lstrlenW 3022->3024 3025 40657a 17 API calls 3022->3025 3023->2973 3026 4055e4 lstrlenW 3024->3026 3027 4055ff 3024->3027 3025->3024 3026->3023 3028 4055f6 lstrcatW 3026->3028 3029 405612 3027->3029 3030 405605 SetWindowTextW 3027->3030 3028->3027 3029->3023 3031 405618 SendMessageW SendMessageW SendMessageW 3029->3031 3030->3029 3031->3023 3032 401941 3033 401943 3032->3033 3034 402da6 17 API calls 3033->3034 3035 401948 3034->3035 3038 405c49 3035->3038 3074 405f14 3038->3074 3041 405c71 DeleteFileW 3072 401951 3041->3072 3042 405c88 3043 405da8 3042->3043 3088 40653d lstrcpynW 3042->3088 3043->3072 3106 406873 FindFirstFileW 3043->3106 3045 405cae 3046 405cc1 3045->3046 3047 405cb4 lstrcatW 3045->3047 3089 405e58 lstrlenW 3046->3089 3049 405cc7 3047->3049 3051 405cd7 lstrcatW 3049->3051 3053 405ce2 lstrlenW FindFirstFileW 3049->3053 3051->3053 3053->3043 3065 405d04 3053->3065 3056 405d8b FindNextFileW 3060 405da1 FindClose 3056->3060 3056->3065 3057 405c01 5 API calls 3059 405de3 3057->3059 3061 405de7 3059->3061 3062 405dfd 3059->3062 3060->3043 3066 40559f 24 API calls 3061->3066 3061->3072 3064 40559f 24 API calls 3062->3064 3064->3072 3065->3056 3067 405c49 60 API calls 3065->3067 3069 40559f 24 API calls 3065->3069 3071 40559f 24 API calls 3065->3071 3093 40653d lstrcpynW 3065->3093 3094 405c01 3065->3094 3102 4062fd MoveFileExW 3065->3102 3068 405df4 3066->3068 3067->3065 3070 4062fd 36 API calls 3068->3070 3069->3056 3070->3072 3071->3065 3112 40653d lstrcpynW 3074->3112 3076 405f25 3077 405eb7 4 API calls 3076->3077 3078 405f2b 3077->3078 3079 405c69 3078->3079 3080 4067c4 5 API calls 3078->3080 3079->3041 3079->3042 3086 405f3b 3080->3086 3081 405f6c lstrlenW 3082 405f77 3081->3082 3081->3086 3084 405e0c 3 API calls 3082->3084 3083 406873 2 API calls 3083->3086 3085 405f7c GetFileAttributesW 3084->3085 3085->3079 3086->3079 3086->3081 3086->3083 3087 405e58 2 API calls 3086->3087 3087->3081 3088->3045 3090 405e66 3089->3090 3091 405e78 3090->3091 3092 405e6c CharPrevW 3090->3092 3091->3049 3092->3090 3092->3091 3093->3065 3113 406008 GetFileAttributesW 3094->3113 3097 405c2e 3097->3065 3098 405c24 DeleteFileW 3100 405c2a 3098->3100 3099 405c1c RemoveDirectoryW 3099->3100 3100->3097 3101 405c3a SetFileAttributesW 3100->3101 3101->3097 3103 406311 3102->3103 3105 40631e 3102->3105 3116 406183 3103->3116 3105->3065 3107 405dcd 3106->3107 3108 406889 FindClose 3106->3108 3107->3072 3109 405e0c lstrlenW CharPrevW 3107->3109 3108->3107 3110 405dd7 3109->3110 3111 405e28 lstrcatW 3109->3111 3110->3057 3111->3110 3112->3076 3114 405c0d 3113->3114 3115 40601a SetFileAttributesW 3113->3115 3114->3097 3114->3098 3114->3099 3115->3114 3117 4061b3 3116->3117 3118 4061d9 GetShortPathNameW 3116->3118 3143 40602d GetFileAttributesW CreateFileW 3117->3143 3120 4062f8 3118->3120 3121 4061ee 3118->3121 3120->3105 3121->3120 3123 4061f6 wsprintfA 3121->3123 3122 4061bd CloseHandle GetShortPathNameW 3122->3120 3124 4061d1 3122->3124 3125 40657a 17 API calls 3123->3125 3124->3118 3124->3120 3126 40621e 3125->3126 3144 40602d GetFileAttributesW CreateFileW 3126->3144 3128 40622b 3128->3120 3129 40623a GetFileSize GlobalAlloc 3128->3129 3130 4062f1 CloseHandle 3129->3130 3131 40625c 3129->3131 3130->3120 3145 4060b0 ReadFile 3131->3145 3136 40627b lstrcpyA 3139 40629d 3136->3139 3137 40628f 3138 405f92 4 API calls 3137->3138 3138->3139 3140 4062d4 SetFilePointer 3139->3140 3152 4060df WriteFile 3140->3152 3143->3122 3144->3128 3146 4060ce 3145->3146 3146->3130 3147 405f92 lstrlenA 3146->3147 3148 405fd3 lstrlenA 3147->3148 3149 405fdb 3148->3149 3150 405fac lstrcmpiA 3148->3150 3149->3136 3149->3137 3150->3149 3151 405fca CharNextA 3150->3151 3151->3148 3153 4060fd GlobalFree 3152->3153 3153->3130 3168 401c43 3169 402d84 17 API calls 3168->3169 3170 401c4a 3169->3170 3171 402d84 17 API calls 3170->3171 3172 401c57 3171->3172 3173 401c6c 3172->3173 3174 402da6 17 API calls 3172->3174 3175 401c7c 3173->3175 3176 402da6 17 API calls 3173->3176 3174->3173 3177 401cd3 3175->3177 3178 401c87 3175->3178 3176->3175 3180 402da6 17 API calls 3177->3180 3179 402d84 17 API calls 3178->3179 3182 401c8c 3179->3182 3181 401cd8 3180->3181 3183 402da6 17 API calls 3181->3183 3184 402d84 17 API calls 3182->3184 3185 401ce1 FindWindowExW 3183->3185 3186 401c98 3184->3186 3189 401d03 3185->3189 3187 401cc3 SendMessageW 3186->3187 3188 401ca5 SendMessageTimeoutW 3186->3188 3187->3189 3188->3189 3834 404943 3835 404953 3834->3835 3836 404979 3834->3836 3837 404499 18 API calls 3835->3837 3838 404500 8 API calls 3836->3838 3839 404960 SetDlgItemTextW 3837->3839 3840 404985 3838->3840 3839->3836 3841 4028c4 3842 4028ca 3841->3842 3843 4028d2 FindClose 3842->3843 3844 402c2a 3842->3844 3843->3844 3848 4016cc 3849 402da6 17 API calls 3848->3849 3850 4016d2 GetFullPathNameW 3849->3850 3851 4016ec 3850->3851 3857 40170e 3850->3857 3854 406873 2 API calls 3851->3854 3851->3857 3852 401723 GetShortPathNameW 3853 402c2a 3852->3853 3855 4016fe 3854->3855 3855->3857 3858 40653d lstrcpynW 3855->3858 3857->3852 3857->3853 3858->3857 3859 401e4e GetDC 3860 402d84 17 API calls 3859->3860 3861 401e60 GetDeviceCaps MulDiv ReleaseDC 3860->3861 3862 402d84 17 API calls 3861->3862 3863 401e91 3862->3863 3864 40657a 17 API calls 3863->3864 3865 401ece CreateFontIndirectW 3864->3865 3866 402638 3865->3866 3867 4045cf lstrcpynW lstrlenW 3868 402950 3869 402da6 17 API calls 3868->3869 3871 40295c 3869->3871 3870 402972 3873 406008 2 API calls 3870->3873 3871->3870 3872 402da6 17 API calls 3871->3872 3872->3870 3874 402978 3873->3874 3896 40602d GetFileAttributesW CreateFileW 3874->3896 3876 402985 3877 402a3b 3876->3877 3878 4029a0 GlobalAlloc 3876->3878 3879 402a23 3876->3879 3880 402a42 DeleteFileW 3877->3880 3881 402a55 3877->3881 3878->3879 3882 4029b9 3878->3882 3883 4032b4 31 API calls 3879->3883 3880->3881 3897 4034e5 SetFilePointer 3882->3897 3885 402a30 CloseHandle 3883->3885 3885->3877 3886 4029bf 3887 4034cf ReadFile 3886->3887 3888 4029c8 GlobalAlloc 3887->3888 3889 4029d8 3888->3889 3890 402a0c 3888->3890 3891 4032b4 31 API calls 3889->3891 3892 4060df WriteFile 3890->3892 3895 4029e5 3891->3895 3893 402a18 GlobalFree 3892->3893 3893->3879 3894 402a03 GlobalFree 3894->3890 3895->3894 3896->3876 3897->3886 3898 401956 3899 402da6 17 API calls 3898->3899 3900 40195d lstrlenW 3899->3900 3901 402638 3900->3901 3902 4014d7 3903 402d84 17 API calls 3902->3903 3904 4014dd Sleep 3903->3904 3906 402c2a 3904->3906 3617 4020d8 3618 4020ea 3617->3618 3628 40219c 3617->3628 3619 402da6 17 API calls 3618->3619 3621 4020f1 3619->3621 3620 401423 24 API calls 3626 4022f6 3620->3626 3622 402da6 17 API calls 3621->3622 3623 4020fa 3622->3623 3624 402110 LoadLibraryExW 3623->3624 3625 402102 GetModuleHandleW 3623->3625 3627 402121 3624->3627 3624->3628 3625->3624 3625->3627 3637 406979 3627->3637 3628->3620 3631 402132 3634 401423 24 API calls 3631->3634 3635 402142 3631->3635 3632 40216b 3633 40559f 24 API calls 3632->3633 3633->3635 3634->3635 3635->3626 3636 40218e FreeLibrary 3635->3636 3636->3626 3642 40655f WideCharToMultiByte 3637->3642 3639 406996 3640 40699d GetProcAddress 3639->3640 3641 40212c 3639->3641 3640->3641 3641->3631 3641->3632 3642->3639 3907 404658 3908 404670 3907->3908 3914 40478a 3907->3914 3915 404499 18 API calls 3908->3915 3909 4047f4 3910 4048be 3909->3910 3911 4047fe GetDlgItem 3909->3911 3916 404500 8 API calls 3910->3916 3912 404818 3911->3912 3913 40487f 3911->3913 3912->3913 3920 40483e SendMessageW LoadCursorW SetCursor 3912->3920 3913->3910 3921 404891 3913->3921 3914->3909 3914->3910 3917 4047c5 GetDlgItem SendMessageW 3914->3917 3918 4046d7 3915->3918 3919 4048b9 3916->3919 3940 4044bb KiUserCallbackDispatcher 3917->3940 3923 404499 18 API calls 3918->3923 3944 404907 3920->3944 3926 4048a7 3921->3926 3927 404897 SendMessageW 3921->3927 3924 4046e4 CheckDlgButton 3923->3924 3938 4044bb KiUserCallbackDispatcher 3924->3938 3926->3919 3931 4048ad SendMessageW 3926->3931 3927->3926 3928 4047ef 3941 4048e3 3928->3941 3931->3919 3933 404702 GetDlgItem 3939 4044ce SendMessageW 3933->3939 3935 404718 SendMessageW 3936 404735 GetSysColor 3935->3936 3937 40473e SendMessageW SendMessageW lstrlenW SendMessageW SendMessageW 3935->3937 3936->3937 3937->3919 3938->3933 3939->3935 3940->3928 3942 4048f1 3941->3942 3943 4048f6 SendMessageW 3941->3943 3942->3943 3943->3909 3947 405b63 ShellExecuteExW 3944->3947 3946 40486d LoadCursorW SetCursor 3946->3913 3947->3946 3948 402b59 3949 402b60 3948->3949 3950 402bab 3948->3950 3953 402d84 17 API calls 3949->3953 3956 402ba9 3949->3956 3951 40690a 5 API calls 3950->3951 3952 402bb2 3951->3952 3954 402da6 17 API calls 3952->3954 3955 402b6e 3953->3955 3957 402bbb 3954->3957 3958 402d84 17 API calls 3955->3958 3957->3956 3959 402bbf IIDFromString 3957->3959 3961 402b7a 3958->3961 3959->3956 3960 402bce 3959->3960 3960->3956 3966 40653d lstrcpynW 3960->3966 3965 406484 wsprintfW 3961->3965 3964 402beb CoTaskMemFree 3964->3956 3965->3956 3966->3964 3760 40175c 3761 402da6 17 API calls 3760->3761 3762 401763 3761->3762 3763 40605c 2 API calls 3762->3763 3764 40176a 3763->3764 3765 40605c 2 API calls 3764->3765 3765->3764 3967 401d5d 3968 402d84 17 API calls 3967->3968 3969 401d6e SetWindowLongW 3968->3969 3970 402c2a 3969->3970 3766 4056de 3767 405888 3766->3767 3768 4056ff GetDlgItem GetDlgItem GetDlgItem 3766->3768 3770 405891 GetDlgItem CreateThread CloseHandle 3767->3770 3771 4058b9 3767->3771 3811 4044ce SendMessageW 3768->3811 3770->3771 3814 405672 5 API calls 3770->3814 3773 4058e4 3771->3773 3775 4058d0 ShowWindow ShowWindow 3771->3775 3776 405909 3771->3776 3772 40576f 3780 405776 GetClientRect GetSystemMetrics SendMessageW SendMessageW 3772->3780 3774 405944 3773->3774 3777 4058f8 3773->3777 3778 40591e ShowWindow 3773->3778 3774->3776 3787 405952 SendMessageW 3774->3787 3813 4044ce SendMessageW 3775->3813 3779 404500 8 API calls 3776->3779 3782 404472 SendMessageW 3777->3782 3783 405930 3778->3783 3784 40593e 3778->3784 3792 405917 3779->3792 3785 4057e4 3780->3785 3786 4057c8 SendMessageW SendMessageW 3780->3786 3782->3776 3788 40559f 24 API calls 3783->3788 3789 404472 SendMessageW 3784->3789 3790 4057f7 3785->3790 3791 4057e9 SendMessageW 3785->3791 3786->3785 3787->3792 3793 40596b CreatePopupMenu 3787->3793 3788->3784 3789->3774 3795 404499 18 API calls 3790->3795 3791->3790 3794 40657a 17 API calls 3793->3794 3796 40597b AppendMenuW 3794->3796 3797 405807 3795->3797 3798 405998 GetWindowRect 3796->3798 3799 4059ab TrackPopupMenu 3796->3799 3800 405810 ShowWindow 3797->3800 3801 405844 GetDlgItem SendMessageW 3797->3801 3798->3799 3799->3792 3802 4059c6 3799->3802 3803 405833 3800->3803 3804 405826 ShowWindow 3800->3804 3801->3792 3805 40586b SendMessageW SendMessageW 3801->3805 3806 4059e2 SendMessageW 3802->3806 3812 4044ce SendMessageW 3803->3812 3804->3803 3805->3792 3806->3806 3807 4059ff OpenClipboard EmptyClipboard GlobalAlloc GlobalLock 3806->3807 3809 405a24 SendMessageW 3807->3809 3809->3809 3810 405a4d GlobalUnlock SetClipboardData CloseClipboard 3809->3810 3810->3792 3811->3772 3812->3801 3813->3773 3815 401ede 3816 402d84 17 API calls 3815->3816 3817 401ee4 3816->3817 3818 402d84 17 API calls 3817->3818 3819 401ef0 3818->3819 3820 401f07 EnableWindow 3819->3820 3821 401efc ShowWindow 3819->3821 3822 402c2a 3820->3822 3821->3822 3971 4028de 3972 4028e6 3971->3972 3973 4028ea FindNextFileW 3972->3973 3976 4028fc 3972->3976 3974 402943 3973->3974 3973->3976 3977 40653d lstrcpynW 3974->3977 3977->3976 3978 404ce0 3979 404cf0 3978->3979 3980 404d0c 3978->3980 3989 405b81 GetDlgItemTextW 3979->3989 3981 404d12 SHGetPathFromIDListW 3980->3981 3982 404d3f 3980->3982 3984 404d29 SendMessageW 3981->3984 3985 404d22 3981->3985 3984->3982 3987 40140b 2 API calls 3985->3987 3986 404cfd SendMessageW 3986->3980 3987->3984 3989->3986 3190 405b63 ShellExecuteExW 3990 401563 3991 402ba4 3990->3991 3994 406484 wsprintfW 3991->3994 3993 402ba9 3994->3993 3995 401968 3996 402d84 17 API calls 3995->3996 3997 40196f 3996->3997 3998 402d84 17 API calls 3997->3998 3999 40197c 3998->3999 4000 402da6 17 API calls 3999->4000 4001 401993 lstrlenW 4000->4001 4002 4019a4 4001->4002 4006 4019e5 4002->4006 4007 40653d lstrcpynW 4002->4007 4004 4019d5 4005 4019da lstrlenW 4004->4005 4004->4006 4005->4006 4007->4004 4008 40166a 4009 402da6 17 API calls 4008->4009 4010 401670 4009->4010 4011 406873 2 API calls 4010->4011 4012 401676 4011->4012 4013 402aeb 4014 402d84 17 API calls 4013->4014 4015 402af1 4014->4015 4016 40292e 4015->4016 4017 40657a 17 API calls 4015->4017 4017->4016 3286 4026ec 3287 402d84 17 API calls 3286->3287 3288 4026fb 3287->3288 3289 402745 ReadFile 3288->3289 3290 4060b0 ReadFile 3288->3290 3291 4027de 3288->3291 3293 402785 MultiByteToWideChar 3288->3293 3294 40283a 3288->3294 3296 4027ab SetFilePointer MultiByteToWideChar 3288->3296 3297 40284b 3288->3297 3299 402838 3288->3299 3289->3288 3289->3299 3290->3288 3291->3288 3291->3299 3300 40610e SetFilePointer 3291->3300 3293->3288 3309 406484 wsprintfW 3294->3309 3296->3288 3298 40286c SetFilePointer 3297->3298 3297->3299 3298->3299 3301 40612a 3300->3301 3304 406142 3300->3304 3302 4060b0 ReadFile 3301->3302 3303 406136 3302->3303 3303->3304 3305 406173 SetFilePointer 3303->3305 3306 40614b SetFilePointer 3303->3306 3304->3291 3305->3304 3306->3305 3307 406156 3306->3307 3308 4060df WriteFile 3307->3308 3308->3304 3309->3299 3556 40176f 3557 402da6 17 API calls 3556->3557 3558 401776 3557->3558 3559 401796 3558->3559 3560 40179e 3558->3560 3595 40653d lstrcpynW 3559->3595 3596 40653d lstrcpynW 3560->3596 3563 40179c 3567 4067c4 5 API calls 3563->3567 3564 4017a9 3565 405e0c 3 API calls 3564->3565 3566 4017af lstrcatW 3565->3566 3566->3563 3584 4017bb 3567->3584 3568 406873 2 API calls 3568->3584 3569 406008 2 API calls 3569->3584 3571 4017cd CompareFileTime 3571->3584 3572 40188d 3574 40559f 24 API calls 3572->3574 3573 401864 3575 40559f 24 API calls 3573->3575 3579 401879 3573->3579 3577 401897 3574->3577 3575->3579 3576 40653d lstrcpynW 3576->3584 3578 4032b4 31 API calls 3577->3578 3580 4018aa 3578->3580 3581 4018be SetFileTime 3580->3581 3582 4018d0 CloseHandle 3580->3582 3581->3582 3582->3579 3585 4018e1 3582->3585 3583 40657a 17 API calls 3583->3584 3584->3568 3584->3569 3584->3571 3584->3572 3584->3573 3584->3576 3584->3583 3590 405b9d MessageBoxIndirectW 3584->3590 3594 40602d GetFileAttributesW CreateFileW 3584->3594 3586 4018e6 3585->3586 3587 4018f9 3585->3587 3588 40657a 17 API calls 3586->3588 3589 40657a 17 API calls 3587->3589 3591 4018ee lstrcatW 3588->3591 3592 401901 3589->3592 3590->3584 3591->3592 3593 405b9d MessageBoxIndirectW 3592->3593 3593->3579 3594->3584 3595->3563 3596->3564 4018 401a72 4019 402d84 17 API calls 4018->4019 4020 401a7b 4019->4020 4021 402d84 17 API calls 4020->4021 4022 401a20 4021->4022 4023 401573 4024 401583 ShowWindow 4023->4024 4025 40158c 4023->4025 4024->4025 4026 402c2a 4025->4026 4027 40159a ShowWindow 4025->4027 4027->4026 4028 4023f4 4029 402da6 17 API calls 4028->4029 4030 402403 4029->4030 4031 402da6 17 API calls 4030->4031 4032 40240c 4031->4032 4033 402da6 17 API calls 4032->4033 4034 402416 GetPrivateProfileStringW 4033->4034 4035 4014f5 SetForegroundWindow 4036 402c2a 4035->4036 4037 401ff6 4038 402da6 17 API calls 4037->4038 4039 401ffd 4038->4039 4040 406873 2 API calls 4039->4040 4041 402003 4040->4041 4043 402014 4041->4043 4044 406484 wsprintfW 4041->4044 4044->4043 4045 401b77 4046 402da6 17 API calls 4045->4046 4047 401b7e 4046->4047 4048 402d84 17 API calls 4047->4048 4049 401b87 wsprintfW 4048->4049 4050 402c2a 4049->4050 4051 40167b 4052 402da6 17 API calls 4051->4052 4053 401682 4052->4053 4054 402da6 17 API calls 4053->4054 4055 40168b 4054->4055 4056 402da6 17 API calls 4055->4056 4057 401694 MoveFileW 4056->4057 4058 4016a7 4057->4058 4064 4016a0 4057->4064 4060 406873 2 API calls 4058->4060 4062 4022f6 4058->4062 4059 401423 24 API calls 4059->4062 4061 4016b6 4060->4061 4061->4062 4063 4062fd 36 API calls 4061->4063 4063->4064 4064->4059 4065 4019ff 4066 402da6 17 API calls 4065->4066 4067 401a06 4066->4067 4068 402da6 17 API calls 4067->4068 4069 401a0f 4068->4069 4070 401a16 lstrcmpiW 4069->4070 4071 401a28 lstrcmpW 4069->4071 4072 401a1c 4070->4072 4071->4072 4073 4022ff 4074 402da6 17 API calls 4073->4074 4075 402305 4074->4075 4076 402da6 17 API calls 4075->4076 4077 40230e 4076->4077 4078 402da6 17 API calls 4077->4078 4079 402317 4078->4079 4080 406873 2 API calls 4079->4080 4081 402320 4080->4081 4082 402331 lstrlenW lstrlenW 4081->4082 4083 402324 4081->4083 4085 40559f 24 API calls 4082->4085 4084 40559f 24 API calls 4083->4084 4087 40232c 4083->4087 4084->4087 4086 40236f SHFileOperationW 4085->4086 4086->4083 4086->4087 4088 401000 4089 401037 BeginPaint GetClientRect 4088->4089 4090 40100c DefWindowProcW 4088->4090 4092 4010f3 4089->4092 4095 401179 4090->4095 4093 401073 CreateBrushIndirect FillRect DeleteObject 4092->4093 4094 4010fc 4092->4094 4093->4092 4096 401102 CreateFontIndirectW 4094->4096 4097 401167 EndPaint 4094->4097 4096->4097 4098 401112 6 API calls 4096->4098 4097->4095 4098->4097 3154 401d81 3155 401d94 GetDlgItem 3154->3155 3156 401d87 3154->3156 3157 401d8e 3155->3157 3165 402d84 3156->3165 3159 401dd5 GetClientRect LoadImageW SendMessageW 3157->3159 3160 402da6 17 API calls 3157->3160 3162 401e33 3159->3162 3164 401e3f 3159->3164 3160->3159 3163 401e38 DeleteObject 3162->3163 3162->3164 3163->3164 3166 40657a 17 API calls 3165->3166 3167 402d99 3166->3167 3167->3157 4099 401503 4100 40150b 4099->4100 4102 40151e 4099->4102 4101 402d84 17 API calls 4100->4101 4101->4102 4103 402383 4104 40238a 4103->4104 4107 40239d 4103->4107 4105 40657a 17 API calls 4104->4105 4106 402397 4105->4106 4108 405b9d MessageBoxIndirectW 4106->4108 4108->4107 3217 402c05 SendMessageW 3218 402c2a 3217->3218 3219 402c1f InvalidateRect 3217->3219 3219->3218 4109 404f06 GetDlgItem GetDlgItem 4110 404f58 7 API calls 4109->4110 4116 40517d 4109->4116 4111 404ff2 SendMessageW 4110->4111 4112 404fff DeleteObject 4110->4112 4111->4112 4113 405008 4112->4113 4114 40503f 4113->4114 4117 40657a 17 API calls 4113->4117 4118 404499 18 API calls 4114->4118 4115 40525f 4119 40530b 4115->4119 4129 4052b8 SendMessageW 4115->4129 4149 405170 4115->4149 4116->4115 4120 4051ec 4116->4120 4163 404e54 SendMessageW 4116->4163 4123 405021 SendMessageW SendMessageW 4117->4123 4124 405053 4118->4124 4121 405315 SendMessageW 4119->4121 4122 40531d 4119->4122 4120->4115 4125 405251 SendMessageW 4120->4125 4121->4122 4131 405336 4122->4131 4132 40532f ImageList_Destroy 4122->4132 4147 405346 4122->4147 4123->4113 4128 404499 18 API calls 4124->4128 4125->4115 4126 404500 8 API calls 4130 40550c 4126->4130 4142 405064 4128->4142 4134 4052cd SendMessageW 4129->4134 4129->4149 4135 40533f GlobalFree 4131->4135 4131->4147 4132->4131 4133 4054c0 4138 4054d2 ShowWindow GetDlgItem ShowWindow 4133->4138 4133->4149 4137 4052e0 4134->4137 4135->4147 4136 40513f GetWindowLongW SetWindowLongW 4139 405158 4136->4139 4148 4052f1 SendMessageW 4137->4148 4138->4149 4140 405175 4139->4140 4141 40515d ShowWindow 4139->4141 4162 4044ce SendMessageW 4140->4162 4161 4044ce SendMessageW 4141->4161 4142->4136 4143 40513a 4142->4143 4146 4050b7 SendMessageW 4142->4146 4150 4050f5 SendMessageW 4142->4150 4151 405109 SendMessageW 4142->4151 4143->4136 4143->4139 4146->4142 4147->4133 4154 405381 4147->4154 4168 404ed4 4147->4168 4148->4119 4149->4126 4150->4142 4151->4142 4153 40548b 4155 405496 InvalidateRect 4153->4155 4158 4054a2 4153->4158 4156 4053af SendMessageW 4154->4156 4157 4053c5 4154->4157 4155->4158 4156->4157 4157->4153 4159 405439 SendMessageW SendMessageW 4157->4159 4158->4133 4177 404e0f 4158->4177 4159->4157 4161->4149 4162->4116 4164 404eb3 SendMessageW 4163->4164 4165 404e77 GetMessagePos ScreenToClient SendMessageW 4163->4165 4167 404eab 4164->4167 4166 404eb0 4165->4166 4165->4167 4166->4164 4167->4120 4180 40653d lstrcpynW 4168->4180 4170 404ee7 4181 406484 wsprintfW 4170->4181 4172 404ef1 4173 40140b 2 API calls 4172->4173 4174 404efa 4173->4174 4182 40653d lstrcpynW 4174->4182 4176 404f01 4176->4154 4183 404d46 4177->4183 4179 404e24 4179->4133 4180->4170 4181->4172 4182->4176 4184 404d5f 4183->4184 4185 40657a 17 API calls 4184->4185 4186 404dc3 4185->4186 4187 40657a 17 API calls 4186->4187 4188 404dce 4187->4188 4189 40657a 17 API calls 4188->4189 4190 404de4 lstrlenW wsprintfW SetDlgItemTextW 4189->4190 4190->4179 4191 404609 lstrlenW 4192 404628 4191->4192 4193 40462a WideCharToMultiByte 4191->4193 4192->4193 3220 40248a 3221 402da6 17 API calls 3220->3221 3222 40249c 3221->3222 3223 402da6 17 API calls 3222->3223 3224 4024a6 3223->3224 3237 402e36 3224->3237 3227 40292e 3228 4024de 3230 4024ea 3228->3230 3232 402d84 17 API calls 3228->3232 3229 402da6 17 API calls 3231 4024d4 lstrlenW 3229->3231 3233 402509 RegSetValueExW 3230->3233 3241 4032b4 3230->3241 3231->3228 3232->3230 3235 40251f RegCloseKey 3233->3235 3235->3227 3238 402e51 3237->3238 3261 4063d8 3238->3261 3242 4032cd 3241->3242 3243 4032fb 3242->3243 3268 4034e5 SetFilePointer 3242->3268 3265 4034cf 3243->3265 3247 403468 3249 4034aa 3247->3249 3252 40346c 3247->3252 3248 403318 GetTickCount 3253 403452 3248->3253 3257 403367 3248->3257 3250 4034cf ReadFile 3249->3250 3250->3253 3251 4034cf ReadFile 3251->3257 3252->3253 3254 4034cf ReadFile 3252->3254 3255 4060df WriteFile 3252->3255 3253->3233 3254->3252 3255->3252 3256 4033bd GetTickCount 3256->3257 3257->3251 3257->3253 3257->3256 3258 4033e2 MulDiv wsprintfW 3257->3258 3260 4060df WriteFile 3257->3260 3259 40559f 24 API calls 3258->3259 3259->3257 3260->3257 3262 4063e7 3261->3262 3263 4063f2 RegCreateKeyExW 3262->3263 3264 4024b6 3262->3264 3263->3264 3264->3227 3264->3228 3264->3229 3266 4060b0 ReadFile 3265->3266 3267 403306 3266->3267 3267->3247 3267->3248 3267->3253 3268->3243 4194 40498a 4195 4049b6 4194->4195 4196 4049c7 4194->4196 4255 405b81 GetDlgItemTextW 4195->4255 4197 4049d3 GetDlgItem 4196->4197 4204 404a32 4196->4204 4200 4049e7 4197->4200 4199 4049c1 4202 4067c4 5 API calls 4199->4202 4203 4049fb SetWindowTextW 4200->4203 4207 405eb7 4 API calls 4200->4207 4201 404b16 4253 404cc5 4201->4253 4257 405b81 GetDlgItemTextW 4201->4257 4202->4196 4208 404499 18 API calls 4203->4208 4204->4201 4209 40657a 17 API calls 4204->4209 4204->4253 4206 404500 8 API calls 4211 404cd9 4206->4211 4212 4049f1 4207->4212 4213 404a17 4208->4213 4214 404aa6 SHBrowseForFolderW 4209->4214 4210 404b46 4215 405f14 18 API calls 4210->4215 4212->4203 4219 405e0c 3 API calls 4212->4219 4216 404499 18 API calls 4213->4216 4214->4201 4217 404abe CoTaskMemFree 4214->4217 4218 404b4c 4215->4218 4220 404a25 4216->4220 4221 405e0c 3 API calls 4217->4221 4258 40653d lstrcpynW 4218->4258 4219->4203 4256 4044ce SendMessageW 4220->4256 4223 404acb 4221->4223 4226 404b02 SetDlgItemTextW 4223->4226 4230 40657a 17 API calls 4223->4230 4225 404a2b 4228 40690a 5 API calls 4225->4228 4226->4201 4227 404b63 4229 40690a 5 API calls 4227->4229 4228->4204 4241 404b6a 4229->4241 4231 404aea lstrcmpiW 4230->4231 4231->4226 4233 404afb lstrcatW 4231->4233 4232 404bab 4259 40653d lstrcpynW 4232->4259 4233->4226 4235 404bb2 4236 405eb7 4 API calls 4235->4236 4237 404bb8 GetDiskFreeSpaceW 4236->4237 4239 404bdc MulDiv 4237->4239 4243 404c03 4237->4243 4239->4243 4240 405e58 2 API calls 4240->4241 4241->4232 4241->4240 4241->4243 4242 404c74 4245 404c97 4242->4245 4247 40140b 2 API calls 4242->4247 4243->4242 4244 404e0f 20 API calls 4243->4244 4246 404c61 4244->4246 4260 4044bb KiUserCallbackDispatcher 4245->4260 4248 404c76 SetDlgItemTextW 4246->4248 4249 404c66 4246->4249 4247->4245 4248->4242 4251 404d46 20 API calls 4249->4251 4251->4242 4252 404cb3 4252->4253 4254 4048e3 SendMessageW 4252->4254 4253->4206 4254->4253 4255->4199 4256->4225 4257->4210 4258->4227 4259->4235 4260->4252 4261 40290b 4262 402da6 17 API calls 4261->4262 4263 402912 FindFirstFileW 4262->4263 4264 40293a 4263->4264 4267 402925 4263->4267 4269 406484 wsprintfW 4264->4269 4266 402943 4270 40653d lstrcpynW 4266->4270 4269->4266 4270->4267 4271 40190c 4272 401943 4271->4272 4273 402da6 17 API calls 4272->4273 4274 401948 4273->4274 4275 405c49 67 API calls 4274->4275 4276 401951 4275->4276 4277 40190f 4278 402da6 17 API calls 4277->4278 4279 401916 4278->4279 4280 405b9d MessageBoxIndirectW 4279->4280 4281 40191f 4280->4281 3597 402891 3598 402898 3597->3598 3599 402ba9 3597->3599 3600 402d84 17 API calls 3598->3600 3601 40289f 3600->3601 3602 4028ae SetFilePointer 3601->3602 3602->3599 3603 4028be 3602->3603 3605 406484 wsprintfW 3603->3605 3605->3599 4282 401491 4283 40559f 24 API calls 4282->4283 4284 401498 4283->4284 3606 403b12 3607 403b2a 3606->3607 3608 403b1c CloseHandle 3606->3608 3613 403b57 3607->3613 3608->3607 3611 405c49 67 API calls 3612 403b3b 3611->3612 3615 403b65 3613->3615 3614 403b2f 3614->3611 3615->3614 3616 403b6a FreeLibrary GlobalFree 3615->3616 3616->3614 3616->3616 4285 401f12 4286 402da6 17 API calls 4285->4286 4287 401f18 4286->4287 4288 402da6 17 API calls 4287->4288 4289 401f21 4288->4289 4290 402da6 17 API calls 4289->4290 4291 401f2a 4290->4291 4292 402da6 17 API calls 4291->4292 4293 401f33 4292->4293 4294 401423 24 API calls 4293->4294 4295 401f3a 4294->4295 4302 405b63 ShellExecuteExW 4295->4302 4297 401f82 4298 40292e 4297->4298 4299 4069b5 5 API calls 4297->4299 4300 401f9f CloseHandle 4299->4300 4300->4298 4302->4297 4303 405513 4304 405523 4303->4304 4305 405537 4303->4305 4306 405580 4304->4306 4307 405529 4304->4307 4308 40553f IsWindowVisible 4305->4308 4314 405556 4305->4314 4309 405585 CallWindowProcW 4306->4309 4310 4044e5 SendMessageW 4307->4310 4308->4306 4311 40554c 4308->4311 4312 405533 4309->4312 4310->4312 4313 404e54 5 API calls 4311->4313 4313->4314 4314->4309 4315 404ed4 4 API calls 4314->4315 4315->4306 4316 402f93 4317 402fa5 SetTimer 4316->4317 4318 402fbe 4316->4318 4317->4318 4319 403013 4318->4319 4320 402fd8 MulDiv wsprintfW SetWindowTextW SetDlgItemTextW 4318->4320 4320->4319 4321 401d17 4322 402d84 17 API calls 4321->4322 4323 401d1d IsWindow 4322->4323 4324 401a20 4323->4324 3643 403f9a 3644 403fb2 3643->3644 3645 404113 3643->3645 3644->3645 3646 403fbe 3644->3646 3647 404164 3645->3647 3648 404124 GetDlgItem GetDlgItem 3645->3648 3650 403fc9 SetWindowPos 3646->3650 3651 403fdc 3646->3651 3649 4041be 3647->3649 3660 401389 2 API calls 3647->3660 3652 404499 18 API calls 3648->3652 3653 4044e5 SendMessageW 3649->3653 3661 40410e 3649->3661 3650->3651 3654 403fe5 ShowWindow 3651->3654 3655 404027 3651->3655 3656 40414e SetClassLongW 3652->3656 3682 4041d0 3653->3682 3662 4040d1 3654->3662 3663 404005 GetWindowLongW 3654->3663 3657 404046 3655->3657 3658 40402f DestroyWindow 3655->3658 3659 40140b 2 API calls 3656->3659 3665 40404b SetWindowLongW 3657->3665 3666 40405c 3657->3666 3664 404422 3658->3664 3659->3647 3667 404196 3660->3667 3723 404500 3662->3723 3663->3662 3669 40401e ShowWindow 3663->3669 3664->3661 3676 404453 ShowWindow 3664->3676 3665->3661 3666->3662 3670 404068 GetDlgItem 3666->3670 3667->3649 3671 40419a SendMessageW 3667->3671 3669->3655 3674 404096 3670->3674 3675 404079 SendMessageW IsWindowEnabled 3670->3675 3671->3661 3672 40140b 2 API calls 3672->3682 3673 404424 DestroyWindow KiUserCallbackDispatcher 3673->3664 3678 4040a3 3674->3678 3680 4040ea SendMessageW 3674->3680 3681 4040b6 3674->3681 3688 40409b 3674->3688 3675->3661 3675->3674 3676->3661 3677 40657a 17 API calls 3677->3682 3678->3680 3678->3688 3680->3662 3683 4040d3 3681->3683 3684 4040be 3681->3684 3682->3661 3682->3672 3682->3673 3682->3677 3685 404499 18 API calls 3682->3685 3705 404364 DestroyWindow 3682->3705 3714 404499 3682->3714 3686 40140b 2 API calls 3683->3686 3687 40140b 2 API calls 3684->3687 3685->3682 3686->3688 3687->3688 3688->3662 3720 404472 3688->3720 3690 40424b GetDlgItem 3691 404260 3690->3691 3692 404268 ShowWindow KiUserCallbackDispatcher 3690->3692 3691->3692 3717 4044bb KiUserCallbackDispatcher 3692->3717 3694 404292 KiUserCallbackDispatcher 3699 4042a6 3694->3699 3695 4042ab GetSystemMenu EnableMenuItem SendMessageW 3696 4042db SendMessageW 3695->3696 3695->3699 3696->3699 3698 403f7b 18 API calls 3698->3699 3699->3695 3699->3698 3718 4044ce SendMessageW 3699->3718 3719 40653d lstrcpynW 3699->3719 3701 40430a lstrlenW 3702 40657a 17 API calls 3701->3702 3703 404320 SetWindowTextW 3702->3703 3704 401389 2 API calls 3703->3704 3704->3682 3705->3664 3706 40437e CreateDialogParamW 3705->3706 3706->3664 3707 4043b1 3706->3707 3708 404499 18 API calls 3707->3708 3709 4043bc GetDlgItem GetWindowRect ScreenToClient SetWindowPos 3708->3709 3710 401389 2 API calls 3709->3710 3711 404402 3710->3711 3711->3661 3712 40440a ShowWindow 3711->3712 3713 4044e5 SendMessageW 3712->3713 3713->3664 3715 40657a 17 API calls 3714->3715 3716 4044a4 SetDlgItemTextW 3715->3716 3716->3690 3717->3694 3718->3699 3719->3701 3721 404479 3720->3721 3722 40447f SendMessageW 3720->3722 3721->3722 3722->3662 3724 4045c3 3723->3724 3725 404518 GetWindowLongW 3723->3725 3724->3661 3725->3724 3726 40452d 3725->3726 3726->3724 3727 40455a GetSysColor 3726->3727 3728 40455d 3726->3728 3727->3728 3729 404563 SetTextColor 3728->3729 3730 40456d SetBkMode 3728->3730 3729->3730 3731 404585 GetSysColor 3730->3731 3732 40458b 3730->3732 3731->3732 3733 404592 SetBkColor 3732->3733 3734 40459c 3732->3734 3733->3734 3734->3724 3735 4045b6 CreateBrushIndirect 3734->3735 3736 4045af DeleteObject 3734->3736 3735->3724 3736->3735 3737 401b9b 3738 401ba8 3737->3738 3739 401bec 3737->3739 3744 401c31 3738->3744 3745 401bbf 3738->3745 3740 401bf1 3739->3740 3741 401c16 GlobalAlloc 3739->3741 3746 40239d 3740->3746 3756 40653d lstrcpynW 3740->3756 3742 40657a 17 API calls 3741->3742 3742->3744 3743 40657a 17 API calls 3747 402397 3743->3747 3744->3743 3744->3746 3757 40653d lstrcpynW 3745->3757 3752 405b9d MessageBoxIndirectW 3747->3752 3750 401c03 GlobalFree 3750->3746 3751 401bce 3758 40653d lstrcpynW 3751->3758 3752->3746 3754 401bdd 3759 40653d lstrcpynW 3754->3759 3756->3750 3757->3751 3758->3754 3759->3746 4325 40261c 4326 402da6 17 API calls 4325->4326 4327 402623 4326->4327 4330 40602d GetFileAttributesW CreateFileW 4327->4330 4329 40262f 4330->4329 3823 40259e 3824 402de6 17 API calls 3823->3824 3825 4025a8 3824->3825 3826 402d84 17 API calls 3825->3826 3827 4025b1 3826->3827 3828 4025d9 RegEnumValueW 3827->3828 3829 4025cd RegEnumKeyW 3827->3829 3830 40292e 3827->3830 3831 4025f5 RegCloseKey 3828->3831 3832 4025ee 3828->3832 3829->3831 3831->3830 3832->3831 4331 40149e 4332 4014ac PostQuitMessage 4331->4332 4333 40239d 4331->4333 4332->4333 4334 4015a3 4335 402da6 17 API calls 4334->4335 4336 4015aa SetFileAttributesW 4335->4336 4337 4015bc 4336->4337 3191 401fa4 3192 402da6 17 API calls 3191->3192 3193 401faa 3192->3193 3194 40559f 24 API calls 3193->3194 3195 401fb4 3194->3195 3204 405b20 CreateProcessW 3195->3204 3198 40292e 3201 401fcf 3202 401fdd CloseHandle 3201->3202 3212 406484 wsprintfW 3201->3212 3202->3198 3205 405b53 CloseHandle 3204->3205 3206 401fba 3204->3206 3205->3206 3206->3198 3206->3202 3207 4069b5 WaitForSingleObject 3206->3207 3208 4069cf 3207->3208 3209 4069e1 GetExitCodeProcess 3208->3209 3213 406946 3208->3213 3209->3201 3212->3202 3214 406963 PeekMessageW 3213->3214 3215 406973 WaitForSingleObject 3214->3215 3216 406959 DispatchMessageW 3214->3216 3215->3208 3216->3214 3269 40252a 3280 402de6 3269->3280 3272 402da6 17 API calls 3273 40253d 3272->3273 3274 402548 RegQueryValueExW 3273->3274 3279 40292e 3273->3279 3275 40256e RegCloseKey 3274->3275 3276 402568 3274->3276 3275->3279 3276->3275 3285 406484 wsprintfW 3276->3285 3281 402da6 17 API calls 3280->3281 3282 402dfd 3281->3282 3283 4063aa RegOpenKeyExW 3282->3283 3284 402534 3283->3284 3284->3272 3285->3275 4338 40202a 4339 402da6 17 API calls 4338->4339 4340 402031 4339->4340 4341 40690a 5 API calls 4340->4341 4342 402040 4341->4342 4343 40205c GlobalAlloc 4342->4343 4346 4020cc 4342->4346 4344 402070 4343->4344 4343->4346 4345 40690a 5 API calls 4344->4345 4347 402077 4345->4347 4348 40690a 5 API calls 4347->4348 4349 402081 4348->4349 4349->4346 4353 406484 wsprintfW 4349->4353 4351 4020ba 4354 406484 wsprintfW 4351->4354 4353->4351 4354->4346 4355 4021aa 4356 402da6 17 API calls 4355->4356 4357 4021b1 4356->4357 4358 402da6 17 API calls 4357->4358 4359 4021bb 4358->4359 4360 402da6 17 API calls 4359->4360 4361 4021c5 4360->4361 4362 402da6 17 API calls 4361->4362 4363 4021cf 4362->4363 4364 402da6 17 API calls 4363->4364 4365 4021d9 4364->4365 4366 402218 CoCreateInstance 4365->4366 4367 402da6 17 API calls 4365->4367 4370 402237 4366->4370 4367->4366 4368 401423 24 API calls 4369 4022f6 4368->4369 4370->4368 4370->4369 4371 403baa 4372 403bb5 4371->4372 4373 403bb9 4372->4373 4374 403bbc GlobalAlloc 4372->4374 4374->4373 3310 40352d SetErrorMode GetVersionExW 3311 4035b7 3310->3311 3312 40357f GetVersionExW 3310->3312 3313 403610 3311->3313 3314 40690a 5 API calls 3311->3314 3312->3311 3315 40689a 3 API calls 3313->3315 3314->3313 3316 403626 lstrlenA 3315->3316 3316->3313 3317 403636 3316->3317 3318 40690a 5 API calls 3317->3318 3319 40363d 3318->3319 3320 40690a 5 API calls 3319->3320 3321 403644 3320->3321 3322 40690a 5 API calls 3321->3322 3326 403650 #17 OleInitialize SHGetFileInfoW 3322->3326 3325 40369d GetCommandLineW 3401 40653d lstrcpynW 3325->3401 3400 40653d lstrcpynW 3326->3400 3328 4036af 3329 405e39 CharNextW 3328->3329 3330 4036d5 CharNextW 3329->3330 3342 4036e6 3330->3342 3331 4037e4 3332 4037f8 GetTempPathW 3331->3332 3402 4034fc 3332->3402 3334 403810 3336 403814 GetWindowsDirectoryW lstrcatW 3334->3336 3337 40386a DeleteFileW 3334->3337 3335 405e39 CharNextW 3335->3342 3338 4034fc 12 API calls 3336->3338 3412 40307d GetTickCount GetModuleFileNameW 3337->3412 3340 403830 3338->3340 3340->3337 3343 403834 GetTempPathW lstrcatW SetEnvironmentVariableW SetEnvironmentVariableW 3340->3343 3341 40387d 3345 403a59 ExitProcess CoUninitialize 3341->3345 3347 403932 3341->3347 3355 405e39 CharNextW 3341->3355 3342->3331 3342->3335 3344 4037e6 3342->3344 3346 4034fc 12 API calls 3343->3346 3496 40653d lstrcpynW 3344->3496 3349 403a69 3345->3349 3350 403a7e 3345->3350 3354 403862 3346->3354 3440 403bec 3347->3440 3501 405b9d 3349->3501 3352 403a86 GetCurrentProcess OpenProcessToken 3350->3352 3353 403afc ExitProcess 3350->3353 3358 403acc 3352->3358 3359 403a9d LookupPrivilegeValueW AdjustTokenPrivileges 3352->3359 3354->3337 3354->3345 3369 40389f 3355->3369 3362 40690a 5 API calls 3358->3362 3359->3358 3360 403941 3360->3345 3365 403ad3 3362->3365 3363 403908 3366 405f14 18 API calls 3363->3366 3364 403949 3368 405b08 5 API calls 3364->3368 3367 403ae8 ExitWindowsEx 3365->3367 3371 403af5 3365->3371 3370 403914 3366->3370 3367->3353 3367->3371 3372 40394e lstrcatW 3368->3372 3369->3363 3369->3364 3370->3345 3497 40653d lstrcpynW 3370->3497 3505 40140b 3371->3505 3373 40396a lstrcatW lstrcmpiW 3372->3373 3374 40395f lstrcatW 3372->3374 3373->3360 3376 40398a 3373->3376 3374->3373 3378 403996 3376->3378 3379 40398f 3376->3379 3382 405aeb 2 API calls 3378->3382 3381 405a6e 4 API calls 3379->3381 3380 403927 3498 40653d lstrcpynW 3380->3498 3384 403994 3381->3384 3385 40399b SetCurrentDirectoryW 3382->3385 3384->3385 3386 4039b8 3385->3386 3387 4039ad 3385->3387 3500 40653d lstrcpynW 3386->3500 3499 40653d lstrcpynW 3387->3499 3390 40657a 17 API calls 3391 4039fa DeleteFileW 3390->3391 3392 403a06 CopyFileW 3391->3392 3397 4039c5 3391->3397 3392->3397 3393 403a50 3395 4062fd 36 API calls 3393->3395 3394 4062fd 36 API calls 3394->3397 3395->3360 3396 40657a 17 API calls 3396->3397 3397->3390 3397->3393 3397->3394 3397->3396 3398 405b20 2 API calls 3397->3398 3399 403a3a CloseHandle 3397->3399 3398->3397 3399->3397 3400->3325 3401->3328 3403 4067c4 5 API calls 3402->3403 3405 403508 3403->3405 3404 403512 3404->3334 3405->3404 3406 405e0c 3 API calls 3405->3406 3407 40351a 3406->3407 3408 405aeb 2 API calls 3407->3408 3409 403520 3408->3409 3508 40605c 3409->3508 3512 40602d GetFileAttributesW CreateFileW 3412->3512 3414 4030bd 3432 4030cd 3414->3432 3513 40653d lstrcpynW 3414->3513 3416 4030e3 3417 405e58 2 API calls 3416->3417 3418 4030e9 3417->3418 3514 40653d lstrcpynW 3418->3514 3420 4030f4 GetFileSize 3421 4031ee 3420->3421 3439 40310b 3420->3439 3515 403019 3421->3515 3423 4031f7 3425 403227 GlobalAlloc 3423->3425 3423->3432 3527 4034e5 SetFilePointer 3423->3527 3424 4034cf ReadFile 3424->3439 3526 4034e5 SetFilePointer 3425->3526 3427 40325a 3429 403019 6 API calls 3427->3429 3429->3432 3430 403210 3433 4034cf ReadFile 3430->3433 3431 403242 3434 4032b4 31 API calls 3431->3434 3432->3341 3435 40321b 3433->3435 3437 40324e 3434->3437 3435->3425 3435->3432 3436 403019 6 API calls 3436->3439 3437->3432 3437->3437 3438 40328b SetFilePointer 3437->3438 3438->3432 3439->3421 3439->3424 3439->3427 3439->3432 3439->3436 3441 40690a 5 API calls 3440->3441 3442 403c00 3441->3442 3443 403c06 3442->3443 3444 403c18 3442->3444 3543 406484 wsprintfW 3443->3543 3445 40640b 3 API calls 3444->3445 3446 403c48 3445->3446 3448 403c67 lstrcatW 3446->3448 3450 40640b 3 API calls 3446->3450 3449 403c16 3448->3449 3528 403ec2 3449->3528 3450->3448 3453 405f14 18 API calls 3454 403c99 3453->3454 3455 403d2d 3454->3455 3457 40640b 3 API calls 3454->3457 3456 405f14 18 API calls 3455->3456 3458 403d33 3456->3458 3459 403ccb 3457->3459 3460 403d43 LoadImageW 3458->3460 3461 40657a 17 API calls 3458->3461 3459->3455 3464 403cec lstrlenW 3459->3464 3467 405e39 CharNextW 3459->3467 3462 403de9 3460->3462 3463 403d6a RegisterClassW 3460->3463 3461->3460 3466 40140b 2 API calls 3462->3466 3465 403da0 SystemParametersInfoW CreateWindowExW 3463->3465 3495 403df3 3463->3495 3468 403d20 3464->3468 3469 403cfa lstrcmpiW 3464->3469 3465->3462 3473 403def 3466->3473 3471 403ce9 3467->3471 3470 405e0c 3 API calls 3468->3470 3469->3468 3472 403d0a GetFileAttributesW 3469->3472 3475 403d26 3470->3475 3471->3464 3476 403d16 3472->3476 3474 403ec2 18 API calls 3473->3474 3473->3495 3477 403e00 3474->3477 3544 40653d lstrcpynW 3475->3544 3476->3468 3479 405e58 2 API calls 3476->3479 3480 403e0c ShowWindow 3477->3480 3481 403e8f 3477->3481 3479->3468 3483 40689a 3 API calls 3480->3483 3536 405672 OleInitialize 3481->3536 3485 403e24 3483->3485 3484 403e95 3486 403eb1 3484->3486 3487 403e99 3484->3487 3488 403e32 GetClassInfoW 3485->3488 3490 40689a 3 API calls 3485->3490 3489 40140b 2 API calls 3486->3489 3493 40140b 2 API calls 3487->3493 3487->3495 3491 403e46 GetClassInfoW RegisterClassW 3488->3491 3492 403e5c DialogBoxParamW 3488->3492 3489->3495 3490->3488 3491->3492 3494 40140b 2 API calls 3492->3494 3493->3495 3494->3495 3495->3360 3496->3332 3497->3380 3498->3347 3499->3386 3500->3397 3502 405bb2 3501->3502 3503 403a76 ExitProcess 3502->3503 3504 405bc6 MessageBoxIndirectW 3502->3504 3504->3503 3506 401389 2 API calls 3505->3506 3507 401420 3506->3507 3507->3353 3509 406069 GetTickCount GetTempFileNameW 3508->3509 3510 40352b 3509->3510 3511 40609f 3509->3511 3510->3334 3511->3509 3511->3510 3512->3414 3513->3416 3514->3420 3516 403022 3515->3516 3517 40303a 3515->3517 3518 403032 3516->3518 3519 40302b DestroyWindow 3516->3519 3520 403042 3517->3520 3521 40304a GetTickCount 3517->3521 3518->3423 3519->3518 3522 406946 2 API calls 3520->3522 3523 403058 CreateDialogParamW ShowWindow 3521->3523 3524 40307b 3521->3524 3525 403048 3522->3525 3523->3524 3524->3423 3525->3423 3526->3431 3527->3430 3529 403ed6 3528->3529 3545 406484 wsprintfW 3529->3545 3531 403f47 3546 403f7b 3531->3546 3533 403c77 3533->3453 3534 403f4c 3534->3533 3535 40657a 17 API calls 3534->3535 3535->3534 3549 4044e5 3536->3549 3538 405695 3542 4056bc 3538->3542 3552 401389 3538->3552 3539 4044e5 SendMessageW 3540 4056ce OleUninitialize 3539->3540 3540->3484 3542->3539 3543->3449 3544->3455 3545->3531 3547 40657a 17 API calls 3546->3547 3548 403f89 SetWindowTextW 3547->3548 3548->3534 3550 4044fd 3549->3550 3551 4044ee SendMessageW 3549->3551 3550->3538 3551->3550 3554 401390 3552->3554 3553 4013fe 3553->3538 3554->3553 3555 4013cb MulDiv SendMessageW 3554->3555 3555->3554 4375 401a30 4376 402da6 17 API calls 4375->4376 4377 401a39 ExpandEnvironmentStringsW 4376->4377 4378 401a4d 4377->4378 4380 401a60 4377->4380 4379 401a52 lstrcmpW 4378->4379 4378->4380 4379->4380 4386 4023b2 4387 4023c0 4386->4387 4388 4023ba 4386->4388 4390 4023ce 4387->4390 4391 402da6 17 API calls 4387->4391 4389 402da6 17 API calls 4388->4389 4389->4387 4392 402da6 17 API calls 4390->4392 4394 4023dc 4390->4394 4391->4390 4392->4394 4393 402da6 17 API calls 4395 4023e5 WritePrivateProfileStringW 4393->4395 4394->4393 4396 402434 4397 402467 4396->4397 4398 40243c 4396->4398 4399 402da6 17 API calls 4397->4399 4400 402de6 17 API calls 4398->4400 4401 40246e 4399->4401 4402 402443 4400->4402 4407 402e64 4401->4407 4404 402da6 17 API calls 4402->4404 4405 40247b 4402->4405 4406 402454 RegDeleteValueW RegCloseKey 4404->4406 4406->4405 4408 402e71 4407->4408 4409 402e78 4407->4409 4408->4405 4409->4408 4411 402ea9 4409->4411 4412 4063aa RegOpenKeyExW 4411->4412 4413 402ed7 4412->4413 4414 402ee7 RegEnumValueW 4413->4414 4415 402f0a 4413->4415 4422 402f81 4413->4422 4414->4415 4416 402f71 RegCloseKey 4414->4416 4415->4416 4417 402f46 RegEnumKeyW 4415->4417 4418 402f4f RegCloseKey 4415->4418 4421 402ea9 6 API calls 4415->4421 4416->4422 4417->4415 4417->4418 4419 40690a 5 API calls 4418->4419 4420 402f5f 4419->4420 4420->4422 4423 402f63 RegDeleteKeyW 4420->4423 4421->4415 4422->4408 4423->4422 4424 401735 4425 402da6 17 API calls 4424->4425 4426 40173c SearchPathW 4425->4426 4427 401757 4426->4427 4428 401d38 4429 402d84 17 API calls 4428->4429 4430 401d3f 4429->4430 4431 402d84 17 API calls 4430->4431 4432 401d4b GetDlgItem 4431->4432 4433 402638 4432->4433 4434 4014b8 4435 4014be 4434->4435 4436 401389 2 API calls 4435->4436 4437 4014c6 4436->4437 4438 40263e 4439 402652 4438->4439 4440 40266d 4438->4440 4441 402d84 17 API calls 4439->4441 4442 402672 4440->4442 4443 40269d 4440->4443 4450 402659 4441->4450 4444 402da6 17 API calls 4442->4444 4445 402da6 17 API calls 4443->4445 4447 402679 4444->4447 4446 4026a4 lstrlenW 4445->4446 4446->4450 4455 40655f WideCharToMultiByte 4447->4455 4449 40268d lstrlenA 4449->4450 4451 4026d1 4450->4451 4452 4026e7 4450->4452 4454 40610e 5 API calls 4450->4454 4451->4452 4453 4060df WriteFile 4451->4453 4453->4452 4454->4451 4455->4449

                                                                                                                                                                                                                                                                                                                  Executed Functions

                                                                                                                                                                                                                                                                                                                  Function 0040352D Relevance: 84.4, APIs: 34, Strings: 14, Instructions: 450stringfilecomCOMMON
                                                                                                                                                                                                                                                                                                                  Download Yara Rule

                                                                                                                                                                                                                                                                                                                  Control-flow Graph

                                                                                                                                                                                                                                                                                                                  • Executed
                                                                                                                                                                                                                                                                                                                  • Not Executed
                                                                                                                                                                                                                                                                                                                  control_flow_graph 0 40352d-40357d SetErrorMode GetVersionExW 1 4035b7-4035be 0->1 2 40357f-4035b3 GetVersionExW 0->2 3 4035c0 1->3 4 4035c8-403608 1->4 2->1 3->4 5 40360a-403612 call 40690a 4->5 6 40361b 4->6 5->6 11 403614 5->11 8 403620-403634 call 40689a lstrlenA 6->8 13 403636-403652 call 40690a * 3 8->13 11->6 20 403663-4036c5 #17 OleInitialize SHGetFileInfoW call 40653d GetCommandLineW call 40653d 13->20 21 403654-40365a 13->21 28 4036c7-4036c9 20->28 29 4036ce-4036e1 call 405e39 CharNextW 20->29 21->20 25 40365c 21->25 25->20 28->29 32 4037d8-4037de 29->32 33 4037e4 32->33 34 4036e6-4036ec 32->34 37 4037f8-403812 GetTempPathW call 4034fc 33->37 35 4036f5-4036fb 34->35 36 4036ee-4036f3 34->36 38 403702-403706 35->38 39 4036fd-403701 35->39 36->35 36->36 47 403814-403832 GetWindowsDirectoryW lstrcatW call 4034fc 37->47 48 40386a-403882 DeleteFileW call 40307d 37->48 41 4037c6-4037d4 call 405e39 38->41 42 40370c-403712 38->42 39->38 41->32 59 4037d6-4037d7 41->59 45 403714-40371b 42->45 46 40372c-403765 42->46 52 403722 45->52 53 40371d-403720 45->53 54 403781-4037bb 46->54 55 403767-40376c 46->55 47->48 62 403834-403864 GetTempPathW lstrcatW SetEnvironmentVariableW * 2 call 4034fc 47->62 64 403888-40388e 48->64 65 403a59-403a67 ExitProcess CoUninitialize 48->65 52->46 53->46 53->52 57 4037c3-4037c5 54->57 58 4037bd-4037c1 54->58 55->54 61 40376e-403776 55->61 57->41 58->57 63 4037e6-4037f3 call 40653d 58->63 59->32 66 403778-40377b 61->66 67 40377d 61->67 62->48 62->65 63->37 69 403894-4038a7 call 405e39 64->69 70 403935-40393c call 403bec 64->70 72 403a69-403a78 call 405b9d ExitProcess 65->72 73 403a7e-403a84 65->73 66->54 66->67 67->54 88 4038f9-403906 69->88 89 4038a9-4038de 69->89 84 403941-403944 70->84 75 403a86-403a9b GetCurrentProcess OpenProcessToken 73->75 76 403afc-403b04 73->76 81 403acc-403ada call 40690a 75->81 82 403a9d-403ac6 LookupPrivilegeValueW AdjustTokenPrivileges 75->82 85 403b06 76->85 86 403b09-403b0c ExitProcess 76->86 95 403ae8-403af3 ExitWindowsEx 81->95 96 403adc-403ae6 81->96 82->81 84->65 85->86 90 403908-403916 call 405f14 88->90 91 403949-40395d call 405b08 lstrcatW 88->91 93 4038e0-4038e4 89->93 90->65 106 40391c-403932 call 40653d * 2 90->106 104 40396a-403984 lstrcatW lstrcmpiW 91->104 105 40395f-403965 lstrcatW 91->105 98 4038e6-4038eb 93->98 99 4038ed-4038f5 93->99 95->76 102 403af5-403af7 call 40140b 95->102 96->95 96->102 98->99 100 4038f7 98->100 99->93 99->100 100->88 102->76 109 403a57 104->109 110 40398a-40398d 104->110 105->104 106->70 109->65 112 403996 call 405aeb 110->112 113 40398f-403994 call 405a6e 110->113 119 40399b-4039ab SetCurrentDirectoryW 112->119 113->119 121 4039b8-4039e4 call 40653d 119->121 122 4039ad-4039b3 call 40653d 119->122 126 4039e9-403a04 call 40657a DeleteFileW 121->126 122->121 129 403a44-403a4e 126->129 130 403a06-403a16 CopyFileW 126->130 129->126 132 403a50-403a52 call 4062fd 129->132 130->129 131 403a18-403a38 call 4062fd call 40657a call 405b20 130->131 131->129 140 403a3a-403a41 CloseHandle 131->140 132->109 140->129
                                                                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                                                                  • SetErrorMode.KERNEL32(00008001), ref: 00403550
                                                                                                                                                                                                                                                                                                                  • GetVersionExW.KERNEL32(?), ref: 00403579
                                                                                                                                                                                                                                                                                                                  • GetVersionExW.KERNEL32(0000011C), ref: 00403590
                                                                                                                                                                                                                                                                                                                  • lstrlenA.KERNEL32(UXTHEME,UXTHEME), ref: 00403627
                                                                                                                                                                                                                                                                                                                  • #17.COMCTL32(00000007,00000009,0000000B), ref: 00403663
                                                                                                                                                                                                                                                                                                                  • OleInitialize.OLE32(00000000), ref: 0040366A
                                                                                                                                                                                                                                                                                                                  • SHGetFileInfoW.SHELL32(0042B228,00000000,?,000002B4,00000000), ref: 00403688
                                                                                                                                                                                                                                                                                                                  • GetCommandLineW.KERNEL32(00433F00,NSIS Error), ref: 0040369D
                                                                                                                                                                                                                                                                                                                  • CharNextW.USER32(00000000,00440000,00000020,00440000,00000000), ref: 004036D6
                                                                                                                                                                                                                                                                                                                  • GetTempPathW.KERNEL32(00000400,C:\Users\user\AppData\Local\Temp\,00000000,?), ref: 00403809
                                                                                                                                                                                                                                                                                                                  • GetWindowsDirectoryW.KERNEL32(C:\Users\user\AppData\Local\Temp\,000003FB), ref: 0040381A
                                                                                                                                                                                                                                                                                                                  • lstrcatW.KERNEL32(C:\Users\user\AppData\Local\Temp\,\Temp), ref: 00403826
                                                                                                                                                                                                                                                                                                                  • GetTempPathW.KERNEL32(000003FC,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,\Temp), ref: 0040383A
                                                                                                                                                                                                                                                                                                                  • lstrcatW.KERNEL32(C:\Users\user\AppData\Local\Temp\,Low), ref: 00403842
                                                                                                                                                                                                                                                                                                                  • SetEnvironmentVariableW.KERNEL32(TEMP,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,Low), ref: 00403853
                                                                                                                                                                                                                                                                                                                  • SetEnvironmentVariableW.KERNEL32(TMP,C:\Users\user\AppData\Local\Temp\), ref: 0040385B
                                                                                                                                                                                                                                                                                                                  • DeleteFileW.KERNEL32(1033), ref: 0040386F
                                                                                                                                                                                                                                                                                                                  • lstrcatW.KERNEL32(C:\Users\user\AppData\Local\Temp\,~nsu,00440000,00000000,?), ref: 00403956
                                                                                                                                                                                                                                                                                                                  • lstrcatW.KERNEL32(C:\Users\user\AppData\Local\Temp\,0040A26C,C:\Users\user\AppData\Local\Temp\,~nsu,00440000,00000000,?), ref: 00403965
                                                                                                                                                                                                                                                                                                                    • Part of subcall function 00405AEB: CreateDirectoryW.KERNEL32(?,00000000,00403520,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,00403810), ref: 00405AF1
                                                                                                                                                                                                                                                                                                                  • lstrcatW.KERNEL32(C:\Users\user\AppData\Local\Temp\,.tmp,C:\Users\user\AppData\Local\Temp\,~nsu,00440000,00000000,?), ref: 00403970
                                                                                                                                                                                                                                                                                                                  • lstrcmpiW.KERNEL32(C:\Users\user\AppData\Local\Temp\,00441800,C:\Users\user\AppData\Local\Temp\,.tmp,C:\Users\user\AppData\Local\Temp\,~nsu,00440000,00000000,?), ref: 0040397C
                                                                                                                                                                                                                                                                                                                  • SetCurrentDirectoryW.KERNEL32(C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\), ref: 0040399C
                                                                                                                                                                                                                                                                                                                  • DeleteFileW.KERNEL32(0042AA28,0042AA28,?,C:\Users\user\AppData\Local\Temp\nsr7B99.tmp,?), ref: 004039FB
                                                                                                                                                                                                                                                                                                                  • CopyFileW.KERNEL32(C:\Users\user\Desktop\Setup.exe,0042AA28,00000001), ref: 00403A0E
                                                                                                                                                                                                                                                                                                                  • CloseHandle.KERNEL32(00000000,0042AA28,0042AA28,?,0042AA28,00000000), ref: 00403A3B
                                                                                                                                                                                                                                                                                                                  • ExitProcess.KERNEL32(?), ref: 00403A59
                                                                                                                                                                                                                                                                                                                  • CoUninitialize.COMBASE(?), ref: 00403A5E
                                                                                                                                                                                                                                                                                                                  • ExitProcess.KERNEL32 ref: 00403A78
                                                                                                                                                                                                                                                                                                                  • GetCurrentProcess.KERNEL32(00000028,?), ref: 00403A8C
                                                                                                                                                                                                                                                                                                                  • OpenProcessToken.ADVAPI32(00000000), ref: 00403A93
                                                                                                                                                                                                                                                                                                                  • LookupPrivilegeValueW.ADVAPI32(00000000,SeShutdownPrivilege,?), ref: 00403AA7
                                                                                                                                                                                                                                                                                                                  • AdjustTokenPrivileges.ADVAPI32(?,00000000,?,00000000,00000000,00000000), ref: 00403AC6
                                                                                                                                                                                                                                                                                                                  • ExitWindowsEx.USER32(00000002,80040002), ref: 00403AEB
                                                                                                                                                                                                                                                                                                                  • ExitProcess.KERNEL32 ref: 00403B0C
                                                                                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                                                                  • Source File: 00000000.00000002.2581070006.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2581037993.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2581132216.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2581156480.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2581156480.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2581156480.000000000042F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2581156480.0000000000431000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2581156480.0000000000436000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2581156480.000000000043E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2581156480.0000000000442000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2581338870.000000000046C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2581338870.000000000046E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_400000_Setup.jbxd
                                                                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                                                                  • API ID: Processlstrcat$ExitFile$Directory$CurrentDeleteEnvironmentPathTempTokenVariableVersionWindows$AdjustCharCloseCommandCopyCreateErrorHandleInfoInitializeLineLookupModeNextOpenPrivilegePrivilegesUninitializeValuelstrcmpilstrlen
                                                                                                                                                                                                                                                                                                                  • String ID: .tmp$1033$C:\Users\user\AppData\Local\Temp\$C:\Users\user\AppData\Local\Temp\nsr7B99.tmp$C:\Users\user\Desktop\Setup.exe$Error launching installer$Low$NSIS Error$SeShutdownPrivilege$TEMP$TMP$UXTHEME$\Temp$~nsu
                                                                                                                                                                                                                                                                                                                  • API String ID: 2292928366-3563368085
                                                                                                                                                                                                                                                                                                                  • Opcode ID: a9950f16e1a4a62c6ded3d55c7a98e4382dcb346a085109a7b13f69721f27fd6
                                                                                                                                                                                                                                                                                                                  • Instruction ID: 4d4dc0a58e4858e72561def8a0259f0227da8af974c10a5ea2b310ef4b80d7a5
                                                                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: a9950f16e1a4a62c6ded3d55c7a98e4382dcb346a085109a7b13f69721f27fd6
                                                                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 66E10670A00214AADB10AFB59D45BAF3AB8EF4470AF14847FF545B22D1DB7C8A41CB6D
                                                                                                                                                                                                                                                                                                                  Function 004056DE Relevance: 66.8, APIs: 36, Strings: 2, Instructions: 284windowclipboardmemoryCOMMON
                                                                                                                                                                                                                                                                                                                  Download Yara Rule

                                                                                                                                                                                                                                                                                                                  Control-flow Graph

                                                                                                                                                                                                                                                                                                                  • Executed
                                                                                                                                                                                                                                                                                                                  • Not Executed
                                                                                                                                                                                                                                                                                                                  control_flow_graph 141 4056de-4056f9 142 405888-40588f 141->142 143 4056ff-4057c6 GetDlgItem * 3 call 4044ce call 404e27 GetClientRect GetSystemMetrics SendMessageW * 2 141->143 145 405891-4058b3 GetDlgItem CreateThread CloseHandle 142->145 146 4058b9-4058c6 142->146 165 4057e4-4057e7 143->165 166 4057c8-4057e2 SendMessageW * 2 143->166 145->146 148 4058e4-4058ee 146->148 149 4058c8-4058ce 146->149 150 4058f0-4058f6 148->150 151 405944-405948 148->151 153 4058d0-4058df ShowWindow * 2 call 4044ce 149->153 154 405909-405912 call 404500 149->154 155 4058f8-405904 call 404472 150->155 156 40591e-40592e ShowWindow 150->156 151->154 159 40594a-405950 151->159 153->148 162 405917-40591b 154->162 155->154 163 405930-405939 call 40559f 156->163 164 40593e-40593f call 404472 156->164 159->154 167 405952-405965 SendMessageW 159->167 163->164 164->151 170 4057f7-40580e call 404499 165->170 171 4057e9-4057f5 SendMessageW 165->171 166->165 172 405a67-405a69 167->172 173 40596b-405996 CreatePopupMenu call 40657a AppendMenuW 167->173 180 405810-405824 ShowWindow 170->180 181 405844-405865 GetDlgItem SendMessageW 170->181 171->170 172->162 178 405998-4059a8 GetWindowRect 173->178 179 4059ab-4059c0 TrackPopupMenu 173->179 178->179 179->172 182 4059c6-4059dd 179->182 183 405833 180->183 184 405826-405831 ShowWindow 180->184 181->172 185 40586b-405883 SendMessageW * 2 181->185 186 4059e2-4059fd SendMessageW 182->186 187 405839-40583f call 4044ce 183->187 184->187 185->172 186->186 188 4059ff-405a22 OpenClipboard EmptyClipboard GlobalAlloc GlobalLock 186->188 187->181 190 405a24-405a4b SendMessageW 188->190 190->190 191 405a4d-405a61 GlobalUnlock SetClipboardData CloseClipboard 190->191 191->172
                                                                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                                                                  • GetDlgItem.USER32(?,00000403), ref: 0040573C
                                                                                                                                                                                                                                                                                                                  • GetDlgItem.USER32(?,000003EE), ref: 0040574B
                                                                                                                                                                                                                                                                                                                  • GetClientRect.USER32(?,?), ref: 00405788
                                                                                                                                                                                                                                                                                                                  • GetSystemMetrics.USER32(00000002), ref: 0040578F
                                                                                                                                                                                                                                                                                                                  • SendMessageW.USER32(?,00001061,00000000,?), ref: 004057B0
                                                                                                                                                                                                                                                                                                                  • SendMessageW.USER32(?,00001036,00004000,00004000), ref: 004057C1
                                                                                                                                                                                                                                                                                                                  • SendMessageW.USER32(?,00001001,00000000,00000110), ref: 004057D4
                                                                                                                                                                                                                                                                                                                  • SendMessageW.USER32(?,00001026,00000000,00000110), ref: 004057E2
                                                                                                                                                                                                                                                                                                                  • SendMessageW.USER32(?,00001024,00000000,?), ref: 004057F5
                                                                                                                                                                                                                                                                                                                  • ShowWindow.USER32(00000000,?,0000001B,000000FF), ref: 00405817
                                                                                                                                                                                                                                                                                                                  • ShowWindow.USER32(?,00000008), ref: 0040582B
                                                                                                                                                                                                                                                                                                                  • GetDlgItem.USER32(?,000003EC), ref: 0040584C
                                                                                                                                                                                                                                                                                                                  • SendMessageW.USER32(00000000,00000401,00000000,75300000), ref: 0040585C
                                                                                                                                                                                                                                                                                                                  • SendMessageW.USER32(00000000,00000409,00000000,?), ref: 00405875
                                                                                                                                                                                                                                                                                                                  • SendMessageW.USER32(00000000,00002001,00000000,00000110), ref: 00405881
                                                                                                                                                                                                                                                                                                                  • GetDlgItem.USER32(?,000003F8), ref: 0040575A
                                                                                                                                                                                                                                                                                                                    • Part of subcall function 004044CE: SendMessageW.USER32(00000028,?,00000001,004042F9), ref: 004044DC
                                                                                                                                                                                                                                                                                                                  • GetDlgItem.USER32(?,000003EC), ref: 0040589E
                                                                                                                                                                                                                                                                                                                  • CreateThread.KERNEL32(00000000,00000000,Function_00005672,00000000), ref: 004058AC
                                                                                                                                                                                                                                                                                                                  • CloseHandle.KERNEL32(00000000), ref: 004058B3
                                                                                                                                                                                                                                                                                                                  • ShowWindow.USER32(00000000), ref: 004058D7
                                                                                                                                                                                                                                                                                                                  • ShowWindow.USER32(000304A0,00000008), ref: 004058DC
                                                                                                                                                                                                                                                                                                                  • ShowWindow.USER32(00000008), ref: 00405926
                                                                                                                                                                                                                                                                                                                  • SendMessageW.USER32(?,00001004,00000000,00000000), ref: 0040595A
                                                                                                                                                                                                                                                                                                                  • CreatePopupMenu.USER32 ref: 0040596B
                                                                                                                                                                                                                                                                                                                  • AppendMenuW.USER32(00000000,00000000,00000001,00000000), ref: 0040597F
                                                                                                                                                                                                                                                                                                                  • GetWindowRect.USER32(?,?), ref: 0040599F
                                                                                                                                                                                                                                                                                                                  • TrackPopupMenu.USER32(00000000,00000180,?,?,00000000,?,00000000), ref: 004059B8
                                                                                                                                                                                                                                                                                                                  • SendMessageW.USER32(?,00001073,00000000,?), ref: 004059F0
                                                                                                                                                                                                                                                                                                                  • OpenClipboard.USER32(00000000), ref: 00405A00
                                                                                                                                                                                                                                                                                                                  • EmptyClipboard.USER32 ref: 00405A06
                                                                                                                                                                                                                                                                                                                  • GlobalAlloc.KERNEL32(00000042,00000000), ref: 00405A12
                                                                                                                                                                                                                                                                                                                  • GlobalLock.KERNEL32(00000000), ref: 00405A1C
                                                                                                                                                                                                                                                                                                                  • SendMessageW.USER32(?,00001073,00000000,?), ref: 00405A30
                                                                                                                                                                                                                                                                                                                  • GlobalUnlock.KERNEL32(00000000), ref: 00405A50
                                                                                                                                                                                                                                                                                                                  • SetClipboardData.USER32(0000000D,00000000), ref: 00405A5B
                                                                                                                                                                                                                                                                                                                  • CloseClipboard.USER32 ref: 00405A61
                                                                                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                                                                  • Source File: 00000000.00000002.2581070006.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2581037993.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2581132216.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2581156480.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2581156480.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2581156480.000000000042F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2581156480.0000000000431000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2581156480.0000000000436000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2581156480.000000000043E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2581156480.0000000000442000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2581338870.000000000046C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2581338870.000000000046E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_400000_Setup.jbxd
                                                                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                                                                  • API ID: MessageSend$Window$ItemShow$Clipboard$GlobalMenu$CloseCreatePopupRect$AllocAppendClientDataEmptyHandleLockMetricsOpenSystemThreadTrackUnlock
                                                                                                                                                                                                                                                                                                                  • String ID: $NN${
                                                                                                                                                                                                                                                                                                                  • API String ID: 590372296-3314792463
                                                                                                                                                                                                                                                                                                                  • Opcode ID: c8ef7bbbe888f33c7642292c9829dc0fe895fcac448e4408b73d3b9779d96911
                                                                                                                                                                                                                                                                                                                  • Instruction ID: 6b97441d6f4cfe62a880681573964a63c423f2dd70b2063085686802d9cc5617
                                                                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: c8ef7bbbe888f33c7642292c9829dc0fe895fcac448e4408b73d3b9779d96911
                                                                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: C8B169B1900608FFDB119FA0DD85AAE7B79FB44355F00803AFA41BA1A0C7755E51DF58
                                                                                                                                                                                                                                                                                                                  Function 00405C49 Relevance: 21.1, APIs: 7, Strings: 5, Instructions: 148filestringCOMMON
                                                                                                                                                                                                                                                                                                                  Download Yara Rule

                                                                                                                                                                                                                                                                                                                  Control-flow Graph

                                                                                                                                                                                                                                                                                                                  • Executed
                                                                                                                                                                                                                                                                                                                  • Not Executed
                                                                                                                                                                                                                                                                                                                  control_flow_graph 498 405c49-405c6f call 405f14 501 405c71-405c83 DeleteFileW 498->501 502 405c88-405c8f 498->502 503 405e05-405e09 501->503 504 405c91-405c93 502->504 505 405ca2-405cb2 call 40653d 502->505 506 405db3-405db8 504->506 507 405c99-405c9c 504->507 513 405cc1-405cc2 call 405e58 505->513 514 405cb4-405cbf lstrcatW 505->514 506->503 509 405dba-405dbd 506->509 507->505 507->506 511 405dc7-405dcf call 406873 509->511 512 405dbf-405dc5 509->512 511->503 522 405dd1-405de5 call 405e0c call 405c01 511->522 512->503 516 405cc7-405ccb 513->516 514->516 518 405cd7-405cdd lstrcatW 516->518 519 405ccd-405cd5 516->519 521 405ce2-405cfe lstrlenW FindFirstFileW 518->521 519->518 519->521 523 405d04-405d0c 521->523 524 405da8-405dac 521->524 538 405de7-405dea 522->538 539 405dfd-405e00 call 40559f 522->539 526 405d2c-405d40 call 40653d 523->526 527 405d0e-405d16 523->527 524->506 529 405dae 524->529 540 405d42-405d4a 526->540 541 405d57-405d62 call 405c01 526->541 530 405d18-405d20 527->530 531 405d8b-405d9b FindNextFileW 527->531 529->506 530->526 534 405d22-405d2a 530->534 531->523 537 405da1-405da2 FindClose 531->537 534->526 534->531 537->524 538->512 544 405dec-405dfb call 40559f call 4062fd 538->544 539->503 540->531 545 405d4c-405d55 call 405c49 540->545 549 405d83-405d86 call 40559f 541->549 550 405d64-405d67 541->550 544->503 545->531 549->531 553 405d69-405d79 call 40559f call 4062fd 550->553 554 405d7b-405d81 550->554 553->531 554->531
                                                                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                                                                  • DeleteFileW.KERNEL32(?,?,74DF3420,C:\Users\user\AppData\Local\Temp\,00000000), ref: 00405C72
                                                                                                                                                                                                                                                                                                                  • lstrcatW.KERNEL32(C:\Users\user\AppData\Local\Temp\nst5AB2.tmp\*.*,\*.*,C:\Users\user\AppData\Local\Temp\nst5AB2.tmp\*.*,?,?,74DF3420,C:\Users\user\AppData\Local\Temp\,00000000), ref: 00405CBA
                                                                                                                                                                                                                                                                                                                  • lstrcatW.KERNEL32(?,0040A014,?,C:\Users\user\AppData\Local\Temp\nst5AB2.tmp\*.*,?,?,74DF3420,C:\Users\user\AppData\Local\Temp\,00000000), ref: 00405CDD
                                                                                                                                                                                                                                                                                                                  • lstrlenW.KERNEL32(?,?,0040A014,?,C:\Users\user\AppData\Local\Temp\nst5AB2.tmp\*.*,?,?,74DF3420,C:\Users\user\AppData\Local\Temp\,00000000), ref: 00405CE3
                                                                                                                                                                                                                                                                                                                  • FindFirstFileW.KERNEL32(C:\Users\user\AppData\Local\Temp\nst5AB2.tmp\*.*,?,?,?,0040A014,?,C:\Users\user\AppData\Local\Temp\nst5AB2.tmp\*.*,?,?,74DF3420,C:\Users\user\AppData\Local\Temp\,00000000), ref: 00405CF3
                                                                                                                                                                                                                                                                                                                  • FindNextFileW.KERNELBASE(00000000,00000010,000000F2,?,?,?,?,0000002E), ref: 00405D93
                                                                                                                                                                                                                                                                                                                  • FindClose.KERNEL32(00000000), ref: 00405DA2
                                                                                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                                                                  • Source File: 00000000.00000002.2581070006.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2581037993.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2581132216.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2581156480.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2581156480.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2581156480.000000000042F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2581156480.0000000000431000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2581156480.0000000000436000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2581156480.000000000043E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2581156480.0000000000442000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2581338870.000000000046C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2581338870.000000000046E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_400000_Setup.jbxd
                                                                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                                                                  • API ID: FileFind$lstrcat$CloseDeleteFirstNextlstrlen
                                                                                                                                                                                                                                                                                                                  • String ID: .$.$C:\Users\user\AppData\Local\Temp\$C:\Users\user\AppData\Local\Temp\nst5AB2.tmp\*.*$\*.*
                                                                                                                                                                                                                                                                                                                  • API String ID: 2035342205-4117635255
                                                                                                                                                                                                                                                                                                                  • Opcode ID: d4824498ca5d4646401654330336f54dc3516ea2401a274e156101c2699109e4
                                                                                                                                                                                                                                                                                                                  • Instruction ID: 8b2ee76931e9ba666d6dc67a471f1b560bbb00ea1adf29c264b32972d7114dcf
                                                                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: d4824498ca5d4646401654330336f54dc3516ea2401a274e156101c2699109e4
                                                                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 3D41A130900A14BADB216B65CC8DABF7678DF81714F14817FF841B21D1D77C4A819EAE
                                                                                                                                                                                                                                                                                                                  Function 00406873 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 14fileCOMMON
                                                                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                                                                  • FindFirstFileW.KERNEL32(74DF3420,004302B8,C:\,00405F5D,C:\,C:\,00000000,C:\,C:\,74DF3420,?,C:\Users\user\AppData\Local\Temp\,00405C69,?,74DF3420,C:\Users\user\AppData\Local\Temp\), ref: 0040687E
                                                                                                                                                                                                                                                                                                                  • FindClose.KERNEL32(00000000), ref: 0040688A
                                                                                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                                                                  • Source File: 00000000.00000002.2581070006.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2581037993.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2581132216.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2581156480.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2581156480.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2581156480.000000000042F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2581156480.0000000000431000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2581156480.0000000000436000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2581156480.000000000043E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2581156480.0000000000442000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2581338870.000000000046C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2581338870.000000000046E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_400000_Setup.jbxd
                                                                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                                                                  • API ID: Find$CloseFileFirst
                                                                                                                                                                                                                                                                                                                  • String ID: C:\
                                                                                                                                                                                                                                                                                                                  • API String ID: 2295610775-3404278061
                                                                                                                                                                                                                                                                                                                  • Opcode ID: 86d0f84efe5cb21a5e65899ed37e92679b9de560e532c409a12d624e9ae3e839
                                                                                                                                                                                                                                                                                                                  • Instruction ID: 67599a3b69382adcf67454a25bfea179debcebd0a6e2e92eb77ede12202c023a
                                                                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 86d0f84efe5cb21a5e65899ed37e92679b9de560e532c409a12d624e9ae3e839
                                                                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: C3D012325192205FC3402B386E0C84B7A989F16331726CB76B4AAF51E0D7388C7387BD
                                                                                                                                                                                                                                                                                                                  Function 00403F9A Relevance: 61.6, APIs: 34, Strings: 1, Instructions: 357windowstringCOMMON
                                                                                                                                                                                                                                                                                                                  Download Yara Rule

                                                                                                                                                                                                                                                                                                                  Control-flow Graph

                                                                                                                                                                                                                                                                                                                  • Executed
                                                                                                                                                                                                                                                                                                                  • Not Executed
                                                                                                                                                                                                                                                                                                                  control_flow_graph 192 403f9a-403fac 193 403fb2-403fb8 192->193 194 404113-404122 192->194 193->194 195 403fbe-403fc7 193->195 196 404171-404186 194->196 197 404124-40416c GetDlgItem * 2 call 404499 SetClassLongW call 40140b 194->197 200 403fc9-403fd6 SetWindowPos 195->200 201 403fdc-403fe3 195->201 198 4041c6-4041cb call 4044e5 196->198 199 404188-40418b 196->199 197->196 214 4041d0-4041eb 198->214 203 40418d-404198 call 401389 199->203 204 4041be-4041c0 199->204 200->201 206 403fe5-403fff ShowWindow 201->206 207 404027-40402d 201->207 203->204 228 40419a-4041b9 SendMessageW 203->228 204->198 213 404466 204->213 215 404100-40410e call 404500 206->215 216 404005-404018 GetWindowLongW 206->216 209 404046-404049 207->209 210 40402f-404041 DestroyWindow 207->210 220 40404b-404057 SetWindowLongW 209->220 221 40405c-404062 209->221 217 404443-404449 210->217 219 404468-40446f 213->219 224 4041f4-4041fa 214->224 225 4041ed-4041ef call 40140b 214->225 215->219 216->215 226 40401e-404021 ShowWindow 216->226 217->213 231 40444b-404451 217->231 220->219 221->215 227 404068-404077 GetDlgItem 221->227 232 404200-40420b 224->232 233 404424-40443d DestroyWindow KiUserCallbackDispatcher 224->233 225->224 226->207 235 404096-404099 227->235 236 404079-404090 SendMessageW IsWindowEnabled 227->236 228->219 231->213 237 404453-40445c ShowWindow 231->237 232->233 234 404211-40425e call 40657a call 404499 * 3 GetDlgItem 232->234 233->217 264 404260-404265 234->264 265 404268-4042a4 ShowWindow KiUserCallbackDispatcher call 4044bb KiUserCallbackDispatcher 234->265 239 40409b-40409c 235->239 240 40409e-4040a1 235->240 236->213 236->235 237->213 242 4040cc-4040d1 call 404472 239->242 243 4040a3-4040a9 240->243 244 4040af-4040b4 240->244 242->215 247 4040ea-4040fa SendMessageW 243->247 248 4040ab-4040ad 243->248 244->247 249 4040b6-4040bc 244->249 247->215 248->242 252 4040d3-4040dc call 40140b 249->252 253 4040be-4040c4 call 40140b 249->253 252->215 262 4040de-4040e8 252->262 260 4040ca 253->260 260->242 262->260 264->265 268 4042a6-4042a7 265->268 269 4042a9 265->269 270 4042ab-4042d9 GetSystemMenu EnableMenuItem SendMessageW 268->270 269->270 271 4042db-4042ec SendMessageW 270->271 272 4042ee 270->272 273 4042f4-404333 call 4044ce call 403f7b call 40653d lstrlenW call 40657a SetWindowTextW call 401389 271->273 272->273 273->214 284 404339-40433b 273->284 284->214 285 404341-404345 284->285 286 404364-404378 DestroyWindow 285->286 287 404347-40434d 285->287 286->217 289 40437e-4043ab CreateDialogParamW 286->289 287->213 288 404353-404359 287->288 288->214 290 40435f 288->290 289->217 291 4043b1-404408 call 404499 GetDlgItem GetWindowRect ScreenToClient SetWindowPos call 401389 289->291 290->213 291->213 296 40440a-40441d ShowWindow call 4044e5 291->296 298 404422 296->298 298->217
                                                                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                                                                  • SetWindowPos.USER32(?,00000000,00000000,00000000,00000000,00000013), ref: 00403FD6
                                                                                                                                                                                                                                                                                                                  • ShowWindow.USER32(?), ref: 00403FF6
                                                                                                                                                                                                                                                                                                                  • GetWindowLongW.USER32(?,000000F0), ref: 00404008
                                                                                                                                                                                                                                                                                                                  • ShowWindow.USER32(?,00000004), ref: 00404021
                                                                                                                                                                                                                                                                                                                  • DestroyWindow.USER32 ref: 00404035
                                                                                                                                                                                                                                                                                                                  • SetWindowLongW.USER32(?,00000000,00000000), ref: 0040404E
                                                                                                                                                                                                                                                                                                                  • GetDlgItem.USER32(?,?), ref: 0040406D
                                                                                                                                                                                                                                                                                                                  • SendMessageW.USER32(00000000,000000F3,00000000,00000000), ref: 00404081
                                                                                                                                                                                                                                                                                                                  • IsWindowEnabled.USER32(00000000), ref: 00404088
                                                                                                                                                                                                                                                                                                                  • GetDlgItem.USER32(?,00000001), ref: 00404133
                                                                                                                                                                                                                                                                                                                  • GetDlgItem.USER32(?,00000002), ref: 0040413D
                                                                                                                                                                                                                                                                                                                  • SetClassLongW.USER32(?,000000F2,?), ref: 00404157
                                                                                                                                                                                                                                                                                                                  • SendMessageW.USER32(0000040F,00000000,00000001,?), ref: 004041A8
                                                                                                                                                                                                                                                                                                                  • GetDlgItem.USER32(?,00000003), ref: 0040424E
                                                                                                                                                                                                                                                                                                                  • ShowWindow.USER32(00000000,?), ref: 0040426F
                                                                                                                                                                                                                                                                                                                  • KiUserCallbackDispatcher.NTDLL(?,?), ref: 00404281
                                                                                                                                                                                                                                                                                                                  • KiUserCallbackDispatcher.NTDLL(?,?), ref: 0040429C
                                                                                                                                                                                                                                                                                                                  • GetSystemMenu.USER32(?,00000000,0000F060,00000001), ref: 004042B2
                                                                                                                                                                                                                                                                                                                  • EnableMenuItem.USER32(00000000), ref: 004042B9
                                                                                                                                                                                                                                                                                                                  • SendMessageW.USER32(?,000000F4,00000000,00000001), ref: 004042D1
                                                                                                                                                                                                                                                                                                                  • SendMessageW.USER32(?,00000401,00000002,00000000), ref: 004042E4
                                                                                                                                                                                                                                                                                                                  • lstrlenW.KERNEL32(0042D268,?,0042D268,00000000), ref: 0040430E
                                                                                                                                                                                                                                                                                                                  • SetWindowTextW.USER32(?,0042D268), ref: 00404322
                                                                                                                                                                                                                                                                                                                  • ShowWindow.USER32(?,0000000A), ref: 00404456
                                                                                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                                                                  • Source File: 00000000.00000002.2581070006.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2581037993.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2581132216.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2581156480.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2581156480.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2581156480.000000000042F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2581156480.0000000000431000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2581156480.0000000000436000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2581156480.000000000043E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2581156480.0000000000442000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2581338870.000000000046C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2581338870.000000000046E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_400000_Setup.jbxd
                                                                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                                                                  • API ID: Window$Item$MessageSendShow$Long$CallbackDispatcherMenuUser$ClassDestroyEnableEnabledSystemTextlstrlen
                                                                                                                                                                                                                                                                                                                  • String ID: $NN
                                                                                                                                                                                                                                                                                                                  • API String ID: 3964124867-1067137330
                                                                                                                                                                                                                                                                                                                  • Opcode ID: e7f11a10533a611f3fe78e549378f399a66bd747c21cf404ab37e5123baac86e
                                                                                                                                                                                                                                                                                                                  • Instruction ID: 19e8ffe36521fda3862950d2389d84f1ef0c133ac5ff71005f69e3a94542e2f3
                                                                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: e7f11a10533a611f3fe78e549378f399a66bd747c21cf404ab37e5123baac86e
                                                                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: DDC1A1B1A00704ABDB206F61EE49E2B3A68FB84746F15053EF741B61F1CB799841DB2D
                                                                                                                                                                                                                                                                                                                  Function 00403BEC Relevance: 42.2, APIs: 13, Strings: 11, Instructions: 215stringregistryCOMMON
                                                                                                                                                                                                                                                                                                                  Download Yara Rule

                                                                                                                                                                                                                                                                                                                  Control-flow Graph

                                                                                                                                                                                                                                                                                                                  • Executed
                                                                                                                                                                                                                                                                                                                  • Not Executed
                                                                                                                                                                                                                                                                                                                  control_flow_graph 299 403bec-403c04 call 40690a 302 403c06-403c16 call 406484 299->302 303 403c18-403c4f call 40640b 299->303 312 403c72-403c9b call 403ec2 call 405f14 302->312 308 403c51-403c62 call 40640b 303->308 309 403c67-403c6d lstrcatW 303->309 308->309 309->312 317 403ca1-403ca6 312->317 318 403d2d-403d35 call 405f14 312->318 317->318 319 403cac-403cd4 call 40640b 317->319 324 403d43-403d68 LoadImageW 318->324 325 403d37-403d3e call 40657a 318->325 319->318 326 403cd6-403cda 319->326 328 403de9-403df1 call 40140b 324->328 329 403d6a-403d9a RegisterClassW 324->329 325->324 330 403cec-403cf8 lstrlenW 326->330 331 403cdc-403ce9 call 405e39 326->331 343 403df3-403df6 328->343 344 403dfb-403e06 call 403ec2 328->344 332 403da0-403de4 SystemParametersInfoW CreateWindowExW 329->332 333 403eb8 329->333 337 403d20-403d28 call 405e0c call 40653d 330->337 338 403cfa-403d08 lstrcmpiW 330->338 331->330 332->328 336 403eba-403ec1 333->336 337->318 338->337 342 403d0a-403d14 GetFileAttributesW 338->342 347 403d16-403d18 342->347 348 403d1a-403d1b call 405e58 342->348 343->336 352 403e0c-403e26 ShowWindow call 40689a 344->352 353 403e8f-403e90 call 405672 344->353 347->337 347->348 348->337 360 403e32-403e44 GetClassInfoW 352->360 361 403e28-403e2d call 40689a 352->361 356 403e95-403e97 353->356 358 403eb1-403eb3 call 40140b 356->358 359 403e99-403e9f 356->359 358->333 359->343 362 403ea5-403eac call 40140b 359->362 365 403e46-403e56 GetClassInfoW RegisterClassW 360->365 366 403e5c-403e7f DialogBoxParamW call 40140b 360->366 361->360 362->343 365->366 370 403e84-403e8d call 403b3c 366->370 370->336
                                                                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                                                                    • Part of subcall function 0040690A: GetModuleHandleA.KERNEL32(?,00000020,?,0040363D,0000000B), ref: 0040691C
                                                                                                                                                                                                                                                                                                                    • Part of subcall function 0040690A: GetProcAddress.KERNEL32(00000000,?), ref: 00406937
                                                                                                                                                                                                                                                                                                                  • lstrcatW.KERNEL32(1033,0042D268,80000001,Control Panel\Desktop\ResourceLocale,00000000,0042D268,00000000,00000002,74DF3420,C:\Users\user\AppData\Local\Temp\,?,00000000,?), ref: 00403C6D
                                                                                                                                                                                                                                                                                                                  • lstrlenW.KERNEL32(Remove folder: ,?,?,?,Remove folder: ,00000000,00440800,1033,0042D268,80000001,Control Panel\Desktop\ResourceLocale,00000000,0042D268,00000000,00000002,74DF3420), ref: 00403CED
                                                                                                                                                                                                                                                                                                                  • lstrcmpiW.KERNEL32(?,.exe,Remove folder: ,?,?,?,Remove folder: ,00000000,00440800,1033,0042D268,80000001,Control Panel\Desktop\ResourceLocale,00000000,0042D268,00000000), ref: 00403D00
                                                                                                                                                                                                                                                                                                                  • GetFileAttributesW.KERNEL32(Remove folder: ,?,00000000,?), ref: 00403D0B
                                                                                                                                                                                                                                                                                                                  • LoadImageW.USER32(00000067,00000001,00000000,00000000,00008040,00440800), ref: 00403D54
                                                                                                                                                                                                                                                                                                                    • Part of subcall function 00406484: wsprintfW.USER32 ref: 00406491
                                                                                                                                                                                                                                                                                                                  • RegisterClassW.USER32(00433EA0), ref: 00403D91
                                                                                                                                                                                                                                                                                                                  • SystemParametersInfoW.USER32(00000030,00000000,?,00000000), ref: 00403DA9
                                                                                                                                                                                                                                                                                                                  • CreateWindowExW.USER32(00000080,_Nb,00000000,80000000,?,?,?,?,00000000,00000000,00000000), ref: 00403DDE
                                                                                                                                                                                                                                                                                                                  • ShowWindow.USER32(00000005,00000000,?,00000000,?), ref: 00403E14
                                                                                                                                                                                                                                                                                                                  • GetClassInfoW.USER32(00000000,RichEdit20W,00433EA0), ref: 00403E40
                                                                                                                                                                                                                                                                                                                  • GetClassInfoW.USER32(00000000,RichEdit,00433EA0), ref: 00403E4D
                                                                                                                                                                                                                                                                                                                  • RegisterClassW.USER32(00433EA0), ref: 00403E56
                                                                                                                                                                                                                                                                                                                  • DialogBoxParamW.USER32(?,00000000,00403F9A,00000000), ref: 00403E75
                                                                                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                                                                  • Source File: 00000000.00000002.2581070006.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2581037993.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2581132216.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2581156480.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2581156480.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2581156480.000000000042F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2581156480.0000000000431000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2581156480.0000000000436000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2581156480.000000000043E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2581156480.0000000000442000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2581338870.000000000046C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2581338870.000000000046E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_400000_Setup.jbxd
                                                                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                                                                  • API ID: Class$Info$RegisterWindow$AddressAttributesCreateDialogFileHandleImageLoadModuleParamParametersProcShowSystemlstrcatlstrcmpilstrlenwsprintf
                                                                                                                                                                                                                                                                                                                  • String ID: .DEFAULT\Control Panel\International$.exe$1033$C:\Users\user\AppData\Local\Temp\$Control Panel\Desktop\ResourceLocale$Remove folder: $RichEd20$RichEd32$RichEdit$RichEdit20W$_Nb
                                                                                                                                                                                                                                                                                                                  • API String ID: 1975747703-1389134667
                                                                                                                                                                                                                                                                                                                  • Opcode ID: b5e4680adf6fab30abf8c31c9b96982c96c1f128c8b6e65fe06ccfbd791f05a2
                                                                                                                                                                                                                                                                                                                  • Instruction ID: 6cc527b2f10929733706d009ff8c1d9b21e511251dd9cb17fe62514cef47010a
                                                                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: b5e4680adf6fab30abf8c31c9b96982c96c1f128c8b6e65fe06ccfbd791f05a2
                                                                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: F561A670140300BED721AF66ED46F2B3A6CEB84B5AF40453FF945B62E2CB7D59018A6D
                                                                                                                                                                                                                                                                                                                  Function 0040657A Relevance: 22.9, APIs: 7, Strings: 6, Instructions: 196stringCOMMON
                                                                                                                                                                                                                                                                                                                  Download Yara Rule

                                                                                                                                                                                                                                                                                                                  Control-flow Graph

                                                                                                                                                                                                                                                                                                                  • Executed
                                                                                                                                                                                                                                                                                                                  • Not Executed
                                                                                                                                                                                                                                                                                                                  control_flow_graph 373 40657a-406585 374 406587-406596 373->374 375 406598-4065ae 373->375 374->375 376 4065b0-4065bd 375->376 377 4065c6-4065cf 375->377 376->377 378 4065bf-4065c2 376->378 379 4065d5 377->379 380 4067aa-4067b5 377->380 378->377 381 4065da-4065e7 379->381 382 4067c0-4067c1 380->382 383 4067b7-4067bb call 40653d 380->383 381->380 384 4065ed-4065f6 381->384 383->382 386 406788 384->386 387 4065fc-406639 384->387 390 406796-406799 386->390 391 40678a-406794 386->391 388 40672c-406731 387->388 389 40663f-406646 387->389 395 406733-406739 388->395 396 406764-406769 388->396 392 406648-40664a 389->392 393 40664b-40664d 389->393 394 40679b-4067a4 390->394 391->394 392->393 397 40668a-40668d 393->397 398 40664f-406676 call 40640b 393->398 394->380 401 4065d7 394->401 402 406749-406755 call 40653d 395->402 403 40673b-406747 call 406484 395->403 399 406778-406786 lstrlenW 396->399 400 40676b-406773 call 40657a 396->400 407 40669d-4066a0 397->407 408 40668f-40669b GetSystemDirectoryW 397->408 418 406713-406717 398->418 419 40667c-406685 call 40657a 398->419 399->394 400->399 401->381 411 40675a-406760 402->411 403->411 414 4066a2-4066b0 GetWindowsDirectoryW 407->414 415 406709-40670b 407->415 413 40670d-406711 408->413 411->399 416 406762 411->416 413->418 420 406724-40672a call 4067c4 413->420 414->415 415->413 417 4066b2-4066ba 415->417 416->420 424 4066d1-4066e7 SHGetSpecialFolderLocation 417->424 425 4066bc-4066c5 417->425 418->420 421 406719-40671f lstrcatW 418->421 419->413 420->399 421->420 426 406705 424->426 427 4066e9-406703 SHGetPathFromIDListW CoTaskMemFree 424->427 430 4066cd-4066cf 425->430 426->415 427->413 427->426 430->413 430->424
                                                                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                                                                  • GetSystemDirectoryW.KERNEL32(Remove folder: ,00000400), ref: 00406695
                                                                                                                                                                                                                                                                                                                  • GetWindowsDirectoryW.KERNEL32(Remove folder: ,00000400,00000000,Remove folder: C:\Users\user\AppData\Local\Temp\nst5AB2.tmp\,?,004055D6,Remove folder: C:\Users\user\AppData\Local\Temp\nst5AB2.tmp\,00000000,00000000,00424420,74DF23A0), ref: 004066A8
                                                                                                                                                                                                                                                                                                                  • lstrcatW.KERNEL32(Remove folder: ,\Microsoft\Internet Explorer\Quick Launch), ref: 0040671F
                                                                                                                                                                                                                                                                                                                  • lstrlenW.KERNEL32(Remove folder: ,00000000,Remove folder: C:\Users\user\AppData\Local\Temp\nst5AB2.tmp\,?,004055D6,Remove folder: C:\Users\user\AppData\Local\Temp\nst5AB2.tmp\,00000000), ref: 00406779
                                                                                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                                                                  • Source File: 00000000.00000002.2581070006.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2581037993.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2581132216.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2581156480.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2581156480.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2581156480.000000000042F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2581156480.0000000000431000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2581156480.0000000000436000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2581156480.000000000043E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2581156480.0000000000442000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2581338870.000000000046C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2581338870.000000000046E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_400000_Setup.jbxd
                                                                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                                                                  • API ID: Directory$SystemWindowslstrcatlstrlen
                                                                                                                                                                                                                                                                                                                  • String ID: @xP$C:\Users\user\AppData\Local\Temp\nsr7B99.tmp$Remove folder: $Remove folder: C:\Users\user\AppData\Local\Temp\nst5AB2.tmp\$Software\Microsoft\Windows\CurrentVersion$\Microsoft\Internet Explorer\Quick Launch
                                                                                                                                                                                                                                                                                                                  • API String ID: 4260037668-4005980091
                                                                                                                                                                                                                                                                                                                  • Opcode ID: 71c82525ba0a65243e1f04eb87fe478d36a31e86dfe70ef8bf5ce9ddd18f012c
                                                                                                                                                                                                                                                                                                                  • Instruction ID: 685928b229c5d1fd60d609eb920d771e11fa4d776b5b66b0bad6c944a0f90ddf
                                                                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 71c82525ba0a65243e1f04eb87fe478d36a31e86dfe70ef8bf5ce9ddd18f012c
                                                                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 1D61D131900205EADB209F64DD80BAE77A5EF54318F22813BE907B72D0D77D99A1CB5D
                                                                                                                                                                                                                                                                                                                  Function 0040307D Relevance: 22.9, APIs: 5, Strings: 8, Instructions: 181memoryCOMMON
                                                                                                                                                                                                                                                                                                                  Download Yara Rule

                                                                                                                                                                                                                                                                                                                  Control-flow Graph

                                                                                                                                                                                                                                                                                                                  • Executed
                                                                                                                                                                                                                                                                                                                  • Not Executed
                                                                                                                                                                                                                                                                                                                  control_flow_graph 431 40307d-4030cb GetTickCount GetModuleFileNameW call 40602d 434 4030d7-403105 call 40653d call 405e58 call 40653d GetFileSize 431->434 435 4030cd-4030d2 431->435 443 4031f0-4031fe call 403019 434->443 444 40310b 434->444 436 4032ad-4032b1 435->436 450 403200-403203 443->450 451 403253-403258 443->451 446 403110-403127 444->446 448 403129 446->448 449 40312b-403134 call 4034cf 446->449 448->449 457 40325a-403262 call 403019 449->457 458 40313a-403141 449->458 453 403205-40321d call 4034e5 call 4034cf 450->453 454 403227-403251 GlobalAlloc call 4034e5 call 4032b4 450->454 451->436 453->451 477 40321f-403225 453->477 454->451 482 403264-403275 454->482 457->451 462 403143-403157 call 405fe8 458->462 463 4031bd-4031c1 458->463 468 4031cb-4031d1 462->468 480 403159-403160 462->480 467 4031c3-4031ca call 403019 463->467 463->468 467->468 473 4031e0-4031e8 468->473 474 4031d3-4031dd call 4069f7 468->474 473->446 481 4031ee 473->481 474->473 477->451 477->454 480->468 486 403162-403169 480->486 481->443 483 403277 482->483 484 40327d-403282 482->484 483->484 487 403283-403289 484->487 486->468 488 40316b-403172 486->488 487->487 489 40328b-4032a6 SetFilePointer call 405fe8 487->489 488->468 490 403174-40317b 488->490 494 4032ab 489->494 490->468 491 40317d-40319d 490->491 491->451 493 4031a3-4031a7 491->493 495 4031a9-4031ad 493->495 496 4031af-4031b7 493->496 494->436 495->481 495->496 496->468 497 4031b9-4031bb 496->497 497->468
                                                                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                                                                  • GetTickCount.KERNEL32 ref: 0040308E
                                                                                                                                                                                                                                                                                                                  • GetModuleFileNameW.KERNEL32(00000000,C:\Users\user\Desktop\Setup.exe,00000400,?,?,?,?,?,0040387D,?), ref: 004030AA
                                                                                                                                                                                                                                                                                                                    • Part of subcall function 0040602D: GetFileAttributesW.KERNEL32(00000003,004030BD,C:\Users\user\Desktop\Setup.exe,80000000,00000003,?,?,?,?,?,0040387D,?), ref: 00406031
                                                                                                                                                                                                                                                                                                                    • Part of subcall function 0040602D: CreateFileW.KERNEL32(?,?,00000001,00000000,?,00000001,00000000,?,?,?,?,?,0040387D,?), ref: 00406053
                                                                                                                                                                                                                                                                                                                  • GetFileSize.KERNEL32(00000000,00000000,00444000,00000000,00441800,00441800,C:\Users\user\Desktop\Setup.exe,C:\Users\user\Desktop\Setup.exe,80000000,00000003,?,?,?,?,?,0040387D), ref: 004030F6
                                                                                                                                                                                                                                                                                                                  • GlobalAlloc.KERNEL32(00000040,}8@,?,?,?,?,?,0040387D,?), ref: 0040322C
                                                                                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                                                                  • Source File: 00000000.00000002.2581070006.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2581037993.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2581132216.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2581156480.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2581156480.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2581156480.000000000042F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2581156480.0000000000431000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2581156480.0000000000436000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2581156480.000000000043E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2581156480.0000000000442000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2581338870.000000000046C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2581338870.000000000046E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_400000_Setup.jbxd
                                                                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                                                                  • API ID: File$AllocAttributesCountCreateGlobalModuleNameSizeTick
                                                                                                                                                                                                                                                                                                                  • String ID: C:\Users\user\AppData\Local\Temp\$C:\Users\user\Desktop\Setup.exe$Error launching installer$Inst$Installer integrity check has failed. Common causes includeincomplete download and damaged media. Contact theinstaller's author $Null$soft$}8@
                                                                                                                                                                                                                                                                                                                  • API String ID: 2803837635-3037081627
                                                                                                                                                                                                                                                                                                                  • Opcode ID: b2925046ebf4ee23c20be954f21b6b8de3b8febbf6f0f410cc7df6a070a5bb34
                                                                                                                                                                                                                                                                                                                  • Instruction ID: 750c061bb954c4555836cecba7cc54c639b148d890841a972b43b12454d44aa7
                                                                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: b2925046ebf4ee23c20be954f21b6b8de3b8febbf6f0f410cc7df6a070a5bb34
                                                                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 7951B571904204AFDB10AF65ED42B9E7EACAB48756F14807BF904B62D1C77C9F408B9D
                                                                                                                                                                                                                                                                                                                  Function 004032B4 Relevance: 19.4, APIs: 4, Strings: 7, Instructions: 166COMMON
                                                                                                                                                                                                                                                                                                                  Download Yara Rule

                                                                                                                                                                                                                                                                                                                  Control-flow Graph

                                                                                                                                                                                                                                                                                                                  • Executed
                                                                                                                                                                                                                                                                                                                  • Not Executed
                                                                                                                                                                                                                                                                                                                  control_flow_graph 562 4032b4-4032cb 563 4032d4-4032dd 562->563 564 4032cd 562->564 565 4032e6-4032eb 563->565 566 4032df 563->566 564->563 567 4032fb-403308 call 4034cf 565->567 568 4032ed-4032f6 call 4034e5 565->568 566->565 572 4034bd 567->572 573 40330e-403312 567->573 568->567 574 4034bf-4034c0 572->574 575 403468-40346a 573->575 576 403318-403361 GetTickCount 573->576 579 4034c8-4034cc 574->579 577 4034aa-4034ad 575->577 578 40346c-40346f 575->578 580 4034c5 576->580 581 403367-40336f 576->581 585 4034b2-4034bb call 4034cf 577->585 586 4034af 577->586 578->580 582 403471 578->582 580->579 583 403371 581->583 584 403374-403382 call 4034cf 581->584 588 403474-40347a 582->588 583->584 584->572 596 403388-403391 584->596 585->572 594 4034c2 585->594 586->585 591 40347c 588->591 592 40347e-40348c call 4034cf 588->592 591->592 592->572 599 40348e-40349a call 4060df 592->599 594->580 598 403397-4033b7 call 406a65 596->598 604 403460-403462 598->604 605 4033bd-4033d0 GetTickCount 598->605 606 403464-403466 599->606 607 40349c-4034a6 599->607 604->574 608 4033d2-4033da 605->608 609 40341b-40341d 605->609 606->574 607->588 614 4034a8 607->614 610 4033e2-403418 MulDiv wsprintfW call 40559f 608->610 611 4033dc-4033e0 608->611 612 403454-403458 609->612 613 40341f-403423 609->613 610->609 611->609 611->610 612->581 618 40345e 612->618 616 403425-40342c call 4060df 613->616 617 40343a-403445 613->617 614->580 622 403431-403433 616->622 621 403448-40344c 617->621 618->580 621->598 623 403452 621->623 622->606 624 403435-403438 622->624 623->580 624->621
                                                                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                                                                  • Source File: 00000000.00000002.2581070006.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2581037993.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2581132216.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2581156480.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2581156480.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2581156480.000000000042F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2581156480.0000000000431000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2581156480.0000000000436000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2581156480.000000000043E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2581156480.0000000000442000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2581338870.000000000046C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2581338870.000000000046E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_400000_Setup.jbxd
                                                                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                                                                  • API ID: CountTick$wsprintf
                                                                                                                                                                                                                                                                                                                  • String ID: *B$ DB$ A$ A$... %d%%$tClientRect$}8@
                                                                                                                                                                                                                                                                                                                  • API String ID: 551687249-400812307
                                                                                                                                                                                                                                                                                                                  • Opcode ID: 3bb00b159343602b5baf8216f2e6fd7ccfc314744640e4b330e170589aabe739
                                                                                                                                                                                                                                                                                                                  • Instruction ID: 54ab186c05730647c672001b6e56d135182c7b51176e178f40f708a1e84a381e
                                                                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 3bb00b159343602b5baf8216f2e6fd7ccfc314744640e4b330e170589aabe739
                                                                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: E251BD31810219EBCF11DF65DA44B9E7BB8AF05756F10827BE804BB2C1D7789E44CBA9
                                                                                                                                                                                                                                                                                                                  Function 0040176F Relevance: 14.1, APIs: 5, Strings: 3, Instructions: 145stringtimeCOMMON
                                                                                                                                                                                                                                                                                                                  Download Yara Rule

                                                                                                                                                                                                                                                                                                                  Control-flow Graph

                                                                                                                                                                                                                                                                                                                  • Executed
                                                                                                                                                                                                                                                                                                                  • Not Executed
                                                                                                                                                                                                                                                                                                                  control_flow_graph 625 40176f-401794 call 402da6 call 405e83 630 401796-40179c call 40653d 625->630 631 40179e-4017b0 call 40653d call 405e0c lstrcatW 625->631 636 4017b5-4017b6 call 4067c4 630->636 631->636 640 4017bb-4017bf 636->640 641 4017c1-4017cb call 406873 640->641 642 4017f2-4017f5 640->642 649 4017dd-4017ef 641->649 650 4017cd-4017db CompareFileTime 641->650 643 4017f7-4017f8 call 406008 642->643 644 4017fd-401819 call 40602d 642->644 643->644 652 40181b-40181e 644->652 653 40188d-4018b6 call 40559f call 4032b4 644->653 649->642 650->649 654 401820-40185e call 40653d * 2 call 40657a call 40653d call 405b9d 652->654 655 40186f-401879 call 40559f 652->655 665 4018b8-4018bc 653->665 666 4018be-4018ca SetFileTime 653->666 654->640 687 401864-401865 654->687 667 401882-401888 655->667 665->666 669 4018d0-4018db CloseHandle 665->669 666->669 670 402c33 667->670 673 4018e1-4018e4 669->673 674 402c2a-402c2d 669->674 675 402c35-402c39 670->675 677 4018e6-4018f7 call 40657a lstrcatW 673->677 678 4018f9-4018fc call 40657a 673->678 674->670 684 401901-4023a2 call 405b9d 677->684 678->684 684->674 684->675 687->667 689 401867-401868 687->689 689->655
                                                                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                                                                  • lstrcatW.KERNEL32(00000000,00000000,get,00441000,?,?,00000031), ref: 004017B0
                                                                                                                                                                                                                                                                                                                  • CompareFileTime.KERNEL32(-00000014,?,get,get,00000000,00000000,get,00441000,?,?,00000031), ref: 004017D5
                                                                                                                                                                                                                                                                                                                    • Part of subcall function 0040653D: lstrcpynW.KERNEL32(?,?,00000400,0040369D,00433F00,NSIS Error), ref: 0040654A
                                                                                                                                                                                                                                                                                                                    • Part of subcall function 0040559F: lstrlenW.KERNEL32(Remove folder: C:\Users\user\AppData\Local\Temp\nst5AB2.tmp\,00000000,00424420,74DF23A0,?,?,?,?,?,?,?,?,?,00403418,00000000,?), ref: 004055D7
                                                                                                                                                                                                                                                                                                                    • Part of subcall function 0040559F: lstrlenW.KERNEL32(00403418,Remove folder: C:\Users\user\AppData\Local\Temp\nst5AB2.tmp\,00000000,00424420,74DF23A0,?,?,?,?,?,?,?,?,?,00403418,00000000), ref: 004055E7
                                                                                                                                                                                                                                                                                                                    • Part of subcall function 0040559F: lstrcatW.KERNEL32(Remove folder: C:\Users\user\AppData\Local\Temp\nst5AB2.tmp\,00403418,00403418,Remove folder: C:\Users\user\AppData\Local\Temp\nst5AB2.tmp\,00000000,00424420,74DF23A0), ref: 004055FA
                                                                                                                                                                                                                                                                                                                    • Part of subcall function 0040559F: SetWindowTextW.USER32(Remove folder: C:\Users\user\AppData\Local\Temp\nst5AB2.tmp\,Remove folder: C:\Users\user\AppData\Local\Temp\nst5AB2.tmp\), ref: 0040560C
                                                                                                                                                                                                                                                                                                                    • Part of subcall function 0040559F: SendMessageW.USER32(?,00001004,00000000,00000000), ref: 00405632
                                                                                                                                                                                                                                                                                                                    • Part of subcall function 0040559F: SendMessageW.USER32(?,0000104D,00000000,00000001), ref: 0040564C
                                                                                                                                                                                                                                                                                                                    • Part of subcall function 0040559F: SendMessageW.USER32(?,00001013,?,00000000), ref: 0040565A
                                                                                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                                                                  • Source File: 00000000.00000002.2581070006.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2581037993.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2581132216.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2581156480.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2581156480.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2581156480.000000000042F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2581156480.0000000000431000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2581156480.0000000000436000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2581156480.000000000043E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2581156480.0000000000442000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2581338870.000000000046C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2581338870.000000000046E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_400000_Setup.jbxd
                                                                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                                                                  • API ID: MessageSend$lstrcatlstrlen$CompareFileTextTimeWindowlstrcpyn
                                                                                                                                                                                                                                                                                                                  • String ID: C:\Users\user\AppData\Local\Temp\nst5AB2.tmp$C:\Users\user\AppData\Local\Temp\nst5AB2.tmp\inetc.dll$get
                                                                                                                                                                                                                                                                                                                  • API String ID: 1941528284-2087966825
                                                                                                                                                                                                                                                                                                                  • Opcode ID: f7e64eeb5d3c4bf8a05a3440747446d68def3c8d7aa8c7c6583b7de4a42550af
                                                                                                                                                                                                                                                                                                                  • Instruction ID: 1e3f5e060805a06bac003644be00ba5f3fef1f2c353f2d3d357c0a6c5ca497fd
                                                                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: f7e64eeb5d3c4bf8a05a3440747446d68def3c8d7aa8c7c6583b7de4a42550af
                                                                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: F4419371900108BACF11BFB5DD85DAE7A79EF45768B20423FF422B10E2D63C8A91966D
                                                                                                                                                                                                                                                                                                                  Function 0040559F Relevance: 14.1, APIs: 7, Strings: 1, Instructions: 72stringwindowCOMMON
                                                                                                                                                                                                                                                                                                                  Download Yara Rule

                                                                                                                                                                                                                                                                                                                  Control-flow Graph

                                                                                                                                                                                                                                                                                                                  • Executed
                                                                                                                                                                                                                                                                                                                  • Not Executed
                                                                                                                                                                                                                                                                                                                  control_flow_graph 691 40559f-4055b4 692 4055ba-4055cb 691->692 693 40566b-40566f 691->693 694 4055d6-4055e2 lstrlenW 692->694 695 4055cd-4055d1 call 40657a 692->695 697 4055e4-4055f4 lstrlenW 694->697 698 4055ff-405603 694->698 695->694 697->693 699 4055f6-4055fa lstrcatW 697->699 700 405612-405616 698->700 701 405605-40560c SetWindowTextW 698->701 699->698 702 405618-40565a SendMessageW * 3 700->702 703 40565c-40565e 700->703 701->700 702->703 703->693 704 405660-405663 703->704 704->693
                                                                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                                                                  • lstrlenW.KERNEL32(Remove folder: C:\Users\user\AppData\Local\Temp\nst5AB2.tmp\,00000000,00424420,74DF23A0,?,?,?,?,?,?,?,?,?,00403418,00000000,?), ref: 004055D7
                                                                                                                                                                                                                                                                                                                  • lstrlenW.KERNEL32(00403418,Remove folder: C:\Users\user\AppData\Local\Temp\nst5AB2.tmp\,00000000,00424420,74DF23A0,?,?,?,?,?,?,?,?,?,00403418,00000000), ref: 004055E7
                                                                                                                                                                                                                                                                                                                  • lstrcatW.KERNEL32(Remove folder: C:\Users\user\AppData\Local\Temp\nst5AB2.tmp\,00403418,00403418,Remove folder: C:\Users\user\AppData\Local\Temp\nst5AB2.tmp\,00000000,00424420,74DF23A0), ref: 004055FA
                                                                                                                                                                                                                                                                                                                  • SetWindowTextW.USER32(Remove folder: C:\Users\user\AppData\Local\Temp\nst5AB2.tmp\,Remove folder: C:\Users\user\AppData\Local\Temp\nst5AB2.tmp\), ref: 0040560C
                                                                                                                                                                                                                                                                                                                  • SendMessageW.USER32(?,00001004,00000000,00000000), ref: 00405632
                                                                                                                                                                                                                                                                                                                  • SendMessageW.USER32(?,0000104D,00000000,00000001), ref: 0040564C
                                                                                                                                                                                                                                                                                                                  • SendMessageW.USER32(?,00001013,?,00000000), ref: 0040565A
                                                                                                                                                                                                                                                                                                                    • Part of subcall function 0040657A: lstrcatW.KERNEL32(Remove folder: ,\Microsoft\Internet Explorer\Quick Launch), ref: 0040671F
                                                                                                                                                                                                                                                                                                                    • Part of subcall function 0040657A: lstrlenW.KERNEL32(Remove folder: ,00000000,Remove folder: C:\Users\user\AppData\Local\Temp\nst5AB2.tmp\,?,004055D6,Remove folder: C:\Users\user\AppData\Local\Temp\nst5AB2.tmp\,00000000), ref: 00406779
                                                                                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                                                                  • Source File: 00000000.00000002.2581070006.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2581037993.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2581132216.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2581156480.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2581156480.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2581156480.000000000042F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2581156480.0000000000431000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2581156480.0000000000436000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2581156480.000000000043E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2581156480.0000000000442000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2581338870.000000000046C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2581338870.000000000046E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_400000_Setup.jbxd
                                                                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                                                                  • API ID: MessageSendlstrlen$lstrcat$TextWindow
                                                                                                                                                                                                                                                                                                                  • String ID: Remove folder: C:\Users\user\AppData\Local\Temp\nst5AB2.tmp\
                                                                                                                                                                                                                                                                                                                  • API String ID: 1495540970-2937055396
                                                                                                                                                                                                                                                                                                                  • Opcode ID: 195069dcc2a5024ac29c7a45bf60c8768b6efe327543dfefb6c4dd5180e0e504
                                                                                                                                                                                                                                                                                                                  • Instruction ID: 138a2a903332092674924c4fce2a37a83712bc812e9b86ab44911e1df8857bb6
                                                                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 195069dcc2a5024ac29c7a45bf60c8768b6efe327543dfefb6c4dd5180e0e504
                                                                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: C1219071900558BACF11AFA9DD84DDFBF75EF45354F14803AF904B22A0C7794A419F68
                                                                                                                                                                                                                                                                                                                  Function 004026EC Relevance: 10.7, APIs: 5, Strings: 1, Instructions: 153fileCOMMON
                                                                                                                                                                                                                                                                                                                  Download Yara Rule

                                                                                                                                                                                                                                                                                                                  Control-flow Graph

                                                                                                                                                                                                                                                                                                                  • Executed
                                                                                                                                                                                                                                                                                                                  • Not Executed
                                                                                                                                                                                                                                                                                                                  control_flow_graph 705 4026ec-402705 call 402d84 708 402c2a-402c2d 705->708 709 40270b-402712 705->709 710 402c33-402c39 708->710 711 402714 709->711 712 402717-40271a 709->712 711->712 713 402720-40272f call 40649d 712->713 714 40287e-402886 712->714 713->714 718 402735 713->718 714->708 719 40273b-40273f 718->719 720 4027d4-4027d7 719->720 721 402745-402760 ReadFile 719->721 723 4027d9-4027dc 720->723 724 4027ef-4027ff call 4060b0 720->724 721->714 722 402766-40276b 721->722 722->714 726 402771-40277f 722->726 723->724 727 4027de-4027e9 call 40610e 723->727 724->714 733 402801 724->733 730 402785-402797 MultiByteToWideChar 726->730 731 40283a-402846 call 406484 726->731 727->714 727->724 730->733 734 402799-40279c 730->734 731->710 736 402804-402807 733->736 737 40279e-4027a9 734->737 736->731 739 402809-40280e 736->739 737->736 740 4027ab-4027d0 SetFilePointer MultiByteToWideChar 737->740 741 402810-402815 739->741 742 40284b-40284f 739->742 740->737 743 4027d2 740->743 741->742 746 402817-40282a 741->746 744 402851-402855 742->744 745 40286c-402878 SetFilePointer 742->745 743->733 747 402857-40285b 744->747 748 40285d-40286a 744->748 745->714 746->714 749 40282c-402832 746->749 747->745 747->748 748->714 749->719 750 402838 749->750 750->714
                                                                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                                                                  • ReadFile.KERNEL32(?,?,?,?), ref: 00402758
                                                                                                                                                                                                                                                                                                                  • MultiByteToWideChar.KERNEL32(?,00000008,?,?,?,00000001), ref: 00402793
                                                                                                                                                                                                                                                                                                                  • SetFilePointer.KERNEL32(?,?,?,00000001,?,00000008,?,?,?,00000001), ref: 004027B6
                                                                                                                                                                                                                                                                                                                  • MultiByteToWideChar.KERNEL32(?,00000008,?,00000000,?,00000001,?,00000001,?,00000008,?,?,?,00000001), ref: 004027CC
                                                                                                                                                                                                                                                                                                                    • Part of subcall function 0040610E: SetFilePointer.KERNEL32(?,00000000,00000000,00000001), ref: 00406124
                                                                                                                                                                                                                                                                                                                  • SetFilePointer.KERNEL32(?,?,?,00000001,?,?,00000002), ref: 00402878
                                                                                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                                                                  • Source File: 00000000.00000002.2581070006.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2581037993.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2581132216.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2581156480.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2581156480.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2581156480.000000000042F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2581156480.0000000000431000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2581156480.0000000000436000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2581156480.000000000043E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2581156480.0000000000442000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2581338870.000000000046C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2581338870.000000000046E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_400000_Setup.jbxd
                                                                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                                                                  • API ID: File$Pointer$ByteCharMultiWide$Read
                                                                                                                                                                                                                                                                                                                  • String ID: 9
                                                                                                                                                                                                                                                                                                                  • API String ID: 163830602-2366072709
                                                                                                                                                                                                                                                                                                                  • Opcode ID: 05ec9e9945247294569ed32eb70c3e484d87f4f0290394ce4997a83a7f1e58dd
                                                                                                                                                                                                                                                                                                                  • Instruction ID: 36eba916602f65c1f8b814f2f26102ddc75cc08ed25eda7b441ea0696c55e726
                                                                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 05ec9e9945247294569ed32eb70c3e484d87f4f0290394ce4997a83a7f1e58dd
                                                                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: C551E975D00219AADF20EF95CA89AAEBB79FF04304F10817BE541B62D4D7B49D82CB58
                                                                                                                                                                                                                                                                                                                  Function 0040689A Relevance: 10.5, APIs: 3, Strings: 3, Instructions: 36libraryCOMMON
                                                                                                                                                                                                                                                                                                                  Download Yara Rule

                                                                                                                                                                                                                                                                                                                  Control-flow Graph

                                                                                                                                                                                                                                                                                                                  • Executed
                                                                                                                                                                                                                                                                                                                  • Not Executed
                                                                                                                                                                                                                                                                                                                  control_flow_graph 751 40689a-4068ba GetSystemDirectoryW 752 4068bc 751->752 753 4068be-4068c0 751->753 752->753 754 4068d1-4068d3 753->754 755 4068c2-4068cb 753->755 757 4068d4-406907 wsprintfW LoadLibraryExW 754->757 755->754 756 4068cd-4068cf 755->756 756->757
                                                                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                                                                  • GetSystemDirectoryW.KERNEL32(?,00000104), ref: 004068B1
                                                                                                                                                                                                                                                                                                                  • wsprintfW.USER32 ref: 004068EC
                                                                                                                                                                                                                                                                                                                  • LoadLibraryExW.KERNEL32(?,00000000,00000008), ref: 00406900
                                                                                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                                                                  • Source File: 00000000.00000002.2581070006.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2581037993.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2581132216.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2581156480.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2581156480.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2581156480.000000000042F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2581156480.0000000000431000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2581156480.0000000000436000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2581156480.000000000043E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2581156480.0000000000442000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2581338870.000000000046C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2581338870.000000000046E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_400000_Setup.jbxd
                                                                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                                                                  • API ID: DirectoryLibraryLoadSystemwsprintf
                                                                                                                                                                                                                                                                                                                  • String ID: %s%S.dll$UXTHEME$\
                                                                                                                                                                                                                                                                                                                  • API String ID: 2200240437-1946221925
                                                                                                                                                                                                                                                                                                                  • Opcode ID: 70474fd7a4f9c0ba06a591290262a653731ba096fd3a0e6ffa6d52d828e9795f
                                                                                                                                                                                                                                                                                                                  • Instruction ID: 21628a1c63ce2f140fdd4d546058f3b0ba52bdb51e88dcb335987c0e659eada7
                                                                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 70474fd7a4f9c0ba06a591290262a653731ba096fd3a0e6ffa6d52d828e9795f
                                                                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: D0F0F671511119ABDB10BB64DD0DF9B376CBF00305F10847AA646F10D0EB7CDA68CBA8
                                                                                                                                                                                                                                                                                                                  Function 00405A6E Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 39COMMON
                                                                                                                                                                                                                                                                                                                  Download Yara Rule

                                                                                                                                                                                                                                                                                                                  Control-flow Graph

                                                                                                                                                                                                                                                                                                                  • Executed
                                                                                                                                                                                                                                                                                                                  • Not Executed
                                                                                                                                                                                                                                                                                                                  control_flow_graph 758 405a6e-405ab9 CreateDirectoryW 759 405abb-405abd 758->759 760 405abf-405acc GetLastError 758->760 761 405ae6-405ae8 759->761 760->761 762 405ace-405ae2 SetFileSecurityW 760->762 762->759 763 405ae4 GetLastError 762->763 763->761
                                                                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                                                                  • CreateDirectoryW.KERNEL32(?,?,C:\Users\user\AppData\Local\Temp\), ref: 00405AB1
                                                                                                                                                                                                                                                                                                                  • GetLastError.KERNEL32 ref: 00405AC5
                                                                                                                                                                                                                                                                                                                  • SetFileSecurityW.ADVAPI32(?,80000007,00000001), ref: 00405ADA
                                                                                                                                                                                                                                                                                                                  • GetLastError.KERNEL32 ref: 00405AE4
                                                                                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                                                                                  • C:\Users\user\AppData\Local\Temp\, xrefs: 00405A94
                                                                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                                                                  • Source File: 00000000.00000002.2581070006.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2581037993.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2581132216.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2581156480.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2581156480.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2581156480.000000000042F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2581156480.0000000000431000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2581156480.0000000000436000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2581156480.000000000043E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2581156480.0000000000442000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2581338870.000000000046C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2581338870.000000000046E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_400000_Setup.jbxd
                                                                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                                                                  • API ID: ErrorLast$CreateDirectoryFileSecurity
                                                                                                                                                                                                                                                                                                                  • String ID: C:\Users\user\AppData\Local\Temp\
                                                                                                                                                                                                                                                                                                                  • API String ID: 3449924974-3081826266
                                                                                                                                                                                                                                                                                                                  • Opcode ID: 79915fdb32ce531948ad707932686e2b3240d3ac97543659e1c0f9af800e449c
                                                                                                                                                                                                                                                                                                                  • Instruction ID: 637b0a295f6611997b04f2fb2f8121e2d74ae93851c1d74b8ff7b710bfe1865b
                                                                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 79915fdb32ce531948ad707932686e2b3240d3ac97543659e1c0f9af800e449c
                                                                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 1A010871D04219EAEF019BA0DD84BEFBBB4EB14314F00813AD545B6281E7789648CFE9
                                                                                                                                                                                                                                                                                                                  Function 00401D81 Relevance: 7.6, APIs: 5, Instructions: 75windowCOMMON
                                                                                                                                                                                                                                                                                                                  Download Yara Rule

                                                                                                                                                                                                                                                                                                                  Control-flow Graph

                                                                                                                                                                                                                                                                                                                  • Executed
                                                                                                                                                                                                                                                                                                                  • Not Executed
                                                                                                                                                                                                                                                                                                                  control_flow_graph 764 401d81-401d85 765 401d94-401d9a GetDlgItem 764->765 766 401d87-401d92 call 402d84 764->766 767 401da0-401dcc 765->767 766->767 770 401dd7 767->770 771 401dce-401dd5 call 402da6 767->771 773 401ddb-401e31 GetClientRect LoadImageW SendMessageW 770->773 771->773 775 401e33-401e36 773->775 776 401e3f-401e42 773->776 775->776 777 401e38-401e39 DeleteObject 775->777 778 401e48 776->778 779 402c2a-402c39 776->779 777->776 778->779
                                                                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                                                                  • GetDlgItem.USER32(?,?), ref: 00401D9A
                                                                                                                                                                                                                                                                                                                  • GetClientRect.USER32(?,?), ref: 00401DE5
                                                                                                                                                                                                                                                                                                                  • LoadImageW.USER32(?,?,?,?,?,?), ref: 00401E15
                                                                                                                                                                                                                                                                                                                  • SendMessageW.USER32(?,00000172,?,00000000), ref: 00401E29
                                                                                                                                                                                                                                                                                                                  • DeleteObject.GDI32(00000000), ref: 00401E39
                                                                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                                                                  • Source File: 00000000.00000002.2581070006.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2581037993.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2581132216.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2581156480.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2581156480.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2581156480.000000000042F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2581156480.0000000000431000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2581156480.0000000000436000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2581156480.000000000043E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2581156480.0000000000442000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2581338870.000000000046C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2581338870.000000000046E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_400000_Setup.jbxd
                                                                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                                                                  • API ID: ClientDeleteImageItemLoadMessageObjectRectSend
                                                                                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                                                                                  • API String ID: 1849352358-0
                                                                                                                                                                                                                                                                                                                  • Opcode ID: 0d14a93a4aa2f7ddc0f91d11ffebc05af74b5a93feb44974f4da7284e64bbe2b
                                                                                                                                                                                                                                                                                                                  • Instruction ID: b69f8f45c5cbb28dd5603d9b1d667d2ce3d3910c133b75fee4ecc707c572ca23
                                                                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 0d14a93a4aa2f7ddc0f91d11ffebc05af74b5a93feb44974f4da7284e64bbe2b
                                                                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 3321F672904119AFCB05DBA4DE45AEEBBB5EF08314F14003AFA45F62A0DB389951DB98
                                                                                                                                                                                                                                                                                                                  Function 00401C43 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 84windowtimeCOMMON
                                                                                                                                                                                                                                                                                                                  Download Yara Rule

                                                                                                                                                                                                                                                                                                                  Control-flow Graph

                                                                                                                                                                                                                                                                                                                  • Executed
                                                                                                                                                                                                                                                                                                                  • Not Executed
                                                                                                                                                                                                                                                                                                                  control_flow_graph 782 401c43-401c63 call 402d84 * 2 787 401c65-401c6c call 402da6 782->787 788 401c6f-401c73 782->788 787->788 790 401c75-401c7c call 402da6 788->790 791 401c7f-401c85 788->791 790->791 794 401cd3-401cfd call 402da6 * 2 FindWindowExW 791->794 795 401c87-401ca3 call 402d84 * 2 791->795 805 401d03 794->805 806 401cc3-401cd1 SendMessageW 795->806 807 401ca5-401cc1 SendMessageTimeoutW 795->807 808 401d06-401d09 805->808 806->805 807->808 809 402c2a-402c39 808->809 810 401d0f 808->810 810->809
                                                                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                                                                  • SendMessageTimeoutW.USER32(00000000,00000000,?,?,?,00000002,?), ref: 00401CB3
                                                                                                                                                                                                                                                                                                                  • SendMessageW.USER32(00000000,00000000,?,?), ref: 00401CCB
                                                                                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                                                                  • Source File: 00000000.00000002.2581070006.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2581037993.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2581132216.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2581156480.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2581156480.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2581156480.000000000042F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2581156480.0000000000431000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2581156480.0000000000436000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2581156480.000000000043E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2581156480.0000000000442000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2581338870.000000000046C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2581338870.000000000046E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_400000_Setup.jbxd
                                                                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                                                                  • API ID: MessageSend$Timeout
                                                                                                                                                                                                                                                                                                                  • String ID: !
                                                                                                                                                                                                                                                                                                                  • API String ID: 1777923405-2657877971
                                                                                                                                                                                                                                                                                                                  • Opcode ID: 56378305e9cef062e59ac21505f1e4874eb63478d5e018d68d94a8de4df44513
                                                                                                                                                                                                                                                                                                                  • Instruction ID: 549e056fbb7746b1afa8e7352ee9f1cbf83a3633853e14f9ff1f16dc1dd81c22
                                                                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 56378305e9cef062e59ac21505f1e4874eb63478d5e018d68d94a8de4df44513
                                                                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 46219C7190420AAFEF05AFA4D94AAAE7BB4FF84304F14453EF601B61D0D7B88941CB98
                                                                                                                                                                                                                                                                                                                  Function 0040248A Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 64registrystringCOMMON
                                                                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                                                                  • lstrlenW.KERNEL32(C:\Users\user\AppData\Local\Temp\nst5AB2.tmp,00000023,00000011,00000002), ref: 004024D5
                                                                                                                                                                                                                                                                                                                  • RegSetValueExW.KERNEL32(?,?,?,?,C:\Users\user\AppData\Local\Temp\nst5AB2.tmp,00000000,00000011,00000002), ref: 00402515
                                                                                                                                                                                                                                                                                                                  • RegCloseKey.KERNEL32(?,?,?,C:\Users\user\AppData\Local\Temp\nst5AB2.tmp,00000000,00000011,00000002), ref: 004025FD
                                                                                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                                                                  • Source File: 00000000.00000002.2581070006.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2581037993.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2581132216.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2581156480.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2581156480.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2581156480.000000000042F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2581156480.0000000000431000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2581156480.0000000000436000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2581156480.000000000043E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2581156480.0000000000442000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2581338870.000000000046C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2581338870.000000000046E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_400000_Setup.jbxd
                                                                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                                                                  • API ID: CloseValuelstrlen
                                                                                                                                                                                                                                                                                                                  • String ID: C:\Users\user\AppData\Local\Temp\nst5AB2.tmp
                                                                                                                                                                                                                                                                                                                  • API String ID: 2655323295-1127827058
                                                                                                                                                                                                                                                                                                                  • Opcode ID: 3f2741e17913f4b3ae47e715a678bc9f1b76d5c80f35dbb4c6e867a5b8f0e772
                                                                                                                                                                                                                                                                                                                  • Instruction ID: a32c4fc66ba480c3aafb49ec1434dbeb720bd0d2787204a1d049ba7b64bbfaa1
                                                                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 3f2741e17913f4b3ae47e715a678bc9f1b76d5c80f35dbb4c6e867a5b8f0e772
                                                                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 8B118E71E00119BEEF10AFA5DE49EAEBAB8FF44358F15443AF504F61C1D7B88D40AA58
                                                                                                                                                                                                                                                                                                                  Function 00405F14 Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 47stringCOMMON
                                                                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                                                                    • Part of subcall function 0040653D: lstrcpynW.KERNEL32(?,?,00000400,0040369D,00433F00,NSIS Error), ref: 0040654A
                                                                                                                                                                                                                                                                                                                    • Part of subcall function 00405EB7: CharNextW.USER32(?,?,C:\,?,00405F2B,C:\,C:\,74DF3420,?,C:\Users\user\AppData\Local\Temp\,00405C69,?,74DF3420,C:\Users\user\AppData\Local\Temp\,00000000), ref: 00405EC5
                                                                                                                                                                                                                                                                                                                    • Part of subcall function 00405EB7: CharNextW.USER32(00000000), ref: 00405ECA
                                                                                                                                                                                                                                                                                                                    • Part of subcall function 00405EB7: CharNextW.USER32(00000000), ref: 00405EE2
                                                                                                                                                                                                                                                                                                                  • lstrlenW.KERNEL32(C:\,00000000,C:\,C:\,74DF3420,?,C:\Users\user\AppData\Local\Temp\,00405C69,?,74DF3420,C:\Users\user\AppData\Local\Temp\,00000000), ref: 00405F6D
                                                                                                                                                                                                                                                                                                                  • GetFileAttributesW.KERNEL32(C:\,C:\,C:\,C:\,C:\,C:\,00000000,C:\,C:\,74DF3420,?,C:\Users\user\AppData\Local\Temp\,00405C69,?,74DF3420,C:\Users\user\AppData\Local\Temp\), ref: 00405F7D
                                                                                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                                                                  • Source File: 00000000.00000002.2581070006.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2581037993.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2581132216.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2581156480.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2581156480.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2581156480.000000000042F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2581156480.0000000000431000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2581156480.0000000000436000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2581156480.000000000043E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2581156480.0000000000442000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2581338870.000000000046C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2581338870.000000000046E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_400000_Setup.jbxd
                                                                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                                                                  • API ID: CharNext$AttributesFilelstrcpynlstrlen
                                                                                                                                                                                                                                                                                                                  • String ID: C:\$C:\Users\user\AppData\Local\Temp\
                                                                                                                                                                                                                                                                                                                  • API String ID: 3248276644-3049482934
                                                                                                                                                                                                                                                                                                                  • Opcode ID: 442e1b1d96b1c23b6c0207761c3788c7dd97485575ed4e88a223653099446a7a
                                                                                                                                                                                                                                                                                                                  • Instruction ID: e20fb510edeaf32ba19235dad054e15b0ffac27cf679254cac4fdbc394554759
                                                                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 442e1b1d96b1c23b6c0207761c3788c7dd97485575ed4e88a223653099446a7a
                                                                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: E3F0F426119D6226DB22333A5C05EAF0554CE9276475A023BF895B12C5DB3C8A43D8AE
                                                                                                                                                                                                                                                                                                                  Function 0040605C Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 37COMMON
                                                                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                                                                  • GetTickCount.KERNEL32 ref: 0040607A
                                                                                                                                                                                                                                                                                                                  • GetTempFileNameW.KERNEL32(?,?,00000000,?,?,?,?,0040352B,1033,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,00403810), ref: 00406095
                                                                                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                                                                  • Source File: 00000000.00000002.2581070006.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2581037993.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2581132216.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2581156480.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2581156480.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2581156480.000000000042F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2581156480.0000000000431000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2581156480.0000000000436000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2581156480.000000000043E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2581156480.0000000000442000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2581338870.000000000046C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2581338870.000000000046E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_400000_Setup.jbxd
                                                                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                                                                  • API ID: CountFileNameTempTick
                                                                                                                                                                                                                                                                                                                  • String ID: C:\Users\user\AppData\Local\Temp\$nsa
                                                                                                                                                                                                                                                                                                                  • API String ID: 1716503409-678247507
                                                                                                                                                                                                                                                                                                                  • Opcode ID: 418a87fb760587bef7583f4f3acae06d17b3011fc99645d3e11ea5bfcaa5fca8
                                                                                                                                                                                                                                                                                                                  • Instruction ID: cc98cbd97bba9fac9576f26979179aa346a2ab2dc3c85b14509754d74f2b81c3
                                                                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 418a87fb760587bef7583f4f3acae06d17b3011fc99645d3e11ea5bfcaa5fca8
                                                                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: CEF09076B40204FBEB00CF69ED05E9EB7BCEB95750F11803AFA05F7140E6B499648768
                                                                                                                                                                                                                                                                                                                  Function 00403B57 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 19COMMON
                                                                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                                                                  • FreeLibrary.KERNEL32(?,74DF3420,00000000,C:\Users\user\AppData\Local\Temp\,00403B2F,00403A5E,?), ref: 00403B71
                                                                                                                                                                                                                                                                                                                  • GlobalFree.KERNEL32(?), ref: 00403B78
                                                                                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                                                                                  • C:\Users\user\AppData\Local\Temp\, xrefs: 00403B57
                                                                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                                                                  • Source File: 00000000.00000002.2581070006.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2581037993.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2581132216.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2581156480.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2581156480.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2581156480.000000000042F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2581156480.0000000000431000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2581156480.0000000000436000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2581156480.000000000043E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2581156480.0000000000442000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2581338870.000000000046C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2581338870.000000000046E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_400000_Setup.jbxd
                                                                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                                                                  • API ID: Free$GlobalLibrary
                                                                                                                                                                                                                                                                                                                  • String ID: C:\Users\user\AppData\Local\Temp\
                                                                                                                                                                                                                                                                                                                  • API String ID: 1100898210-3081826266
                                                                                                                                                                                                                                                                                                                  • Opcode ID: 14d9b0f9b7ecca22f0083886da8930ddd6c03ed0d6fdc94ff3a28603f1b7b4ab
                                                                                                                                                                                                                                                                                                                  • Instruction ID: 19c5699a9bb8b3376c06320bd1355d3f7d45777e2bc9a3354ca833756e7661a4
                                                                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 14d9b0f9b7ecca22f0083886da8930ddd6c03ed0d6fdc94ff3a28603f1b7b4ab
                                                                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 40E0EC3290212097C7615F55FE08B6E7B78AF49B26F05056AE884BB2628B746D428BDC
                                                                                                                                                                                                                                                                                                                  Function 004020D8 Relevance: 4.6, APIs: 3, Instructions: 73libraryCOMMON
                                                                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                                                                  • GetModuleHandleW.KERNEL32(00000000,00000001,000000F0), ref: 00402103
                                                                                                                                                                                                                                                                                                                    • Part of subcall function 0040559F: lstrlenW.KERNEL32(Remove folder: C:\Users\user\AppData\Local\Temp\nst5AB2.tmp\,00000000,00424420,74DF23A0,?,?,?,?,?,?,?,?,?,00403418,00000000,?), ref: 004055D7
                                                                                                                                                                                                                                                                                                                    • Part of subcall function 0040559F: lstrlenW.KERNEL32(00403418,Remove folder: C:\Users\user\AppData\Local\Temp\nst5AB2.tmp\,00000000,00424420,74DF23A0,?,?,?,?,?,?,?,?,?,00403418,00000000), ref: 004055E7
                                                                                                                                                                                                                                                                                                                    • Part of subcall function 0040559F: lstrcatW.KERNEL32(Remove folder: C:\Users\user\AppData\Local\Temp\nst5AB2.tmp\,00403418,00403418,Remove folder: C:\Users\user\AppData\Local\Temp\nst5AB2.tmp\,00000000,00424420,74DF23A0), ref: 004055FA
                                                                                                                                                                                                                                                                                                                    • Part of subcall function 0040559F: SetWindowTextW.USER32(Remove folder: C:\Users\user\AppData\Local\Temp\nst5AB2.tmp\,Remove folder: C:\Users\user\AppData\Local\Temp\nst5AB2.tmp\), ref: 0040560C
                                                                                                                                                                                                                                                                                                                    • Part of subcall function 0040559F: SendMessageW.USER32(?,00001004,00000000,00000000), ref: 00405632
                                                                                                                                                                                                                                                                                                                    • Part of subcall function 0040559F: SendMessageW.USER32(?,0000104D,00000000,00000001), ref: 0040564C
                                                                                                                                                                                                                                                                                                                    • Part of subcall function 0040559F: SendMessageW.USER32(?,00001013,?,00000000), ref: 0040565A
                                                                                                                                                                                                                                                                                                                  • LoadLibraryExW.KERNEL32(00000000,?,00000008,00000001,000000F0), ref: 00402114
                                                                                                                                                                                                                                                                                                                  • FreeLibrary.KERNEL32(?,?,000000F7,?,?,00000008,00000001,000000F0), ref: 00402191
                                                                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                                                                  • Source File: 00000000.00000002.2581070006.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2581037993.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2581132216.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2581156480.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2581156480.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2581156480.000000000042F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2581156480.0000000000431000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2581156480.0000000000436000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2581156480.000000000043E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2581156480.0000000000442000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2581338870.000000000046C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2581338870.000000000046E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_400000_Setup.jbxd
                                                                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                                                                  • API ID: MessageSend$Librarylstrlen$FreeHandleLoadModuleTextWindowlstrcat
                                                                                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                                                                                  • API String ID: 334405425-0
                                                                                                                                                                                                                                                                                                                  • Opcode ID: 0bf0e5e813b2564cc7cfb612efcde4c797e71ce7d2922b3564d4c07743ad1514
                                                                                                                                                                                                                                                                                                                  • Instruction ID: d1cf9917c249e547a3b1759614bc69e8b445b1996c4dbd71fd6f6dd46acd7470
                                                                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 0bf0e5e813b2564cc7cfb612efcde4c797e71ce7d2922b3564d4c07743ad1514
                                                                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 2A21C231904104FACF11AFA5CE48A9D7A71BF48358F20413BF605B91E1DBBD8A82965D
                                                                                                                                                                                                                                                                                                                  Function 00401B9B Relevance: 4.6, APIs: 2, Strings: 1, Instructions: 72memoryCOMMON
                                                                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                                                                  • GlobalFree.KERNEL32(0056D2C8), ref: 00401C0B
                                                                                                                                                                                                                                                                                                                  • GlobalAlloc.KERNEL32(00000040,00000804), ref: 00401C1D
                                                                                                                                                                                                                                                                                                                    • Part of subcall function 0040657A: lstrcatW.KERNEL32(Remove folder: ,\Microsoft\Internet Explorer\Quick Launch), ref: 0040671F
                                                                                                                                                                                                                                                                                                                    • Part of subcall function 0040657A: lstrlenW.KERNEL32(Remove folder: ,00000000,Remove folder: C:\Users\user\AppData\Local\Temp\nst5AB2.tmp\,?,004055D6,Remove folder: C:\Users\user\AppData\Local\Temp\nst5AB2.tmp\,00000000), ref: 00406779
                                                                                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                                                                  • Source File: 00000000.00000002.2581070006.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2581037993.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2581132216.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2581156480.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2581156480.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2581156480.000000000042F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2581156480.0000000000431000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2581156480.0000000000436000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2581156480.000000000043E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2581156480.0000000000442000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2581338870.000000000046C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2581338870.000000000046E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_400000_Setup.jbxd
                                                                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                                                                  • API ID: Global$AllocFreelstrcatlstrlen
                                                                                                                                                                                                                                                                                                                  • String ID: get
                                                                                                                                                                                                                                                                                                                  • API String ID: 3292104215-4248514160
                                                                                                                                                                                                                                                                                                                  • Opcode ID: f7499587b74b1f9cb3fce9f730428132cfcdd1475af0708a05741156e8f6fa82
                                                                                                                                                                                                                                                                                                                  • Instruction ID: 7c0f58a685d1fc6dd3685da305ee1819882fb4420ac17dc2787245939102450a
                                                                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: f7499587b74b1f9cb3fce9f730428132cfcdd1475af0708a05741156e8f6fa82
                                                                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 1B21D872904210EBDB20AFA8EE84A5E73B4EB04715755063BF552F72D0D7B8AC414B9D
                                                                                                                                                                                                                                                                                                                  Function 0040259E Relevance: 4.5, APIs: 3, Instructions: 47registryCOMMON
                                                                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                                                                  • RegEnumKeyW.ADVAPI32(00000000,00000000,?,000003FF), ref: 004025D1
                                                                                                                                                                                                                                                                                                                  • RegEnumValueW.ADVAPI32(00000000,00000000,?,?), ref: 004025E4
                                                                                                                                                                                                                                                                                                                  • RegCloseKey.KERNEL32(?,?,?,C:\Users\user\AppData\Local\Temp\nst5AB2.tmp,00000000,00000011,00000002), ref: 004025FD
                                                                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                                                                  • Source File: 00000000.00000002.2581070006.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2581037993.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2581132216.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2581156480.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2581156480.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2581156480.000000000042F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2581156480.0000000000431000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2581156480.0000000000436000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2581156480.000000000043E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2581156480.0000000000442000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2581338870.000000000046C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2581338870.000000000046E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_400000_Setup.jbxd
                                                                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                                                                  • API ID: Enum$CloseValue
                                                                                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                                                                                  • API String ID: 397863658-0
                                                                                                                                                                                                                                                                                                                  • Opcode ID: 89c6ceebaf26a2410158c75cc71a1e3b778611476644ea09d24f59567d4f9c93
                                                                                                                                                                                                                                                                                                                  • Instruction ID: 08080f496e1fbaad801da7c4a2f11cdf7a22a5a493a276a89d416976773fa01e
                                                                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 89c6ceebaf26a2410158c75cc71a1e3b778611476644ea09d24f59567d4f9c93
                                                                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 89017CB1A04105ABEB159F94DE58AAEB66CEF40348F10403AF501B61C0EBB85E44966D
                                                                                                                                                                                                                                                                                                                  Function 00405C01 Relevance: 4.5, APIs: 3, Instructions: 28fileCOMMON
                                                                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                                                                    • Part of subcall function 00406008: GetFileAttributesW.KERNEL32(?,?,00405C0D,?,?,00000000,00405DE3,?,?,?,?), ref: 0040600D
                                                                                                                                                                                                                                                                                                                    • Part of subcall function 00406008: SetFileAttributesW.KERNEL32(?,00000000), ref: 00406021
                                                                                                                                                                                                                                                                                                                  • RemoveDirectoryW.KERNEL32(?,?,?,00000000,00405DE3), ref: 00405C1C
                                                                                                                                                                                                                                                                                                                  • DeleteFileW.KERNEL32(?,?,?,00000000,00405DE3), ref: 00405C24
                                                                                                                                                                                                                                                                                                                  • SetFileAttributesW.KERNEL32(?,00000000), ref: 00405C3C
                                                                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                                                                  • Source File: 00000000.00000002.2581070006.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2581037993.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2581132216.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2581156480.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2581156480.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2581156480.000000000042F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2581156480.0000000000431000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2581156480.0000000000436000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2581156480.000000000043E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2581156480.0000000000442000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2581338870.000000000046C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2581338870.000000000046E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_400000_Setup.jbxd
                                                                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                                                                  • API ID: File$Attributes$DeleteDirectoryRemove
                                                                                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                                                                                  • API String ID: 1655745494-0
                                                                                                                                                                                                                                                                                                                  • Opcode ID: 8eed124eda4cbc8430ddba83c09443e031bc029d4ce3365f7fb32bc961faff32
                                                                                                                                                                                                                                                                                                                  • Instruction ID: 0274c5225d47ddc366315f3a2fda4b694ad97aa72442a0e2fcdbaf00fd257d87
                                                                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 8eed124eda4cbc8430ddba83c09443e031bc029d4ce3365f7fb32bc961faff32
                                                                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: F4E0E53110CF9156E61457309E08F5F2AD8EF86715F05493EF892B10C0CBB848068E6A
                                                                                                                                                                                                                                                                                                                  Function 00404472 Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 9windowCOMMON
                                                                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                                                                  • SendMessageW.USER32(00000408,?,00000000,004040D1), ref: 00404490
                                                                                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                                                                  • Source File: 00000000.00000002.2581070006.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2581037993.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2581132216.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2581156480.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2581156480.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2581156480.000000000042F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2581156480.0000000000431000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2581156480.0000000000436000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2581156480.000000000043E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2581156480.0000000000442000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2581338870.000000000046C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2581338870.000000000046E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_400000_Setup.jbxd
                                                                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                                                                  • API ID: MessageSend
                                                                                                                                                                                                                                                                                                                  • String ID: x
                                                                                                                                                                                                                                                                                                                  • API String ID: 3850602802-2363233923
                                                                                                                                                                                                                                                                                                                  • Opcode ID: 6afabcb65d7cd0472edcecb82606307073186cf957424f1b3ed57c3b76b5cfb8
                                                                                                                                                                                                                                                                                                                  • Instruction ID: 1b38e0d23eed931a714c5b599c5829f4d2050063c4158495342b67dc2c27a344
                                                                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 6afabcb65d7cd0472edcecb82606307073186cf957424f1b3ed57c3b76b5cfb8
                                                                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 10C01271140200EACB004B00DE01F0A7A20B7A0B02F209039F381210B087B05422DB0C
                                                                                                                                                                                                                                                                                                                  Function 004015C1 Relevance: 3.1, APIs: 2, Instructions: 65COMMON
                                                                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                                                                    • Part of subcall function 00405EB7: CharNextW.USER32(?,?,C:\,?,00405F2B,C:\,C:\,74DF3420,?,C:\Users\user\AppData\Local\Temp\,00405C69,?,74DF3420,C:\Users\user\AppData\Local\Temp\,00000000), ref: 00405EC5
                                                                                                                                                                                                                                                                                                                    • Part of subcall function 00405EB7: CharNextW.USER32(00000000), ref: 00405ECA
                                                                                                                                                                                                                                                                                                                    • Part of subcall function 00405EB7: CharNextW.USER32(00000000), ref: 00405EE2
                                                                                                                                                                                                                                                                                                                  • GetFileAttributesW.KERNEL32(?,?,00000000,0000005C,00000000,000000F0), ref: 0040161A
                                                                                                                                                                                                                                                                                                                    • Part of subcall function 00405A6E: CreateDirectoryW.KERNEL32(?,?,C:\Users\user\AppData\Local\Temp\), ref: 00405AB1
                                                                                                                                                                                                                                                                                                                  • SetCurrentDirectoryW.KERNEL32(?,00441000,?,00000000,000000F0), ref: 0040164D
                                                                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                                                                  • Source File: 00000000.00000002.2581070006.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2581037993.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2581132216.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2581156480.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2581156480.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2581156480.000000000042F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2581156480.0000000000431000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2581156480.0000000000436000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2581156480.000000000043E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2581156480.0000000000442000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2581338870.000000000046C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2581338870.000000000046E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_400000_Setup.jbxd
                                                                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                                                                  • API ID: CharNext$Directory$AttributesCreateCurrentFile
                                                                                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                                                                                  • API String ID: 1892508949-0
                                                                                                                                                                                                                                                                                                                  • Opcode ID: e89a9e6a3f09ade376d0d4b3fd71c203f5cd3ef8be9bd613e1140dffb9deb40c
                                                                                                                                                                                                                                                                                                                  • Instruction ID: 910f9ca0e916fbda017ea5bccd1daba2d9720f9cae8b5c5670dceb894c5ef12e
                                                                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: e89a9e6a3f09ade376d0d4b3fd71c203f5cd3ef8be9bd613e1140dffb9deb40c
                                                                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 3E11D031504110EBCF216FA5CD4099F36A0EF25369B28493BE945B52F1DA3E4A829A8E
                                                                                                                                                                                                                                                                                                                  Function 0040252A Relevance: 3.1, APIs: 2, Instructions: 56registryCOMMON
                                                                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                                                                  • RegQueryValueExW.KERNEL32(00000000,00000000,?,?,?,?,?,?,?,?,00000033), ref: 0040255B
                                                                                                                                                                                                                                                                                                                  • RegCloseKey.KERNEL32(?,?,?,C:\Users\user\AppData\Local\Temp\nst5AB2.tmp,00000000,00000011,00000002), ref: 004025FD
                                                                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                                                                  • Source File: 00000000.00000002.2581070006.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2581037993.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2581132216.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2581156480.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2581156480.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2581156480.000000000042F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2581156480.0000000000431000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2581156480.0000000000436000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2581156480.000000000043E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2581156480.0000000000442000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2581338870.000000000046C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2581338870.000000000046E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_400000_Setup.jbxd
                                                                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                                                                  • API ID: CloseQueryValue
                                                                                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                                                                                  • API String ID: 3356406503-0
                                                                                                                                                                                                                                                                                                                  • Opcode ID: 3fb0128ec3c0afb48f28764f09fc95c95f98cfbd5e462e7a9813c2ba4e742ed8
                                                                                                                                                                                                                                                                                                                  • Instruction ID: 3e5dab0bbcc9b7b4348569693e39c51bc0b27c59e8ea0ed6abb05ebc10b9b344
                                                                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 3fb0128ec3c0afb48f28764f09fc95c95f98cfbd5e462e7a9813c2ba4e742ed8
                                                                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 5F116D71900219EADF14DFA4DA589AE77B4FF04345B20443BE401B62C0E7B88A45EB5D
                                                                                                                                                                                                                                                                                                                  Function 00401F12 Relevance: 3.1, APIs: 1, Strings: 1, Instructions: 54COMMON
                                                                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                                                                    • Part of subcall function 00405B63: ShellExecuteExW.SHELL32(?), ref: 00405B72
                                                                                                                                                                                                                                                                                                                    • Part of subcall function 004069B5: WaitForSingleObject.KERNEL32(?,00000064), ref: 004069C6
                                                                                                                                                                                                                                                                                                                    • Part of subcall function 004069B5: GetExitCodeProcess.KERNEL32(?,?), ref: 004069E8
                                                                                                                                                                                                                                                                                                                  • CloseHandle.KERNEL32(?,?,?,?,?,?), ref: 00401FEB
                                                                                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                                                                  • Source File: 00000000.00000002.2581070006.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2581037993.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2581132216.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2581156480.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2581156480.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2581156480.000000000042F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2581156480.0000000000431000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2581156480.0000000000436000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2581156480.000000000043E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2581156480.0000000000442000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2581338870.000000000046C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2581338870.000000000046E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_400000_Setup.jbxd
                                                                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                                                                  • API ID: CloseCodeExecuteExitHandleObjectProcessShellSingleWait
                                                                                                                                                                                                                                                                                                                  • String ID: @
                                                                                                                                                                                                                                                                                                                  • API String ID: 165873841-2766056989
                                                                                                                                                                                                                                                                                                                  • Opcode ID: e9e6b888b2ac62b7866e10c79cc816c8736e15ae282fdec460a2aeb23ba8a534
                                                                                                                                                                                                                                                                                                                  • Instruction ID: 706d8f23dd4fc365793d21c3b3cee38f3579e955c6bce5a1691758ef83551cc9
                                                                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: e9e6b888b2ac62b7866e10c79cc816c8736e15ae282fdec460a2aeb23ba8a534
                                                                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 20115B71E042189ADB50EFB9CA49B8CB6F4BF04304F24447AE405F72C1EBBC89459B18
                                                                                                                                                                                                                                                                                                                  Function 00401389 Relevance: 3.0, APIs: 2, Instructions: 43windowCOMMON
                                                                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                                                                  • MulDiv.KERNEL32(00007530,00000000,00000000), ref: 004013E4
                                                                                                                                                                                                                                                                                                                  • SendMessageW.USER32(?,00000402,00000000), ref: 004013F4
                                                                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                                                                  • Source File: 00000000.00000002.2581070006.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2581037993.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2581132216.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2581156480.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2581156480.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2581156480.000000000042F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2581156480.0000000000431000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2581156480.0000000000436000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2581156480.000000000043E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2581156480.0000000000442000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2581338870.000000000046C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2581338870.000000000046E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_400000_Setup.jbxd
                                                                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                                                                  • API ID: MessageSend
                                                                                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                                                                                  • API String ID: 3850602802-0
                                                                                                                                                                                                                                                                                                                  • Opcode ID: d8feea9b0bd879c8f8267a4ec85e9a32d700cac98845316580bbb569ce856791
                                                                                                                                                                                                                                                                                                                  • Instruction ID: f98c5e72cab4da6dd47fcf147c12dc0649e5852bd482257a86ca63d172a8b8d6
                                                                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: d8feea9b0bd879c8f8267a4ec85e9a32d700cac98845316580bbb569ce856791
                                                                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 0B01F4316202209FE7094B389D05B6A3698E710319F14823FF851F65F1EA78DC029B4C
                                                                                                                                                                                                                                                                                                                  Function 00401EDE Relevance: 3.0, APIs: 2, Instructions: 25COMMON
                                                                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                                                                  • ShowWindow.USER32(00000000,00000000), ref: 00401EFC
                                                                                                                                                                                                                                                                                                                  • EnableWindow.USER32(00000000,00000000), ref: 00401F07
                                                                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                                                                  • Source File: 00000000.00000002.2581070006.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2581037993.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2581132216.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2581156480.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2581156480.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2581156480.000000000042F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2581156480.0000000000431000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2581156480.0000000000436000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2581156480.000000000043E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2581156480.0000000000442000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2581338870.000000000046C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2581338870.000000000046E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_400000_Setup.jbxd
                                                                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                                                                  • API ID: Window$EnableShow
                                                                                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                                                                                  • API String ID: 1136574915-0
                                                                                                                                                                                                                                                                                                                  • Opcode ID: 5ade1ed26a80a7dd8760c06c43378076533002221f41e68569be4ee1dd8de31a
                                                                                                                                                                                                                                                                                                                  • Instruction ID: ff95e9915c8c9942b49c08d49a5710ecdabad47c7be9b03b7ba0a01474a23479
                                                                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 5ade1ed26a80a7dd8760c06c43378076533002221f41e68569be4ee1dd8de31a
                                                                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: E7E04872908211CFE705EBA4EE495AD77F4EF40325710497FE501F11D1DBB55D00965D
                                                                                                                                                                                                                                                                                                                  Function 00405B20 Relevance: 3.0, APIs: 2, Instructions: 24processCOMMON
                                                                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                                                                  • CreateProcessW.KERNEL32(00000000,?,00000000,00000000,00000000,04000000,00000000,00000000,00430270,00000000,00000000), ref: 00405B49
                                                                                                                                                                                                                                                                                                                  • CloseHandle.KERNEL32(?), ref: 00405B56
                                                                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                                                                  • Source File: 00000000.00000002.2581070006.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2581037993.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2581132216.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2581156480.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2581156480.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2581156480.000000000042F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2581156480.0000000000431000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2581156480.0000000000436000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2581156480.000000000043E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2581156480.0000000000442000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2581338870.000000000046C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2581338870.000000000046E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_400000_Setup.jbxd
                                                                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                                                                  • API ID: CloseCreateHandleProcess
                                                                                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                                                                                  • API String ID: 3712363035-0
                                                                                                                                                                                                                                                                                                                  • Opcode ID: 4cad7792158b69fc064c933527736888f22fedd2346a68a48c9e5725d4d2403f
                                                                                                                                                                                                                                                                                                                  • Instruction ID: 0547baa0b497a95b6ed0e8f273b1969b1ac2c9598ef2001c301bcde660c6e2d6
                                                                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 4cad7792158b69fc064c933527736888f22fedd2346a68a48c9e5725d4d2403f
                                                                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 3EE092B4600209BFEB10AB64AE49F7B7AACEB04704F004565BA51E61A1DB78E8158A78
                                                                                                                                                                                                                                                                                                                  Function 0040690A Relevance: 3.0, APIs: 2, Instructions: 22libraryloaderCOMMON
                                                                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                                                                  • GetModuleHandleA.KERNEL32(?,00000020,?,0040363D,0000000B), ref: 0040691C
                                                                                                                                                                                                                                                                                                                  • GetProcAddress.KERNEL32(00000000,?), ref: 00406937
                                                                                                                                                                                                                                                                                                                    • Part of subcall function 0040689A: GetSystemDirectoryW.KERNEL32(?,00000104), ref: 004068B1
                                                                                                                                                                                                                                                                                                                    • Part of subcall function 0040689A: wsprintfW.USER32 ref: 004068EC
                                                                                                                                                                                                                                                                                                                    • Part of subcall function 0040689A: LoadLibraryExW.KERNEL32(?,00000000,00000008), ref: 00406900
                                                                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                                                                  • Source File: 00000000.00000002.2581070006.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2581037993.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2581132216.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2581156480.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2581156480.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2581156480.000000000042F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2581156480.0000000000431000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2581156480.0000000000436000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2581156480.000000000043E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2581156480.0000000000442000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2581338870.000000000046C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2581338870.000000000046E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_400000_Setup.jbxd
                                                                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                                                                  • API ID: AddressDirectoryHandleLibraryLoadModuleProcSystemwsprintf
                                                                                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                                                                                  • API String ID: 2547128583-0
                                                                                                                                                                                                                                                                                                                  • Opcode ID: 6f78d3fdf53352f122fdb8e7e1f438bdfac4fae158339a91a146711bf240c1a4
                                                                                                                                                                                                                                                                                                                  • Instruction ID: 98bdf7d71c6046f852b78b75196177710d0a141037308efd39b2ac7baa162fea
                                                                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 6f78d3fdf53352f122fdb8e7e1f438bdfac4fae158339a91a146711bf240c1a4
                                                                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 9FE0867390422066D21196745D44D7773A89B99750306443EF946F2090DB38DC31A76E
                                                                                                                                                                                                                                                                                                                  Function 00402C05 Relevance: 3.0, APIs: 2, Instructions: 21windowCOMMON
                                                                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                                                                  • SendMessageW.USER32(?,0000000B,00000001), ref: 00402C14
                                                                                                                                                                                                                                                                                                                  • InvalidateRect.USER32(?), ref: 00402C24
                                                                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                                                                  • Source File: 00000000.00000002.2581070006.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2581037993.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2581132216.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2581156480.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2581156480.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2581156480.000000000042F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2581156480.0000000000431000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2581156480.0000000000436000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2581156480.000000000043E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2581156480.0000000000442000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2581338870.000000000046C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2581338870.000000000046E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_400000_Setup.jbxd
                                                                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                                                                  • API ID: InvalidateMessageRectSend
                                                                                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                                                                                  • API String ID: 909852535-0
                                                                                                                                                                                                                                                                                                                  • Opcode ID: 0509652848a83ac1d7feddac23dc24ced32f84c0220a85d8a6f2313ae5a63aab
                                                                                                                                                                                                                                                                                                                  • Instruction ID: 5efb85e177e5feb05262591b5578bbf68be0fc1facb886aaf0ec985341d6bcc2
                                                                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 0509652848a83ac1d7feddac23dc24ced32f84c0220a85d8a6f2313ae5a63aab
                                                                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: CEE08C72700008FFEB01CBA4EE84DAEB779FB40315B00007AF502A00A0D7300D40DA28
                                                                                                                                                                                                                                                                                                                  Function 0040602D Relevance: 3.0, APIs: 2, Instructions: 16fileCOMMON
                                                                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                                                                  • GetFileAttributesW.KERNEL32(00000003,004030BD,C:\Users\user\Desktop\Setup.exe,80000000,00000003,?,?,?,?,?,0040387D,?), ref: 00406031
                                                                                                                                                                                                                                                                                                                  • CreateFileW.KERNEL32(?,?,00000001,00000000,?,00000001,00000000,?,?,?,?,?,0040387D,?), ref: 00406053
                                                                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                                                                  • Source File: 00000000.00000002.2581070006.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2581037993.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2581132216.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2581156480.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2581156480.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2581156480.000000000042F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2581156480.0000000000431000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2581156480.0000000000436000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2581156480.000000000043E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2581156480.0000000000442000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2581338870.000000000046C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2581338870.000000000046E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_400000_Setup.jbxd
                                                                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                                                                  • API ID: File$AttributesCreate
                                                                                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                                                                                  • API String ID: 415043291-0
                                                                                                                                                                                                                                                                                                                  • Opcode ID: 080dfadfdaad2818d5b04c51cfada36c475993ea7ffea5996e238fb5a0e3a6c4
                                                                                                                                                                                                                                                                                                                  • Instruction ID: 1030bc0f2bf25390ef9c6131bda9d6cfedcac9e68b753c15eded60bf4a570351
                                                                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 080dfadfdaad2818d5b04c51cfada36c475993ea7ffea5996e238fb5a0e3a6c4
                                                                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 5ED09E31254201AFEF098F20DE16F2E7BA2EB94B04F11552CB786941E0DAB15C199B15
                                                                                                                                                                                                                                                                                                                  Function 00406008 Relevance: 3.0, APIs: 2, Instructions: 13COMMON
                                                                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                                                                  • GetFileAttributesW.KERNEL32(?,?,00405C0D,?,?,00000000,00405DE3,?,?,?,?), ref: 0040600D
                                                                                                                                                                                                                                                                                                                  • SetFileAttributesW.KERNEL32(?,00000000), ref: 00406021
                                                                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                                                                  • Source File: 00000000.00000002.2581070006.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2581037993.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2581132216.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2581156480.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2581156480.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2581156480.000000000042F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2581156480.0000000000431000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2581156480.0000000000436000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2581156480.000000000043E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2581156480.0000000000442000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2581338870.000000000046C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2581338870.000000000046E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_400000_Setup.jbxd
                                                                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                                                                  • API ID: AttributesFile
                                                                                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                                                                                  • API String ID: 3188754299-0
                                                                                                                                                                                                                                                                                                                  • Opcode ID: a764032cc0ce64e7f87df91ab84dfb27e8fca44cfd77f22972d2dc2d25b91850
                                                                                                                                                                                                                                                                                                                  • Instruction ID: c979a2e86073268fb5c10017c0603d576bb262e7e1663e1e1b2ee048d1a5e24b
                                                                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: a764032cc0ce64e7f87df91ab84dfb27e8fca44cfd77f22972d2dc2d25b91850
                                                                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 34D012725041316FC2102728EF0C89BBF55EF643717014B35F9A5A22F0CB304C638A98
                                                                                                                                                                                                                                                                                                                  Function 00403B12 Relevance: 3.0, APIs: 1, Strings: 1, Instructions: 11COMMON
                                                                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                                                                  • CloseHandle.KERNEL32(FFFFFFFF,00403A5E,?), ref: 00403B1D
                                                                                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                                                                                  • C:\Users\user\AppData\Local\Temp\nst5AB2.tmp\, xrefs: 00403B31
                                                                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                                                                  • Source File: 00000000.00000002.2581070006.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2581037993.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2581132216.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2581156480.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2581156480.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2581156480.000000000042F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2581156480.0000000000431000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2581156480.0000000000436000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2581156480.000000000043E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2581156480.0000000000442000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2581338870.000000000046C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2581338870.000000000046E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_400000_Setup.jbxd
                                                                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                                                                  • API ID: CloseHandle
                                                                                                                                                                                                                                                                                                                  • String ID: C:\Users\user\AppData\Local\Temp\nst5AB2.tmp\
                                                                                                                                                                                                                                                                                                                  • API String ID: 2962429428-244833028
                                                                                                                                                                                                                                                                                                                  • Opcode ID: e86ec88962d2cddd060eb64ec5e150871475ae72b9f2b14f7d4b77a190cc5563
                                                                                                                                                                                                                                                                                                                  • Instruction ID: 74b342ff74dc5917d60848dc34610585f5de2c5243f802b65b47dd8438b48b4d
                                                                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: e86ec88962d2cddd060eb64ec5e150871475ae72b9f2b14f7d4b77a190cc5563
                                                                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 5EC0123050470056D1646F749E4FE153B64AB4073EB600325B0F9B10F1CB3C5759895D
                                                                                                                                                                                                                                                                                                                  Function 00405AEB Relevance: 3.0, APIs: 2, Instructions: 9COMMON
                                                                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                                                                  • CreateDirectoryW.KERNEL32(?,00000000,00403520,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,00403810), ref: 00405AF1
                                                                                                                                                                                                                                                                                                                  • GetLastError.KERNEL32 ref: 00405AFF
                                                                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                                                                  • Source File: 00000000.00000002.2581070006.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2581037993.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2581132216.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2581156480.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2581156480.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2581156480.000000000042F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2581156480.0000000000431000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2581156480.0000000000436000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2581156480.000000000043E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2581156480.0000000000442000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2581338870.000000000046C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2581338870.000000000046E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_400000_Setup.jbxd
                                                                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                                                                  • API ID: CreateDirectoryErrorLast
                                                                                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                                                                                  • API String ID: 1375471231-0
                                                                                                                                                                                                                                                                                                                  • Opcode ID: a5afa482e644e9a10fedfab033ae5dbb8931bf23a9e1c5533d9f8c1a63861871
                                                                                                                                                                                                                                                                                                                  • Instruction ID: 33feed20cbbf131019f18849f7ccc9358209a8d33535326e0157453b6049084a
                                                                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: a5afa482e644e9a10fedfab033ae5dbb8931bf23a9e1c5533d9f8c1a63861871
                                                                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 1BC04C30204501AED6105B609E48B177AA4DB50741F16843D6146E41E0DA789455EE2D
                                                                                                                                                                                                                                                                                                                  Function 00402891 Relevance: 1.5, APIs: 1, Instructions: 28COMMON
                                                                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                                                                  • SetFilePointer.KERNEL32(00000000,?,00000000,?,?), ref: 004028AF
                                                                                                                                                                                                                                                                                                                    • Part of subcall function 00406484: wsprintfW.USER32 ref: 00406491
                                                                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                                                                  • Source File: 00000000.00000002.2581070006.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2581037993.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2581132216.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2581156480.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2581156480.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2581156480.000000000042F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2581156480.0000000000431000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2581156480.0000000000436000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2581156480.000000000043E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2581156480.0000000000442000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2581338870.000000000046C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2581338870.000000000046E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_400000_Setup.jbxd
                                                                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                                                                  • API ID: FilePointerwsprintf
                                                                                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                                                                                  • API String ID: 327478801-0
                                                                                                                                                                                                                                                                                                                  • Opcode ID: 1a69bed114d0c3cb27e295a60469d00fb85b85c1c8bbaab52ea3f411131a6a45
                                                                                                                                                                                                                                                                                                                  • Instruction ID: a13d1cf18dcce6f7d85bed0b4e0fde0de6b16079219dfacd376ffc086bc6f252
                                                                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 1a69bed114d0c3cb27e295a60469d00fb85b85c1c8bbaab52ea3f411131a6a45
                                                                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: D3E09271A04105BFDB01EFA5AE499AEB3B8EF44319B10483BF102F00C1DA794D119B2D
                                                                                                                                                                                                                                                                                                                  Function 004063D8 Relevance: 1.5, APIs: 1, Instructions: 24registryCOMMON
                                                                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                                                                  • RegCreateKeyExW.KERNEL32(00000000,?,00000000,00000000,00000000,?,00000000,?,00000000,?,?,?,00402E57,00000000,?,?), ref: 00406401
                                                                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                                                                  • Source File: 00000000.00000002.2581070006.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2581037993.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2581132216.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2581156480.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2581156480.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2581156480.000000000042F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2581156480.0000000000431000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2581156480.0000000000436000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2581156480.000000000043E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2581156480.0000000000442000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2581338870.000000000046C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2581338870.000000000046E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_400000_Setup.jbxd
                                                                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                                                                  • API ID: Create
                                                                                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                                                                                  • API String ID: 2289755597-0
                                                                                                                                                                                                                                                                                                                  • Opcode ID: f0170b29b94a961cdf0cc122a920c286c7e5b726b195fdee8f598fb45efbb6e4
                                                                                                                                                                                                                                                                                                                  • Instruction ID: ccab944935cfefb85f0e849ce69279fb55db75a3b7fb0960311cd9d36817041a
                                                                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: f0170b29b94a961cdf0cc122a920c286c7e5b726b195fdee8f598fb45efbb6e4
                                                                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 04E0E6B2010109BFEF095F90DC0AD7B3B1DE704300F01892EFD06D4091E6B5AD306675
                                                                                                                                                                                                                                                                                                                  Function 004060DF Relevance: 1.5, APIs: 1, Instructions: 22fileCOMMON
                                                                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                                                                  • WriteFile.KERNEL32(00000000,00000000,00000004,00000004,00000000,000000FF,?,00403498,00000000,0041EA20,000000FF,0041EA20,000000FF,000000FF,00000004,00000000), ref: 004060F3
                                                                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                                                                  • Source File: 00000000.00000002.2581070006.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2581037993.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2581132216.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2581156480.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2581156480.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2581156480.000000000042F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2581156480.0000000000431000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2581156480.0000000000436000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2581156480.000000000043E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2581156480.0000000000442000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2581338870.000000000046C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2581338870.000000000046E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_400000_Setup.jbxd
                                                                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                                                                  • API ID: FileWrite
                                                                                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                                                                                  • API String ID: 3934441357-0
                                                                                                                                                                                                                                                                                                                  • Opcode ID: 3dec9289c2e50997f5b7f42c7d661c3d3292bfbb80aff78175bf8fde073ef60e
                                                                                                                                                                                                                                                                                                                  • Instruction ID: d8d859634201a592f38c73999a999f352708a9e59580de02994c407fa40ca669
                                                                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 3dec9289c2e50997f5b7f42c7d661c3d3292bfbb80aff78175bf8fde073ef60e
                                                                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: FAE08C3220026AABEF109E60DC04AEB3B6CFB00360F014837FA16E7081E270E93087A4
                                                                                                                                                                                                                                                                                                                  Function 004060B0 Relevance: 1.5, APIs: 1, Instructions: 22fileCOMMON
                                                                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                                                                  • ReadFile.KERNEL32(00000000,00000000,00000004,00000004,00000000,000000FF,?,004034E2,00000000,00000000,00403306,000000FF,00000004,00000000,00000000,00000000), ref: 004060C4
                                                                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                                                                  • Source File: 00000000.00000002.2581070006.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2581037993.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2581132216.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2581156480.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2581156480.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2581156480.000000000042F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2581156480.0000000000431000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2581156480.0000000000436000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2581156480.000000000043E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2581156480.0000000000442000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2581338870.000000000046C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2581338870.000000000046E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_400000_Setup.jbxd
                                                                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                                                                  • API ID: FileRead
                                                                                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                                                                                  • API String ID: 2738559852-0
                                                                                                                                                                                                                                                                                                                  • Opcode ID: 0024165f2f5d2011be9120f41fe866c54f7b8e58de784a1218c53157080e4b8c
                                                                                                                                                                                                                                                                                                                  • Instruction ID: 1583d2e05e1cff28e3594e7db3f0db2d88eef65457287744bb544c492d9958e5
                                                                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 0024165f2f5d2011be9120f41fe866c54f7b8e58de784a1218c53157080e4b8c
                                                                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: AEE0EC322502AAABDF10AE65DC04AEB7B6CEB05361F018936FD16E6150E631E92197A4
                                                                                                                                                                                                                                                                                                                  Function 004063AA Relevance: 1.5, APIs: 1, Instructions: 19registryCOMMON
                                                                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                                                                  • RegOpenKeyExW.KERNEL32(00000000,00000000,00000000,?,?,?,?,?,00406438,?,00000000,?,?,Remove folder: ,?), ref: 004063CE
                                                                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                                                                  • Source File: 00000000.00000002.2581070006.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2581037993.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2581132216.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2581156480.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2581156480.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2581156480.000000000042F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2581156480.0000000000431000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2581156480.0000000000436000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2581156480.000000000043E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2581156480.0000000000442000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2581338870.000000000046C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2581338870.000000000046E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_400000_Setup.jbxd
                                                                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                                                                  • API ID: Open
                                                                                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                                                                                  • API String ID: 71445658-0
                                                                                                                                                                                                                                                                                                                  • Opcode ID: 759d75b29ffd137612e455953a298f0698f5beae901813cd77d6ec234b014f3e
                                                                                                                                                                                                                                                                                                                  • Instruction ID: 4361357c0318622cec318f667d88df30c4c29b75262f7bca7234b06b46464da2
                                                                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 759d75b29ffd137612e455953a298f0698f5beae901813cd77d6ec234b014f3e
                                                                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 83D0123210020EBBDF115F91AD01FAB3B5DAB08310F014426FE06E40A1D775D530A764
                                                                                                                                                                                                                                                                                                                  Function 00404499 Relevance: 1.5, APIs: 1, Instructions: 10COMMON
                                                                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                                                                    • Part of subcall function 0040657A: lstrcatW.KERNEL32(Remove folder: ,\Microsoft\Internet Explorer\Quick Launch), ref: 0040671F
                                                                                                                                                                                                                                                                                                                    • Part of subcall function 0040657A: lstrlenW.KERNEL32(Remove folder: ,00000000,Remove folder: C:\Users\user\AppData\Local\Temp\nst5AB2.tmp\,?,004055D6,Remove folder: C:\Users\user\AppData\Local\Temp\nst5AB2.tmp\,00000000), ref: 00406779
                                                                                                                                                                                                                                                                                                                  • SetDlgItemTextW.USER32(?,?,00000000), ref: 004044B3
                                                                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                                                                  • Source File: 00000000.00000002.2581070006.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2581037993.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2581132216.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2581156480.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2581156480.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2581156480.000000000042F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2581156480.0000000000431000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2581156480.0000000000436000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2581156480.000000000043E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2581156480.0000000000442000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2581338870.000000000046C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2581338870.000000000046E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_400000_Setup.jbxd
                                                                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                                                                  • API ID: ItemTextlstrcatlstrlen
                                                                                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                                                                                  • API String ID: 281422827-0
                                                                                                                                                                                                                                                                                                                  • Opcode ID: 686190c6e4e1e5cc0914df72c0c951126eb576f2e70f28df627782bea9933419
                                                                                                                                                                                                                                                                                                                  • Instruction ID: 6ac98b26730712a62f5b3967fa7f39b4c61dbbfa6ef1674fce18da22a1fc1fc0
                                                                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 686190c6e4e1e5cc0914df72c0c951126eb576f2e70f28df627782bea9933419
                                                                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: D3C08C35008200BFD641A714EC42F0FB7A8FFA031AF00C42EB05CA10D1C63494208A2A
                                                                                                                                                                                                                                                                                                                  Function 004044E5 Relevance: 1.5, APIs: 1, Instructions: 9windowCOMMON
                                                                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                                                                  • SendMessageW.USER32(00020498,00000000,00000000,00000000), ref: 004044F7
                                                                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                                                                  • Source File: 00000000.00000002.2581070006.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2581037993.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2581132216.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2581156480.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2581156480.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2581156480.000000000042F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2581156480.0000000000431000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2581156480.0000000000436000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2581156480.000000000043E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2581156480.0000000000442000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2581338870.000000000046C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2581338870.000000000046E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_400000_Setup.jbxd
                                                                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                                                                  • API ID: MessageSend
                                                                                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                                                                                  • API String ID: 3850602802-0
                                                                                                                                                                                                                                                                                                                  • Opcode ID: b985a0028b3d47d2300e38cb49a9103195f452c5c5dca8052d978926f7780193
                                                                                                                                                                                                                                                                                                                  • Instruction ID: 729772cd993a62bf3dcd5a53f5ba0c6067f9c4589e443fe2cdcdd0dddf41cb53
                                                                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: b985a0028b3d47d2300e38cb49a9103195f452c5c5dca8052d978926f7780193
                                                                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 74C04CB1740605BADA108B509D45F0677546750701F188429B641A50E0CA74E410D62C
                                                                                                                                                                                                                                                                                                                  Function 00405B63 Relevance: 1.5, APIs: 1, Instructions: 6COMMON
                                                                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                                                                  • ShellExecuteExW.SHELL32(?), ref: 00405B72
                                                                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                                                                  • Source File: 00000000.00000002.2581070006.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2581037993.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2581132216.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2581156480.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2581156480.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2581156480.000000000042F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2581156480.0000000000431000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2581156480.0000000000436000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2581156480.000000000043E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2581156480.0000000000442000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2581338870.000000000046C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2581338870.000000000046E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_400000_Setup.jbxd
                                                                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                                                                  • API ID: ExecuteShell
                                                                                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                                                                                  • API String ID: 587946157-0
                                                                                                                                                                                                                                                                                                                  • Opcode ID: 34af207f7f04f37b2a6a243a8c8041682423b78b35e6f682d2e1a111f695392f
                                                                                                                                                                                                                                                                                                                  • Instruction ID: 155326c85e208380d9db810c36285a9e1b4200be200639c8195ffcf147e959ee
                                                                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 34af207f7f04f37b2a6a243a8c8041682423b78b35e6f682d2e1a111f695392f
                                                                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: BEC092B2000200EFE301CF80CB09F067BE8AF54306F028068E185DA060C7788840CB29
                                                                                                                                                                                                                                                                                                                  Function 004044CE Relevance: 1.5, APIs: 1, Instructions: 6windowCOMMON
                                                                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                                                                  • SendMessageW.USER32(00000028,?,00000001,004042F9), ref: 004044DC
                                                                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                                                                  • Source File: 00000000.00000002.2581070006.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2581037993.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2581132216.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2581156480.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2581156480.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2581156480.000000000042F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2581156480.0000000000431000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2581156480.0000000000436000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2581156480.000000000043E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2581156480.0000000000442000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2581338870.000000000046C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2581338870.000000000046E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_400000_Setup.jbxd
                                                                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                                                                  • API ID: MessageSend
                                                                                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                                                                                  • API String ID: 3850602802-0
                                                                                                                                                                                                                                                                                                                  • Opcode ID: ea04ea026f55595d688d74c1d87789f1c1942be7a89ca5b988cfd0b6025de892
                                                                                                                                                                                                                                                                                                                  • Instruction ID: f9270ce27bc2d5d500308faa7c43699bdd9cec228278350af1c7ef3a72e6c056
                                                                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: ea04ea026f55595d688d74c1d87789f1c1942be7a89ca5b988cfd0b6025de892
                                                                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 4FB01235181A00FBDE514B00DE09F857E62F7E4701F058038F341240F0CBB200A4DB08
                                                                                                                                                                                                                                                                                                                  Function 004034E5 Relevance: 1.5, APIs: 1, Instructions: 6COMMON
                                                                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                                                                  • SetFilePointer.KERNEL32(00000000,00000000,00000000,00403242,?,?,?,?,?,?,0040387D,?), ref: 004034F3
                                                                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                                                                  • Source File: 00000000.00000002.2581070006.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2581037993.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2581132216.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2581156480.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2581156480.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2581156480.000000000042F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2581156480.0000000000431000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2581156480.0000000000436000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2581156480.000000000043E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2581156480.0000000000442000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2581338870.000000000046C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2581338870.000000000046E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_400000_Setup.jbxd
                                                                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                                                                  • API ID: FilePointer
                                                                                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                                                                                  • API String ID: 973152223-0
                                                                                                                                                                                                                                                                                                                  • Opcode ID: e1e4f0b9cbde4cef3e4374ef9de0ac4f9a9ec0cef6a377cf2568efe91b529ef4
                                                                                                                                                                                                                                                                                                                  • Instruction ID: 036c8468b6dd2e012b37e6e875261c5f60c7cf4634656b07e897873a541603b6
                                                                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: e1e4f0b9cbde4cef3e4374ef9de0ac4f9a9ec0cef6a377cf2568efe91b529ef4
                                                                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 1FB01231140304BFDA214F10DF09F067B21BB94700F20C034B384380F086711435EB0D
                                                                                                                                                                                                                                                                                                                  Function 004044BB Relevance: 1.5, APIs: 1, Instructions: 4COMMON
                                                                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                                                                  • KiUserCallbackDispatcher.NTDLL(?,00404292), ref: 004044C5
                                                                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                                                                  • Source File: 00000000.00000002.2581070006.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2581037993.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2581132216.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2581156480.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2581156480.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2581156480.000000000042F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2581156480.0000000000431000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2581156480.0000000000436000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2581156480.000000000043E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2581156480.0000000000442000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2581338870.000000000046C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2581338870.000000000046E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_400000_Setup.jbxd
                                                                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                                                                  • API ID: CallbackDispatcherUser
                                                                                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                                                                                  • API String ID: 2492992576-0
                                                                                                                                                                                                                                                                                                                  • Opcode ID: 88c3b14432b04161d4e03979afc52f71aef4d1a500ec292a4d39f98dda9e77ac
                                                                                                                                                                                                                                                                                                                  • Instruction ID: 0db23a64e3c973129ccb7351ad80e5cfa0365495cc8a336c35755b545d17f2be
                                                                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 88c3b14432b04161d4e03979afc52f71aef4d1a500ec292a4d39f98dda9e77ac
                                                                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 74A00275508601DBDE115B51DF09D057B71A7547017414579A18551034C6314461EB5D
                                                                                                                                                                                                                                                                                                                  Function 00401FA4 Relevance: 1.3, APIs: 1, Instructions: 37COMMON
                                                                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                                                                    • Part of subcall function 0040559F: lstrlenW.KERNEL32(Remove folder: C:\Users\user\AppData\Local\Temp\nst5AB2.tmp\,00000000,00424420,74DF23A0,?,?,?,?,?,?,?,?,?,00403418,00000000,?), ref: 004055D7
                                                                                                                                                                                                                                                                                                                    • Part of subcall function 0040559F: lstrlenW.KERNEL32(00403418,Remove folder: C:\Users\user\AppData\Local\Temp\nst5AB2.tmp\,00000000,00424420,74DF23A0,?,?,?,?,?,?,?,?,?,00403418,00000000), ref: 004055E7
                                                                                                                                                                                                                                                                                                                    • Part of subcall function 0040559F: lstrcatW.KERNEL32(Remove folder: C:\Users\user\AppData\Local\Temp\nst5AB2.tmp\,00403418,00403418,Remove folder: C:\Users\user\AppData\Local\Temp\nst5AB2.tmp\,00000000,00424420,74DF23A0), ref: 004055FA
                                                                                                                                                                                                                                                                                                                    • Part of subcall function 0040559F: SetWindowTextW.USER32(Remove folder: C:\Users\user\AppData\Local\Temp\nst5AB2.tmp\,Remove folder: C:\Users\user\AppData\Local\Temp\nst5AB2.tmp\), ref: 0040560C
                                                                                                                                                                                                                                                                                                                    • Part of subcall function 0040559F: SendMessageW.USER32(?,00001004,00000000,00000000), ref: 00405632
                                                                                                                                                                                                                                                                                                                    • Part of subcall function 0040559F: SendMessageW.USER32(?,0000104D,00000000,00000001), ref: 0040564C
                                                                                                                                                                                                                                                                                                                    • Part of subcall function 0040559F: SendMessageW.USER32(?,00001013,?,00000000), ref: 0040565A
                                                                                                                                                                                                                                                                                                                    • Part of subcall function 00405B20: CreateProcessW.KERNEL32(00000000,?,00000000,00000000,00000000,04000000,00000000,00000000,00430270,00000000,00000000), ref: 00405B49
                                                                                                                                                                                                                                                                                                                    • Part of subcall function 00405B20: CloseHandle.KERNEL32(?), ref: 00405B56
                                                                                                                                                                                                                                                                                                                  • CloseHandle.KERNEL32(?,?,?,?,?,?), ref: 00401FEB
                                                                                                                                                                                                                                                                                                                    • Part of subcall function 004069B5: WaitForSingleObject.KERNEL32(?,00000064), ref: 004069C6
                                                                                                                                                                                                                                                                                                                    • Part of subcall function 004069B5: GetExitCodeProcess.KERNEL32(?,?), ref: 004069E8
                                                                                                                                                                                                                                                                                                                    • Part of subcall function 00406484: wsprintfW.USER32 ref: 00406491
                                                                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                                                                  • Source File: 00000000.00000002.2581070006.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2581037993.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2581132216.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2581156480.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2581156480.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2581156480.000000000042F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2581156480.0000000000431000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2581156480.0000000000436000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2581156480.000000000043E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2581156480.0000000000442000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2581338870.000000000046C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2581338870.000000000046E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_400000_Setup.jbxd
                                                                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                                                                  • API ID: MessageSend$CloseHandleProcesslstrlen$CodeCreateExitObjectSingleTextWaitWindowlstrcatwsprintf
                                                                                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                                                                                  • API String ID: 2972824698-0
                                                                                                                                                                                                                                                                                                                  • Opcode ID: 11aaa4362747121357e125e8dbb3e446f77891c3c0f7104508ea78bcc2682684
                                                                                                                                                                                                                                                                                                                  • Instruction ID: a015d294fcb9cc4e365613bb9e09bf6e78b00889af70ee47f703a6c6056ea9c8
                                                                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 11aaa4362747121357e125e8dbb3e446f77891c3c0f7104508ea78bcc2682684
                                                                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 2DF09072904112EBCB21BBA59A84EDE76E8DF01318F25403BE102B21D1D77C4E429A6E

                                                                                                                                                                                                                                                                                                                  Non-executed Functions

                                                                                                                                                                                                                                                                                                                  Function 0040498A Relevance: 26.5, APIs: 10, Strings: 5, Instructions: 275stringCOMMON
                                                                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                                                                  • GetDlgItem.USER32(?,000003FB), ref: 004049D9
                                                                                                                                                                                                                                                                                                                  • SetWindowTextW.USER32(00000000,?), ref: 00404A03
                                                                                                                                                                                                                                                                                                                  • SHBrowseForFolderW.SHELL32(?), ref: 00404AB4
                                                                                                                                                                                                                                                                                                                  • CoTaskMemFree.OLE32(00000000), ref: 00404ABF
                                                                                                                                                                                                                                                                                                                  • lstrcmpiW.KERNEL32(Remove folder: ,0042D268,00000000,?,?), ref: 00404AF1
                                                                                                                                                                                                                                                                                                                  • lstrcatW.KERNEL32(?,Remove folder: ), ref: 00404AFD
                                                                                                                                                                                                                                                                                                                  • SetDlgItemTextW.USER32(?,000003FB,?), ref: 00404B0F
                                                                                                                                                                                                                                                                                                                    • Part of subcall function 00405B81: GetDlgItemTextW.USER32(?,?,00000400,00404B46), ref: 00405B94
                                                                                                                                                                                                                                                                                                                    • Part of subcall function 004067C4: CharNextW.USER32(?,*?|<>/":,00000000,00000000,74DF3420,C:\Users\user\AppData\Local\Temp\,?,00403508,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,00403810), ref: 00406827
                                                                                                                                                                                                                                                                                                                    • Part of subcall function 004067C4: CharNextW.USER32(?,?,?,00000000,?,00403508,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,00403810), ref: 00406836
                                                                                                                                                                                                                                                                                                                    • Part of subcall function 004067C4: CharNextW.USER32(?,00000000,74DF3420,C:\Users\user\AppData\Local\Temp\,?,00403508,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,00403810), ref: 0040683B
                                                                                                                                                                                                                                                                                                                    • Part of subcall function 004067C4: CharPrevW.USER32(?,?,74DF3420,C:\Users\user\AppData\Local\Temp\,?,00403508,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,00403810), ref: 0040684E
                                                                                                                                                                                                                                                                                                                  • GetDiskFreeSpaceW.KERNEL32(0042B238,?,?,0000040F,?,0042B238,0042B238,?,00000001,0042B238,?,?,000003FB,?), ref: 00404BD2
                                                                                                                                                                                                                                                                                                                  • MulDiv.KERNEL32(?,0000040F,00000400), ref: 00404BED
                                                                                                                                                                                                                                                                                                                    • Part of subcall function 00404D46: lstrlenW.KERNEL32(0042D268,0042D268,?,%u.%u%s%s,00000005,00000000,00000000,?,000000DC,00000000,?,000000DF,00000000,00000400,?), ref: 00404DE7
                                                                                                                                                                                                                                                                                                                    • Part of subcall function 00404D46: wsprintfW.USER32 ref: 00404DF0
                                                                                                                                                                                                                                                                                                                    • Part of subcall function 00404D46: SetDlgItemTextW.USER32(?,0042D268), ref: 00404E03
                                                                                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                                                                  • Source File: 00000000.00000002.2581070006.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2581037993.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2581132216.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2581156480.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2581156480.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2581156480.000000000042F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2581156480.0000000000431000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2581156480.0000000000436000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2581156480.000000000043E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2581156480.0000000000442000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2581338870.000000000046C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2581338870.000000000046E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_400000_Setup.jbxd
                                                                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                                                                  • API ID: CharItemText$Next$Free$BrowseDiskFolderPrevSpaceTaskWindowlstrcatlstrcmpilstrlenwsprintf
                                                                                                                                                                                                                                                                                                                  • String ID: $NN$@xP$A$C:\Users\user\AppData\Local\Temp\nsr7B99.tmp$Remove folder:
                                                                                                                                                                                                                                                                                                                  • API String ID: 2624150263-3067800838
                                                                                                                                                                                                                                                                                                                  • Opcode ID: aac53df244383e2a07a9d2c6e377dc106276e891bc31ab3524a37a2d2ad96109
                                                                                                                                                                                                                                                                                                                  • Instruction ID: a81e8b8b6ddc8ea4f7a7a45a10ce21cc850824e22f7b82fba9ad49fead82d7d1
                                                                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: aac53df244383e2a07a9d2c6e377dc106276e891bc31ab3524a37a2d2ad96109
                                                                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: CBA191B1900208ABDB119FA6DD45AAFB7B8EF84314F10803BF601B62D1D77C9A41CB6D
                                                                                                                                                                                                                                                                                                                  Function 004021AA Relevance: 1.6, APIs: 1, Instructions: 129comCOMMON
                                                                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                                                                  • CoCreateInstance.OLE32(004085F0,?,00000001,004085E0,?,?,00000045,000000CD,00000002,000000DF,000000F0), ref: 00402229
                                                                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                                                                  • Source File: 00000000.00000002.2581070006.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2581037993.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2581132216.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2581156480.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2581156480.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2581156480.000000000042F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2581156480.0000000000431000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2581156480.0000000000436000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2581156480.000000000043E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2581156480.0000000000442000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2581338870.000000000046C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2581338870.000000000046E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_400000_Setup.jbxd
                                                                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                                                                  • API ID: CreateInstance
                                                                                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                                                                                  • API String ID: 542301482-0
                                                                                                                                                                                                                                                                                                                  • Opcode ID: f0c7f0c58da5b2556a219b4126ec8a5e6c03aa9de5f34d462473648d541e39b0
                                                                                                                                                                                                                                                                                                                  • Instruction ID: 5977cb51530078b600b156af0050786de557c4b464dd586e6a5beaa7a0440451
                                                                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: f0c7f0c58da5b2556a219b4126ec8a5e6c03aa9de5f34d462473648d541e39b0
                                                                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: A7411571A00208EFCF40DFE4C989E9D7BB5BF49348B20456AF905EB2D1DB799981CB94
                                                                                                                                                                                                                                                                                                                  Function 0040290B Relevance: 1.5, APIs: 1, Instructions: 30fileCOMMON
                                                                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                                                                  • FindFirstFileW.KERNEL32(00000000,?,00000002), ref: 0040291A
                                                                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                                                                  • Source File: 00000000.00000002.2581070006.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2581037993.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2581132216.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2581156480.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2581156480.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2581156480.000000000042F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2581156480.0000000000431000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2581156480.0000000000436000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2581156480.000000000043E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2581156480.0000000000442000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2581338870.000000000046C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2581338870.000000000046E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_400000_Setup.jbxd
                                                                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                                                                  • API ID: FileFindFirst
                                                                                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                                                                                  • API String ID: 1974802433-0
                                                                                                                                                                                                                                                                                                                  • Opcode ID: 23bc45f7dafbc09bf3d58dfb9668e04a20f74da7ffae18e0ad0b6f577034eb1d
                                                                                                                                                                                                                                                                                                                  • Instruction ID: 3f6fbcf0fd4d311cdd608d5f72697756ed96b8559223cd5d9f1c4d92bc61f1b3
                                                                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 23bc45f7dafbc09bf3d58dfb9668e04a20f74da7ffae18e0ad0b6f577034eb1d
                                                                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 3CF08271A04105EFD701DBA4ED49AAEB378FF14314F60417BE116F21D0E7B88E159B29
                                                                                                                                                                                                                                                                                                                  Function 00406D85 Relevance: .3, Instructions: 334COMMON
                                                                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                                                                  • Source File: 00000000.00000002.2581070006.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2581037993.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2581132216.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2581156480.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2581156480.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2581156480.000000000042F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2581156480.0000000000431000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2581156480.0000000000436000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2581156480.000000000043E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2581156480.0000000000442000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2581338870.000000000046C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2581338870.000000000046E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_400000_Setup.jbxd
                                                                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                                                                                                                                  • Opcode ID: fbe53aaae7eeab696340878b5eee03eb0fd33fb80e94407ce6853ed186f7d00c
                                                                                                                                                                                                                                                                                                                  • Instruction ID: 3db1d01f4341fbbb805040525b4c18df43ce82c239752998d09602440244d977
                                                                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: fbe53aaae7eeab696340878b5eee03eb0fd33fb80e94407ce6853ed186f7d00c
                                                                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: FEE18A71A0070ADFCB24CF59D880BAABBF5FB44305F15852EE496A72D1D338AA91CF45
                                                                                                                                                                                                                                                                                                                  Function 0040755C Relevance: .3, Instructions: 300COMMON
                                                                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                                                                  • Source File: 00000000.00000002.2581070006.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2581037993.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2581132216.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2581156480.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2581156480.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2581156480.000000000042F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2581156480.0000000000431000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2581156480.0000000000436000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2581156480.000000000043E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2581156480.0000000000442000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2581338870.000000000046C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2581338870.000000000046E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_400000_Setup.jbxd
                                                                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                                                                                                                                  • Opcode ID: ad3a06017d63110f505e6ee1591874ec5e375aadb040ddd80f083a0c788ff2d1
                                                                                                                                                                                                                                                                                                                  • Instruction ID: 4d3fc1c80ea15bf86cc2801d6424e98614acddb7a54358772128df9d71e60e61
                                                                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: ad3a06017d63110f505e6ee1591874ec5e375aadb040ddd80f083a0c788ff2d1
                                                                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: C6C14871E042599BCF18CF68C8905EEBBB2BF88314F25866AD85677380D7347941CF95
                                                                                                                                                                                                                                                                                                                  Function 00404F06 Relevance: 65.2, APIs: 33, Strings: 4, Instructions: 489windowmemoryCOMMON
                                                                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                                                                  • GetDlgItem.USER32(?,000003F9), ref: 00404F1E
                                                                                                                                                                                                                                                                                                                  • GetDlgItem.USER32(?,00000408), ref: 00404F29
                                                                                                                                                                                                                                                                                                                  • GlobalAlloc.KERNEL32(00000040,?), ref: 00404F73
                                                                                                                                                                                                                                                                                                                  • LoadImageW.USER32(0000006E,00000000,00000000,00000000,00000000), ref: 00404F8A
                                                                                                                                                                                                                                                                                                                  • SetWindowLongW.USER32(?,000000FC,00405513), ref: 00404FA3
                                                                                                                                                                                                                                                                                                                  • ImageList_Create.COMCTL32(00000010,00000010,00000021,00000006,00000000), ref: 00404FB7
                                                                                                                                                                                                                                                                                                                  • ImageList_AddMasked.COMCTL32(00000000,00000000,00FF00FF), ref: 00404FC9
                                                                                                                                                                                                                                                                                                                  • SendMessageW.USER32(?,00001109,00000002), ref: 00404FDF
                                                                                                                                                                                                                                                                                                                  • SendMessageW.USER32(?,0000111C,00000000,00000000), ref: 00404FEB
                                                                                                                                                                                                                                                                                                                  • SendMessageW.USER32(?,0000111B,00000010,00000000), ref: 00404FFD
                                                                                                                                                                                                                                                                                                                  • DeleteObject.GDI32(00000000), ref: 00405000
                                                                                                                                                                                                                                                                                                                  • SendMessageW.USER32(?,00000143,00000000,00000000), ref: 0040502B
                                                                                                                                                                                                                                                                                                                  • SendMessageW.USER32(?,00000151,00000000,00000000), ref: 00405037
                                                                                                                                                                                                                                                                                                                  • SendMessageW.USER32(?,00001132,00000000,?), ref: 004050D2
                                                                                                                                                                                                                                                                                                                  • SendMessageW.USER32(?,0000110A,00000003,00000110), ref: 00405102
                                                                                                                                                                                                                                                                                                                    • Part of subcall function 004044CE: SendMessageW.USER32(00000028,?,00000001,004042F9), ref: 004044DC
                                                                                                                                                                                                                                                                                                                  • SendMessageW.USER32(?,00001132,00000000,?), ref: 00405116
                                                                                                                                                                                                                                                                                                                  • GetWindowLongW.USER32(?,000000F0), ref: 00405144
                                                                                                                                                                                                                                                                                                                  • SetWindowLongW.USER32(?,000000F0,00000000), ref: 00405152
                                                                                                                                                                                                                                                                                                                  • ShowWindow.USER32(?,00000005), ref: 00405162
                                                                                                                                                                                                                                                                                                                  • SendMessageW.USER32(?,00000419,00000000,?), ref: 0040525D
                                                                                                                                                                                                                                                                                                                  • SendMessageW.USER32(?,00000147,00000000,00000000), ref: 004052C2
                                                                                                                                                                                                                                                                                                                  • SendMessageW.USER32(?,00000150,00000000,00000000), ref: 004052D7
                                                                                                                                                                                                                                                                                                                  • SendMessageW.USER32(?,00000420,00000000,00000020), ref: 004052FB
                                                                                                                                                                                                                                                                                                                  • SendMessageW.USER32(?,00000200,00000000,00000000), ref: 0040531B
                                                                                                                                                                                                                                                                                                                  • ImageList_Destroy.COMCTL32(?), ref: 00405330
                                                                                                                                                                                                                                                                                                                  • GlobalFree.KERNEL32(?), ref: 00405340
                                                                                                                                                                                                                                                                                                                  • SendMessageW.USER32(?,0000014E,00000000,00000000), ref: 004053B9
                                                                                                                                                                                                                                                                                                                  • SendMessageW.USER32(?,00001102,?,?), ref: 00405462
                                                                                                                                                                                                                                                                                                                  • SendMessageW.USER32(?,0000113F,00000000,00000008), ref: 00405471
                                                                                                                                                                                                                                                                                                                  • InvalidateRect.USER32(?,00000000,00000001), ref: 0040549C
                                                                                                                                                                                                                                                                                                                  • ShowWindow.USER32(?,00000000), ref: 004054EA
                                                                                                                                                                                                                                                                                                                  • GetDlgItem.USER32(?,000003FE), ref: 004054F5
                                                                                                                                                                                                                                                                                                                  • ShowWindow.USER32(00000000), ref: 004054FC
                                                                                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                                                                  • Source File: 00000000.00000002.2581070006.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2581037993.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2581132216.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2581156480.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2581156480.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2581156480.000000000042F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2581156480.0000000000431000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2581156480.0000000000436000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2581156480.000000000043E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2581156480.0000000000442000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2581338870.000000000046C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2581338870.000000000046E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_400000_Setup.jbxd
                                                                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                                                                  • API ID: MessageSend$Window$Image$ItemList_LongShow$Global$AllocCreateDeleteDestroyFreeInvalidateLoadMaskedObjectRect
                                                                                                                                                                                                                                                                                                                  • String ID: $@xP$M$N
                                                                                                                                                                                                                                                                                                                  • API String ID: 2564846305-3040044148
                                                                                                                                                                                                                                                                                                                  • Opcode ID: dd942b7cbeaa18c8cf4828e28d43e61687b6a80dcb186ef465745c56d9013c5d
                                                                                                                                                                                                                                                                                                                  • Instruction ID: 669472b6e39b4296dbb294a81ed98d86f32f22d8abeb4cff7518c6a892085abf
                                                                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: dd942b7cbeaa18c8cf4828e28d43e61687b6a80dcb186ef465745c56d9013c5d
                                                                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: EF028A70900608EFDB20DFA9DD45AAF7BB5FB84314F10817AE610BA2E0D7799942DF58
                                                                                                                                                                                                                                                                                                                  Function 00404658 Relevance: 40.5, APIs: 19, Strings: 4, Instructions: 204windowstringCOMMON
                                                                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                                                                  • CheckDlgButton.USER32(?,-0000040A,00000001), ref: 004046F6
                                                                                                                                                                                                                                                                                                                  • GetDlgItem.USER32(?,000003E8), ref: 0040470A
                                                                                                                                                                                                                                                                                                                  • SendMessageW.USER32(00000000,0000045B,00000001,00000000), ref: 00404727
                                                                                                                                                                                                                                                                                                                  • GetSysColor.USER32(?), ref: 00404738
                                                                                                                                                                                                                                                                                                                  • SendMessageW.USER32(00000000,00000443,00000000,?), ref: 00404746
                                                                                                                                                                                                                                                                                                                  • SendMessageW.USER32(00000000,00000445,00000000,04010000), ref: 00404754
                                                                                                                                                                                                                                                                                                                  • lstrlenW.KERNEL32(?), ref: 00404759
                                                                                                                                                                                                                                                                                                                  • SendMessageW.USER32(00000000,00000435,00000000,00000000), ref: 00404766
                                                                                                                                                                                                                                                                                                                  • SendMessageW.USER32(00000000,00000449,00000110,00000110), ref: 0040477B
                                                                                                                                                                                                                                                                                                                  • GetDlgItem.USER32(?,0000040A), ref: 004047D4
                                                                                                                                                                                                                                                                                                                  • SendMessageW.USER32(00000000), ref: 004047DB
                                                                                                                                                                                                                                                                                                                  • GetDlgItem.USER32(?,000003E8), ref: 00404806
                                                                                                                                                                                                                                                                                                                  • SendMessageW.USER32(00000000,0000044B,00000000,00000201), ref: 00404849
                                                                                                                                                                                                                                                                                                                  • LoadCursorW.USER32(00000000,00007F02), ref: 00404857
                                                                                                                                                                                                                                                                                                                  • SetCursor.USER32(00000000), ref: 0040485A
                                                                                                                                                                                                                                                                                                                  • LoadCursorW.USER32(00000000,00007F00), ref: 00404873
                                                                                                                                                                                                                                                                                                                  • SetCursor.USER32(00000000), ref: 00404876
                                                                                                                                                                                                                                                                                                                  • SendMessageW.USER32(00000111,00000001,00000000), ref: 004048A5
                                                                                                                                                                                                                                                                                                                  • SendMessageW.USER32(00000010,00000000,00000000), ref: 004048B7
                                                                                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                                                                  • Source File: 00000000.00000002.2581070006.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2581037993.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2581132216.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2581156480.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2581156480.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2581156480.000000000042F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2581156480.0000000000431000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2581156480.0000000000436000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2581156480.000000000043E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2581156480.0000000000442000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2581338870.000000000046C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2581338870.000000000046E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_400000_Setup.jbxd
                                                                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                                                                  • API ID: MessageSend$Cursor$Item$Load$ButtonCheckColorlstrlen
                                                                                                                                                                                                                                                                                                                  • String ID: $NN$@xP$N$Remove folder:
                                                                                                                                                                                                                                                                                                                  • API String ID: 3103080414-140739344
                                                                                                                                                                                                                                                                                                                  • Opcode ID: ce357ac6e0fd4f2b4f67e04795876aef6a46bd5fea1783cb4cf669a44dc9f0f8
                                                                                                                                                                                                                                                                                                                  • Instruction ID: e0aa441e67ff77812dea5cfa76c138b5706349c0d06c8e95e02877fce1cb63d1
                                                                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: ce357ac6e0fd4f2b4f67e04795876aef6a46bd5fea1783cb4cf669a44dc9f0f8
                                                                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 1A61A3B5900209BFDB10AF60DD85E6A7BA9FB44314F00843AFB05B62D0D778A951DF98
                                                                                                                                                                                                                                                                                                                  Function 00401000 Relevance: 26.4, APIs: 14, Strings: 1, Instructions: 125COMMON
                                                                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                                                                  • DefWindowProcW.USER32(?,00000046,?,?), ref: 0040102C
                                                                                                                                                                                                                                                                                                                  • BeginPaint.USER32(?,?), ref: 00401047
                                                                                                                                                                                                                                                                                                                  • GetClientRect.USER32(?,?), ref: 0040105B
                                                                                                                                                                                                                                                                                                                  • CreateBrushIndirect.GDI32(00000000), ref: 004010CF
                                                                                                                                                                                                                                                                                                                  • FillRect.USER32(00000000,?,00000000), ref: 004010E4
                                                                                                                                                                                                                                                                                                                  • DeleteObject.GDI32(?), ref: 004010ED
                                                                                                                                                                                                                                                                                                                  • CreateFontIndirectW.GDI32(?), ref: 00401105
                                                                                                                                                                                                                                                                                                                  • SetBkMode.GDI32(00000000,00000001), ref: 00401126
                                                                                                                                                                                                                                                                                                                  • SetTextColor.GDI32(00000000,000000FF), ref: 00401130
                                                                                                                                                                                                                                                                                                                  • SelectObject.GDI32(00000000,?), ref: 00401140
                                                                                                                                                                                                                                                                                                                  • DrawTextW.USER32(00000000,00433F00,000000FF,00000010,00000820), ref: 00401156
                                                                                                                                                                                                                                                                                                                  • SelectObject.GDI32(00000000,00000000), ref: 00401160
                                                                                                                                                                                                                                                                                                                  • DeleteObject.GDI32(?), ref: 00401165
                                                                                                                                                                                                                                                                                                                  • EndPaint.USER32(?,?), ref: 0040116E
                                                                                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                                                                  • Source File: 00000000.00000002.2581070006.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2581037993.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2581132216.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2581156480.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2581156480.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2581156480.000000000042F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2581156480.0000000000431000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2581156480.0000000000436000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2581156480.000000000043E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2581156480.0000000000442000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2581338870.000000000046C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2581338870.000000000046E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_400000_Setup.jbxd
                                                                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                                                                  • API ID: Object$CreateDeleteIndirectPaintRectSelectText$BeginBrushClientColorDrawFillFontModeProcWindow
                                                                                                                                                                                                                                                                                                                  • String ID: F
                                                                                                                                                                                                                                                                                                                  • API String ID: 941294808-1304234792
                                                                                                                                                                                                                                                                                                                  • Opcode ID: 15a6b7738402934ac822911e252168026e8f0364f08849f6e110b85e8bc9718e
                                                                                                                                                                                                                                                                                                                  • Instruction ID: e457e53e67a16f607b198c8be77aa7e47a8fd9e6aa67a1a07366d16d1d2d9a76
                                                                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 15a6b7738402934ac822911e252168026e8f0364f08849f6e110b85e8bc9718e
                                                                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 0E418B71800209AFCF058FA5DE459AF7FB9FF44315F04802AF991AA1A0C738AA55DFA4
                                                                                                                                                                                                                                                                                                                  Function 00406183 Relevance: 21.1, APIs: 10, Strings: 2, Instructions: 130memorystringCOMMON
                                                                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                                                                  • CloseHandle.KERNEL32(00000000,?,00000000,00000001,?,00000000,?,?,0040631E,?,?), ref: 004061BE
                                                                                                                                                                                                                                                                                                                  • GetShortPathNameW.KERNEL32(?,00430908,00000400), ref: 004061C7
                                                                                                                                                                                                                                                                                                                    • Part of subcall function 00405F92: lstrlenA.KERNEL32(00000000,00000000,00000000,00000000,?,00000000,00406277,00000000,[Rename],00000000,00000000,00000000,?,?,?,?), ref: 00405FA2
                                                                                                                                                                                                                                                                                                                    • Part of subcall function 00405F92: lstrlenA.KERNEL32(00000000,?,00000000,00406277,00000000,[Rename],00000000,00000000,00000000,?,?,?,?), ref: 00405FD4
                                                                                                                                                                                                                                                                                                                  • GetShortPathNameW.KERNEL32(?,00431108,00000400), ref: 004061E4
                                                                                                                                                                                                                                                                                                                  • wsprintfA.USER32 ref: 00406202
                                                                                                                                                                                                                                                                                                                  • GetFileSize.KERNEL32(00000000,00000000,00431108,C0000000,00000004,00431108,?,?,?,?,?), ref: 0040623D
                                                                                                                                                                                                                                                                                                                  • GlobalAlloc.KERNEL32(00000040,0000000A,?,?,?,?), ref: 0040624C
                                                                                                                                                                                                                                                                                                                  • lstrcpyA.KERNEL32(00000000,[Rename],00000000,[Rename],00000000,00000000,00000000,?,?,?,?), ref: 00406284
                                                                                                                                                                                                                                                                                                                  • SetFilePointer.KERNEL32(0040A580,00000000,00000000,00000000,00000000,00430508,00000000,-0000000A,0040A580,00000000,[Rename],00000000,00000000,00000000), ref: 004062DA
                                                                                                                                                                                                                                                                                                                  • GlobalFree.KERNEL32(00000000), ref: 004062EB
                                                                                                                                                                                                                                                                                                                  • CloseHandle.KERNEL32(00000000,?,?,?,?), ref: 004062F2
                                                                                                                                                                                                                                                                                                                    • Part of subcall function 0040602D: GetFileAttributesW.KERNEL32(00000003,004030BD,C:\Users\user\Desktop\Setup.exe,80000000,00000003,?,?,?,?,?,0040387D,?), ref: 00406031
                                                                                                                                                                                                                                                                                                                    • Part of subcall function 0040602D: CreateFileW.KERNEL32(?,?,00000001,00000000,?,00000001,00000000,?,?,?,?,?,0040387D,?), ref: 00406053
                                                                                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                                                                  • Source File: 00000000.00000002.2581070006.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2581037993.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2581132216.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2581156480.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2581156480.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2581156480.000000000042F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2581156480.0000000000431000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2581156480.0000000000436000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2581156480.000000000043E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2581156480.0000000000442000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2581338870.000000000046C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2581338870.000000000046E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_400000_Setup.jbxd
                                                                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                                                                  • API ID: File$CloseGlobalHandleNamePathShortlstrlen$AllocAttributesCreateFreePointerSizelstrcpywsprintf
                                                                                                                                                                                                                                                                                                                  • String ID: %ls=%ls$[Rename]
                                                                                                                                                                                                                                                                                                                  • API String ID: 2171350718-461813615
                                                                                                                                                                                                                                                                                                                  • Opcode ID: 6dbc896bee28fc2cd17c6beb7c7e3b01e9a95bb407788db3ff507c40593cf796
                                                                                                                                                                                                                                                                                                                  • Instruction ID: 71978d88b6039f89b25a0dfa2ffa892efa56fbf884cfe692307f7793e751c739
                                                                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 6dbc896bee28fc2cd17c6beb7c7e3b01e9a95bb407788db3ff507c40593cf796
                                                                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 6A314670200716BBD2207B659D48F6B3A6CEF45754F15017EFA42F62C2EA3CA821867D
                                                                                                                                                                                                                                                                                                                  Function 00404500 Relevance: 12.1, APIs: 8, Instructions: 68COMMON
                                                                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                                                                  • GetWindowLongW.USER32(?,000000EB), ref: 0040451D
                                                                                                                                                                                                                                                                                                                  • GetSysColor.USER32(00000000), ref: 0040455B
                                                                                                                                                                                                                                                                                                                  • SetTextColor.GDI32(?,00000000), ref: 00404567
                                                                                                                                                                                                                                                                                                                  • SetBkMode.GDI32(?,?), ref: 00404573
                                                                                                                                                                                                                                                                                                                  • GetSysColor.USER32(?), ref: 00404586
                                                                                                                                                                                                                                                                                                                  • SetBkColor.GDI32(?,?), ref: 00404596
                                                                                                                                                                                                                                                                                                                  • DeleteObject.GDI32(?), ref: 004045B0
                                                                                                                                                                                                                                                                                                                  • CreateBrushIndirect.GDI32(?), ref: 004045BA
                                                                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                                                                  • Source File: 00000000.00000002.2581070006.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2581037993.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2581132216.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2581156480.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2581156480.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2581156480.000000000042F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2581156480.0000000000431000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2581156480.0000000000436000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2581156480.000000000043E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2581156480.0000000000442000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2581338870.000000000046C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2581338870.000000000046E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_400000_Setup.jbxd
                                                                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                                                                  • API ID: Color$BrushCreateDeleteIndirectLongModeObjectTextWindow
                                                                                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                                                                                  • API String ID: 2320649405-0
                                                                                                                                                                                                                                                                                                                  • Opcode ID: f4fe220c79686689299554ac50abea47664d32920eac269e7a43003585d3568b
                                                                                                                                                                                                                                                                                                                  • Instruction ID: 19446832cb8519ea1938040ed984131457e28e93d0b00b9b4dc42373f0e33a15
                                                                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: f4fe220c79686689299554ac50abea47664d32920eac269e7a43003585d3568b
                                                                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 382177B1500705AFCB31DF68DD08B5BBBF8AF41714B058A2EEA96B22E1C734E944CB54
                                                                                                                                                                                                                                                                                                                  Function 004067C4 Relevance: 10.6, APIs: 4, Strings: 2, Instructions: 69COMMON
                                                                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                                                                  • CharNextW.USER32(?,*?|<>/":,00000000,00000000,74DF3420,C:\Users\user\AppData\Local\Temp\,?,00403508,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,00403810), ref: 00406827
                                                                                                                                                                                                                                                                                                                  • CharNextW.USER32(?,?,?,00000000,?,00403508,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,00403810), ref: 00406836
                                                                                                                                                                                                                                                                                                                  • CharNextW.USER32(?,00000000,74DF3420,C:\Users\user\AppData\Local\Temp\,?,00403508,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,00403810), ref: 0040683B
                                                                                                                                                                                                                                                                                                                  • CharPrevW.USER32(?,?,74DF3420,C:\Users\user\AppData\Local\Temp\,?,00403508,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,00403810), ref: 0040684E
                                                                                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                                                                  • Source File: 00000000.00000002.2581070006.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2581037993.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2581132216.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2581156480.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2581156480.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2581156480.000000000042F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2581156480.0000000000431000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2581156480.0000000000436000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2581156480.000000000043E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2581156480.0000000000442000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2581338870.000000000046C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2581338870.000000000046E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_400000_Setup.jbxd
                                                                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                                                                  • API ID: Char$Next$Prev
                                                                                                                                                                                                                                                                                                                  • String ID: *?|<>/":$C:\Users\user\AppData\Local\Temp\
                                                                                                                                                                                                                                                                                                                  • API String ID: 589700163-4010320282
                                                                                                                                                                                                                                                                                                                  • Opcode ID: 7f8a10c6574f84f045d99a2f2ba91d71661da1c9dbe2055a6f375f6d39957bd5
                                                                                                                                                                                                                                                                                                                  • Instruction ID: 8e05d213a2b26a47bd0c986db1e6a85e10b5e067f284fb5e9645f7af11a9ce3c
                                                                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 7f8a10c6574f84f045d99a2f2ba91d71661da1c9dbe2055a6f375f6d39957bd5
                                                                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 7311862780161295DB313B158C44A77A2A8AF58798F56843FED86B32C1E77C8C9282AD
                                                                                                                                                                                                                                                                                                                  Function 00404E54 Relevance: 10.5, APIs: 5, Strings: 1, Instructions: 48windowCOMMON
                                                                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                                                                  • SendMessageW.USER32(?,0000110A,00000009,00000000), ref: 00404E6F
                                                                                                                                                                                                                                                                                                                  • GetMessagePos.USER32 ref: 00404E77
                                                                                                                                                                                                                                                                                                                  • ScreenToClient.USER32(?,?), ref: 00404E91
                                                                                                                                                                                                                                                                                                                  • SendMessageW.USER32(?,00001111,00000000,?), ref: 00404EA3
                                                                                                                                                                                                                                                                                                                  • SendMessageW.USER32(?,0000113E,00000000,?), ref: 00404EC9
                                                                                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                                                                  • Source File: 00000000.00000002.2581070006.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2581037993.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2581132216.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2581156480.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2581156480.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2581156480.000000000042F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2581156480.0000000000431000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2581156480.0000000000436000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2581156480.000000000043E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2581156480.0000000000442000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2581338870.000000000046C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2581338870.000000000046E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_400000_Setup.jbxd
                                                                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                                                                  • API ID: Message$Send$ClientScreen
                                                                                                                                                                                                                                                                                                                  • String ID: f
                                                                                                                                                                                                                                                                                                                  • API String ID: 41195575-1993550816
                                                                                                                                                                                                                                                                                                                  • Opcode ID: b2affdf3b53bee8738e3b61904ea6c87bda347b462d3853a737802ef9deed65a
                                                                                                                                                                                                                                                                                                                  • Instruction ID: 177f1d0b32132a6560496663958852c5fe6f1b23f9da62007dee57caca3d7f28
                                                                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: b2affdf3b53bee8738e3b61904ea6c87bda347b462d3853a737802ef9deed65a
                                                                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 34014C71900219BADB00DBA4DD85BFFBBB8AB54711F10012BBA50B61C0D7B49A058BA5
                                                                                                                                                                                                                                                                                                                  Function 00401E4E Relevance: 10.5, APIs: 5, Strings: 1, Instructions: 43COMMON
                                                                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                                                                  • GetDC.USER32(?), ref: 00401E51
                                                                                                                                                                                                                                                                                                                  • GetDeviceCaps.GDI32(00000000,0000005A), ref: 00401E6B
                                                                                                                                                                                                                                                                                                                  • MulDiv.KERNEL32(00000000,00000000), ref: 00401E73
                                                                                                                                                                                                                                                                                                                  • ReleaseDC.USER32(?,00000000), ref: 00401E84
                                                                                                                                                                                                                                                                                                                    • Part of subcall function 0040657A: lstrcatW.KERNEL32(Remove folder: ,\Microsoft\Internet Explorer\Quick Launch), ref: 0040671F
                                                                                                                                                                                                                                                                                                                    • Part of subcall function 0040657A: lstrlenW.KERNEL32(Remove folder: ,00000000,Remove folder: C:\Users\user\AppData\Local\Temp\nst5AB2.tmp\,?,004055D6,Remove folder: C:\Users\user\AppData\Local\Temp\nst5AB2.tmp\,00000000), ref: 00406779
                                                                                                                                                                                                                                                                                                                  • CreateFontIndirectW.GDI32(0040CDF0), ref: 00401ED3
                                                                                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                                                                  • Source File: 00000000.00000002.2581070006.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2581037993.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2581132216.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2581156480.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2581156480.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2581156480.000000000042F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2581156480.0000000000431000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2581156480.0000000000436000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2581156480.000000000043E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2581156480.0000000000442000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2581338870.000000000046C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2581338870.000000000046E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_400000_Setup.jbxd
                                                                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                                                                  • API ID: CapsCreateDeviceFontIndirectReleaselstrcatlstrlen
                                                                                                                                                                                                                                                                                                                  • String ID: MS Shell Dlg
                                                                                                                                                                                                                                                                                                                  • API String ID: 2584051700-76309092
                                                                                                                                                                                                                                                                                                                  • Opcode ID: 7613f5a947f4bbf8195753a17fba9eaca46e1d6fc564812dac8d5fa739d0f051
                                                                                                                                                                                                                                                                                                                  • Instruction ID: 78b13ae86a0973dc2b43aa2eb6c1af0beb3c1ef463c522f55250376beecb9f8a
                                                                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 7613f5a947f4bbf8195753a17fba9eaca46e1d6fc564812dac8d5fa739d0f051
                                                                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 7001B571904241EFEB005BB0EE49B9A3FB4BB15301F108A39F541B71D2C7B904458BED
                                                                                                                                                                                                                                                                                                                  Function 00402F93 Relevance: 10.5, APIs: 5, Strings: 1, Instructions: 40timeCOMMON
                                                                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                                                                  • SetTimer.USER32(?,00000001,000000FA,00000000), ref: 00402FB1
                                                                                                                                                                                                                                                                                                                  • MulDiv.KERNEL32(0001AD05,00000064,0001D678), ref: 00402FDC
                                                                                                                                                                                                                                                                                                                  • wsprintfW.USER32 ref: 00402FEC
                                                                                                                                                                                                                                                                                                                  • SetWindowTextW.USER32(?,?), ref: 00402FFC
                                                                                                                                                                                                                                                                                                                  • SetDlgItemTextW.USER32(?,00000406,?), ref: 0040300E
                                                                                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                                                                                  • verifying installer: %d%%, xrefs: 00402FE6
                                                                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                                                                  • Source File: 00000000.00000002.2581070006.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2581037993.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2581132216.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2581156480.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2581156480.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2581156480.000000000042F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2581156480.0000000000431000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2581156480.0000000000436000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2581156480.000000000043E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2581156480.0000000000442000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2581338870.000000000046C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2581338870.000000000046E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_400000_Setup.jbxd
                                                                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                                                                  • API ID: Text$ItemTimerWindowwsprintf
                                                                                                                                                                                                                                                                                                                  • String ID: verifying installer: %d%%
                                                                                                                                                                                                                                                                                                                  • API String ID: 1451636040-82062127
                                                                                                                                                                                                                                                                                                                  • Opcode ID: 34baaeb4f482044ab67dd7918236f7f229881b82dd6befd7adca30260b95ec65
                                                                                                                                                                                                                                                                                                                  • Instruction ID: eb17ebabde20c32bd565f0ca98bf5c3c7f8a04474e671541d9d17dad0456e96b
                                                                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 34baaeb4f482044ab67dd7918236f7f229881b82dd6befd7adca30260b95ec65
                                                                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 20014B7064020DABEF209F60DE4AFEA3B79FB04345F008039FA06B51D0DBB999559F69
                                                                                                                                                                                                                                                                                                                  Function 00402950 Relevance: 9.1, APIs: 6, Instructions: 91memoryfileCOMMON
                                                                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                                                                  • GlobalAlloc.KERNEL32(00000040,?,00000000,40000000,00000002,00000000,00000000,000000F0), ref: 004029B1
                                                                                                                                                                                                                                                                                                                  • GlobalAlloc.KERNEL32(00000040,?,00000000,?), ref: 004029CD
                                                                                                                                                                                                                                                                                                                  • GlobalFree.KERNEL32(?), ref: 00402A06
                                                                                                                                                                                                                                                                                                                  • GlobalFree.KERNEL32(00000000), ref: 00402A19
                                                                                                                                                                                                                                                                                                                  • CloseHandle.KERNEL32(?,?,?,?,?,00000000,40000000,00000002,00000000,00000000,000000F0), ref: 00402A35
                                                                                                                                                                                                                                                                                                                  • DeleteFileW.KERNEL32(?,00000000,40000000,00000002,00000000,00000000,000000F0), ref: 00402A48
                                                                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                                                                  • Source File: 00000000.00000002.2581070006.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2581037993.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2581132216.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2581156480.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2581156480.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2581156480.000000000042F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2581156480.0000000000431000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2581156480.0000000000436000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2581156480.000000000043E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2581156480.0000000000442000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2581338870.000000000046C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2581338870.000000000046E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_400000_Setup.jbxd
                                                                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                                                                  • API ID: Global$AllocFree$CloseDeleteFileHandle
                                                                                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                                                                                  • API String ID: 2667972263-0
                                                                                                                                                                                                                                                                                                                  • Opcode ID: 18333e3c7c5edca9258600c879c391e4e8cb8a080c4e0dd56f257e0fabcb70bb
                                                                                                                                                                                                                                                                                                                  • Instruction ID: 8fc1a79e9ee36ebd610a2d663d7387b5f1fea8f48d7bc9e01940cd119f3fb53c
                                                                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 18333e3c7c5edca9258600c879c391e4e8cb8a080c4e0dd56f257e0fabcb70bb
                                                                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 5831C271D00124BBCF216FA9CE49DDEBE79AF49364F14023AF450762E0CB794C429BA8
                                                                                                                                                                                                                                                                                                                  Function 00402EA9 Relevance: 7.6, APIs: 5, Instructions: 84registryCOMMON
                                                                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                                                                  • RegEnumValueW.ADVAPI32(?,00000000,?,?,00000000,00000000,00000000,00000000,?,?,00100020,?,?,?), ref: 00402EFD
                                                                                                                                                                                                                                                                                                                  • RegEnumKeyW.ADVAPI32(?,00000000,?,00000105), ref: 00402F49
                                                                                                                                                                                                                                                                                                                  • RegCloseKey.ADVAPI32(?,?,?), ref: 00402F52
                                                                                                                                                                                                                                                                                                                  • RegDeleteKeyW.ADVAPI32(?,?), ref: 00402F69
                                                                                                                                                                                                                                                                                                                  • RegCloseKey.ADVAPI32(?,?,?), ref: 00402F74
                                                                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                                                                  • Source File: 00000000.00000002.2581070006.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2581037993.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2581132216.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2581156480.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2581156480.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2581156480.000000000042F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2581156480.0000000000431000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2581156480.0000000000436000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2581156480.000000000043E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2581156480.0000000000442000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2581338870.000000000046C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2581338870.000000000046E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_400000_Setup.jbxd
                                                                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                                                                  • API ID: CloseEnum$DeleteValue
                                                                                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                                                                                  • API String ID: 1354259210-0
                                                                                                                                                                                                                                                                                                                  • Opcode ID: 8cb330a57336db5e00a931244e28e0c1e8cbbd051d222c2bd1499622aecedac4
                                                                                                                                                                                                                                                                                                                  • Instruction ID: ca6229ec891c5908b4c2d3bab14ae3db7b9396451d72a40731f1c02386a45f13
                                                                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 8cb330a57336db5e00a931244e28e0c1e8cbbd051d222c2bd1499622aecedac4
                                                                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: DA215A7150010ABBEF119F90CE89EEF7B7DEB50384F100076F909B21A0D7B49E54AA68
                                                                                                                                                                                                                                                                                                                  Function 00404D46 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 84stringCOMMON
                                                                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                                                                  • lstrlenW.KERNEL32(0042D268,0042D268,?,%u.%u%s%s,00000005,00000000,00000000,?,000000DC,00000000,?,000000DF,00000000,00000400,?), ref: 00404DE7
                                                                                                                                                                                                                                                                                                                  • wsprintfW.USER32 ref: 00404DF0
                                                                                                                                                                                                                                                                                                                  • SetDlgItemTextW.USER32(?,0042D268), ref: 00404E03
                                                                                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                                                                  • Source File: 00000000.00000002.2581070006.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2581037993.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2581132216.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2581156480.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2581156480.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2581156480.000000000042F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2581156480.0000000000431000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2581156480.0000000000436000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2581156480.000000000043E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2581156480.0000000000442000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2581338870.000000000046C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2581338870.000000000046E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_400000_Setup.jbxd
                                                                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                                                                  • API ID: ItemTextlstrlenwsprintf
                                                                                                                                                                                                                                                                                                                  • String ID: %u.%u%s%s
                                                                                                                                                                                                                                                                                                                  • API String ID: 3540041739-3551169577
                                                                                                                                                                                                                                                                                                                  • Opcode ID: f5c410226751388561f0977026f7bc113d9509f0ffdd9d2834ff72966f8c02b6
                                                                                                                                                                                                                                                                                                                  • Instruction ID: d7f2b51e3f2153b105aad6c1cbcae815e44f670c765de83d30fbb221df5484fa
                                                                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: f5c410226751388561f0977026f7bc113d9509f0ffdd9d2834ff72966f8c02b6
                                                                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: AC11D573A041283BDB10656DAC45E9E369CAF81334F254237FA66F21D1EA78D91182E8
                                                                                                                                                                                                                                                                                                                  Function 00405EB7 Relevance: 7.0, APIs: 3, Strings: 1, Instructions: 42COMMON
                                                                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                                                                  • CharNextW.USER32(?,?,C:\,?,00405F2B,C:\,C:\,74DF3420,?,C:\Users\user\AppData\Local\Temp\,00405C69,?,74DF3420,C:\Users\user\AppData\Local\Temp\,00000000), ref: 00405EC5
                                                                                                                                                                                                                                                                                                                  • CharNextW.USER32(00000000), ref: 00405ECA
                                                                                                                                                                                                                                                                                                                  • CharNextW.USER32(00000000), ref: 00405EE2
                                                                                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                                                                  • Source File: 00000000.00000002.2581070006.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2581037993.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2581132216.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2581156480.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2581156480.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2581156480.000000000042F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2581156480.0000000000431000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2581156480.0000000000436000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2581156480.000000000043E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2581156480.0000000000442000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2581338870.000000000046C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2581338870.000000000046E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_400000_Setup.jbxd
                                                                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                                                                  • API ID: CharNext
                                                                                                                                                                                                                                                                                                                  • String ID: C:\
                                                                                                                                                                                                                                                                                                                  • API String ID: 3213498283-3404278061
                                                                                                                                                                                                                                                                                                                  • Opcode ID: 389604e099afbb0f1c733809242fd9884b65eb47018f1a61235cb76474637dc7
                                                                                                                                                                                                                                                                                                                  • Instruction ID: b7f7aa27055ddc775a1b47344aef2f77b81fec2ea34db2f3ccdabfa21b6bce3d
                                                                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 389604e099afbb0f1c733809242fd9884b65eb47018f1a61235cb76474637dc7
                                                                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 7BF0F631810E1296DB317B548C44E7B97BCEB64354B04843BD741B71C0D3BC8D808BDA
                                                                                                                                                                                                                                                                                                                  Function 00405E0C Relevance: 7.0, APIs: 3, Strings: 1, Instructions: 16stringCOMMON
                                                                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                                                                  • lstrlenW.KERNEL32(?,C:\Users\user\AppData\Local\Temp\,0040351A,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,00403810), ref: 00405E12
                                                                                                                                                                                                                                                                                                                  • CharPrevW.USER32(?,00000000,?,C:\Users\user\AppData\Local\Temp\,0040351A,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,00403810), ref: 00405E1C
                                                                                                                                                                                                                                                                                                                  • lstrcatW.KERNEL32(?,0040A014), ref: 00405E2E
                                                                                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                                                                                  • C:\Users\user\AppData\Local\Temp\, xrefs: 00405E0C
                                                                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                                                                  • Source File: 00000000.00000002.2581070006.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2581037993.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2581132216.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2581156480.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2581156480.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2581156480.000000000042F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2581156480.0000000000431000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2581156480.0000000000436000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2581156480.000000000043E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2581156480.0000000000442000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2581338870.000000000046C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2581338870.000000000046E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_400000_Setup.jbxd
                                                                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                                                                  • API ID: CharPrevlstrcatlstrlen
                                                                                                                                                                                                                                                                                                                  • String ID: C:\Users\user\AppData\Local\Temp\
                                                                                                                                                                                                                                                                                                                  • API String ID: 2659869361-3081826266
                                                                                                                                                                                                                                                                                                                  • Opcode ID: 7317fb0b60a0da6156192e69c80d181f5022b3d5f83b8f009beaa75eacd33bdb
                                                                                                                                                                                                                                                                                                                  • Instruction ID: 1a595bf39a0a3392b99637bd72bd9cca8666c17676e511d5d4bf90e80f698eee
                                                                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 7317fb0b60a0da6156192e69c80d181f5022b3d5f83b8f009beaa75eacd33bdb
                                                                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: A8D0A731101930BAC2127B49EC08DDF62ACAE89340341443BF145B30A4CB7C5E5187FD
                                                                                                                                                                                                                                                                                                                  Function 0040263E Relevance: 6.1, APIs: 2, Strings: 2, Instructions: 65stringCOMMON
                                                                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                                                                  • lstrlenA.KERNEL32(C:\Users\user\AppData\Local\Temp\nst5AB2.tmp\inetc.dll), ref: 00402695
                                                                                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                                                                  • Source File: 00000000.00000002.2581070006.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2581037993.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2581132216.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2581156480.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2581156480.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2581156480.000000000042F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2581156480.0000000000431000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2581156480.0000000000436000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2581156480.000000000043E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2581156480.0000000000442000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2581338870.000000000046C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2581338870.000000000046E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_400000_Setup.jbxd
                                                                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                                                                  • API ID: lstrlen
                                                                                                                                                                                                                                                                                                                  • String ID: C:\Users\user\AppData\Local\Temp\nst5AB2.tmp$C:\Users\user\AppData\Local\Temp\nst5AB2.tmp\inetc.dll
                                                                                                                                                                                                                                                                                                                  • API String ID: 1659193697-3117575337
                                                                                                                                                                                                                                                                                                                  • Opcode ID: fbd5ee5e4de60feb08ffa62b35b3018c7a91bb86716aa8782bbd76b946f17d50
                                                                                                                                                                                                                                                                                                                  • Instruction ID: edf8e5a6553ae7ef136857fb61bcac29e22bbc78049b19fa22ca3c34260198f3
                                                                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: fbd5ee5e4de60feb08ffa62b35b3018c7a91bb86716aa8782bbd76b946f17d50
                                                                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 2611EB71A00215BBCB10BFB18E4AAAE7665AF40744F25443FE002B71C2EAFC8891565E
                                                                                                                                                                                                                                                                                                                  Function 00403019 Relevance: 6.0, APIs: 4, Instructions: 33COMMON
                                                                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                                                                  • DestroyWindow.USER32(00000000,00000000,004031F7,00000001,?,?,?,?,?,0040387D,?), ref: 0040302C
                                                                                                                                                                                                                                                                                                                  • GetTickCount.KERNEL32 ref: 0040304A
                                                                                                                                                                                                                                                                                                                  • CreateDialogParamW.USER32(0000006F,00000000,00402F93,00000000), ref: 00403067
                                                                                                                                                                                                                                                                                                                  • ShowWindow.USER32(00000000,00000005,?,?,?,?,?,0040387D,?), ref: 00403075
                                                                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                                                                  • Source File: 00000000.00000002.2581070006.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2581037993.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2581132216.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2581156480.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2581156480.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2581156480.000000000042F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2581156480.0000000000431000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2581156480.0000000000436000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2581156480.000000000043E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2581156480.0000000000442000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2581338870.000000000046C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2581338870.000000000046E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_400000_Setup.jbxd
                                                                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                                                                  • API ID: Window$CountCreateDestroyDialogParamShowTick
                                                                                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                                                                                  • API String ID: 2102729457-0
                                                                                                                                                                                                                                                                                                                  • Opcode ID: a982ea5e0a4ecb993fc2e9b794e4afe077943b4b771bcbca33e5c7758572dd30
                                                                                                                                                                                                                                                                                                                  • Instruction ID: 3364d2369d767f53e7c05e99e54cbc9c067443d5da9c9f227d7c3a258cba7bb7
                                                                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: a982ea5e0a4ecb993fc2e9b794e4afe077943b4b771bcbca33e5c7758572dd30
                                                                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: A9F08270702A20AFC2316F50FE4998B7F68FB44B56741447AF446B15ACCB380DA2CB9D
                                                                                                                                                                                                                                                                                                                  Function 00405513 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 46windowCOMMON
                                                                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                                                                  • IsWindowVisible.USER32(?), ref: 00405542
                                                                                                                                                                                                                                                                                                                  • CallWindowProcW.USER32(?,?,?,?), ref: 00405593
                                                                                                                                                                                                                                                                                                                    • Part of subcall function 004044E5: SendMessageW.USER32(00020498,00000000,00000000,00000000), ref: 004044F7
                                                                                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                                                                  • Source File: 00000000.00000002.2581070006.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2581037993.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2581132216.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2581156480.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2581156480.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2581156480.000000000042F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2581156480.0000000000431000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2581156480.0000000000436000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2581156480.000000000043E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2581156480.0000000000442000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2581338870.000000000046C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2581338870.000000000046E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_400000_Setup.jbxd
                                                                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                                                                  • API ID: Window$CallMessageProcSendVisible
                                                                                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                                                                                  • API String ID: 3748168415-3916222277
                                                                                                                                                                                                                                                                                                                  • Opcode ID: 0dea828d0dd479423763887dac230e90f27d8b8ae518018479b0ad82d517bb95
                                                                                                                                                                                                                                                                                                                  • Instruction ID: 904a7c61355239921aaa7855b64c86422fca6e8886f64d9e6fcbc6a993ea73ec
                                                                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 0dea828d0dd479423763887dac230e90f27d8b8ae518018479b0ad82d517bb95
                                                                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: F3017CB1100608BFDF209F11DD80AAB3B27EB84754F50453AFA01762D5D77A8E92DA69
                                                                                                                                                                                                                                                                                                                  Function 0040640B Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 44registryCOMMON
                                                                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                                                                  • RegQueryValueExW.ADVAPI32(?,?,00000000,00000000,?,00000800,00000000,?,00000000,?,?,Remove folder: ,?,?,00406672,80000002), ref: 00406451
                                                                                                                                                                                                                                                                                                                  • RegCloseKey.ADVAPI32(?,?,00406672,80000002,Software\Microsoft\Windows\CurrentVersion,Remove folder: ,Remove folder: ,Remove folder: ,00000000,Remove folder: C:\Users\user\AppData\Local\Temp\nst5AB2.tmp\), ref: 0040645C
                                                                                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                                                                  • Source File: 00000000.00000002.2581070006.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2581037993.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2581132216.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2581156480.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2581156480.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2581156480.000000000042F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2581156480.0000000000431000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2581156480.0000000000436000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2581156480.000000000043E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2581156480.0000000000442000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2581338870.000000000046C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2581338870.000000000046E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_400000_Setup.jbxd
                                                                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                                                                  • API ID: CloseQueryValue
                                                                                                                                                                                                                                                                                                                  • String ID: Remove folder:
                                                                                                                                                                                                                                                                                                                  • API String ID: 3356406503-1958208860
                                                                                                                                                                                                                                                                                                                  • Opcode ID: a598e195228f1036644e08b1753da052d1713cd74bd9ea8ab147b12b545f69e3
                                                                                                                                                                                                                                                                                                                  • Instruction ID: a8d415a3dc4e4479eaaa65942f717852bb8bd3539c12dad3b2e52d491ce509ba
                                                                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: a598e195228f1036644e08b1753da052d1713cd74bd9ea8ab147b12b545f69e3
                                                                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: FB017C72510209AADF21CF51CC09EDB3BB8FB54364F01803AFD5AA6190D738D968DBA8
                                                                                                                                                                                                                                                                                                                  Function 00405F92 Relevance: 5.0, APIs: 4, Instructions: 37stringCOMMON
                                                                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                                                                  • lstrlenA.KERNEL32(00000000,00000000,00000000,00000000,?,00000000,00406277,00000000,[Rename],00000000,00000000,00000000,?,?,?,?), ref: 00405FA2
                                                                                                                                                                                                                                                                                                                  • lstrcmpiA.KERNEL32(00000000,00000000), ref: 00405FBA
                                                                                                                                                                                                                                                                                                                  • CharNextA.USER32(00000000,?,00000000,00406277,00000000,[Rename],00000000,00000000,00000000,?,?,?,?), ref: 00405FCB
                                                                                                                                                                                                                                                                                                                  • lstrlenA.KERNEL32(00000000,?,00000000,00406277,00000000,[Rename],00000000,00000000,00000000,?,?,?,?), ref: 00405FD4
                                                                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                                                                  • Source File: 00000000.00000002.2581070006.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2581037993.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2581132216.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2581156480.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2581156480.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2581156480.000000000042F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2581156480.0000000000431000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2581156480.0000000000436000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2581156480.000000000043E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2581156480.0000000000442000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2581338870.000000000046C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2581338870.000000000046E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_400000_Setup.jbxd
                                                                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                                                                  • API ID: lstrlen$CharNextlstrcmpi
                                                                                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                                                                                  • API String ID: 190613189-0
                                                                                                                                                                                                                                                                                                                  • Opcode ID: 21d608d80335ac136f0ceeda94a64e737efc7ffd0529c55eb96d3cb5f29812e9
                                                                                                                                                                                                                                                                                                                  • Instruction ID: bd09551308ad338638525116890fdadd4ab1f465f5503068af61de479685a4e4
                                                                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 21d608d80335ac136f0ceeda94a64e737efc7ffd0529c55eb96d3cb5f29812e9
                                                                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 34F0C231604418FFC7029BA5CD0099EBBA8EF06250B2140AAF840FB210D678DE019BA9

                                                                                                                                                                                                                                                                                                                  Execution Graph

                                                                                                                                                                                                                                                                                                                  Execution Coverage:7.7%
                                                                                                                                                                                                                                                                                                                  Dynamic/Decrypted Code Coverage:0%
                                                                                                                                                                                                                                                                                                                  Signature Coverage:1.8%
                                                                                                                                                                                                                                                                                                                  Total number of Nodes:1495
                                                                                                                                                                                                                                                                                                                  Total number of Limit Nodes:53
                                                                                                                                                                                                                                                                                                                  execution_graph 12146 403640 SetErrorMode GetVersionExW 12147 403692 GetVersionExW 12146->12147 12148 4036ca 12146->12148 12147->12148 12149 403723 12148->12149 12150 406a35 5 API calls 12148->12150 12237 4069c5 GetSystemDirectoryW 12149->12237 12150->12149 12152 403739 lstrlenA 12152->12149 12153 403749 12152->12153 12240 406a35 GetModuleHandleA 12153->12240 12156 406a35 5 API calls 12157 403757 12156->12157 12158 406a35 5 API calls 12157->12158 12159 403763 #17 OleInitialize SHGetFileInfoW 12158->12159 12246 406668 lstrcpynW 12159->12246 12162 4037b0 GetCommandLineW 12247 406668 lstrcpynW 12162->12247 12164 4037c2 12248 405f64 12164->12248 12167 4038f7 12168 40390b GetTempPathW 12167->12168 12252 40360f 12168->12252 12170 403923 12172 403927 GetWindowsDirectoryW lstrcatW 12170->12172 12173 40397d DeleteFileW 12170->12173 12171 405f64 CharNextW 12175 4037f9 12171->12175 12176 40360f 12 API calls 12172->12176 12262 4030d0 GetTickCount GetModuleFileNameW 12173->12262 12175->12167 12175->12171 12179 4038f9 12175->12179 12177 403943 12176->12177 12177->12173 12178 403947 GetTempPathW lstrcatW SetEnvironmentVariableW SetEnvironmentVariableW 12177->12178 12180 40360f 12 API calls 12178->12180 12349 406668 lstrcpynW 12179->12349 12185 403975 12180->12185 12181 403990 12182 403a45 12181->12182 12186 405f64 CharNextW 12181->12186 12191 403a54 12181->12191 12292 403d17 12182->12292 12185->12173 12185->12191 12204 4039b2 12186->12204 12189 403b91 12193 403b99 GetCurrentProcess OpenProcessToken 12189->12193 12194 403c0f ExitProcess 12189->12194 12190 403b7c 12412 405cc8 12190->12412 12403 403c25 12191->12403 12199 403bb0 LookupPrivilegeValueW AdjustTokenPrivileges 12193->12199 12200 403bdf 12193->12200 12196 403a1b 12350 40603f 12196->12350 12197 403a5c 12366 405c33 12197->12366 12199->12200 12202 406a35 5 API calls 12200->12202 12206 403be6 12202->12206 12204->12196 12204->12197 12208 403bfb ExitWindowsEx 12206->12208 12213 403c08 12206->12213 12208->12194 12208->12213 12209 403a72 lstrcatW 12210 403a7d lstrcatW lstrcmpiW 12209->12210 12210->12191 12211 403a9d 12210->12211 12214 403aa2 12211->12214 12215 403aa9 12211->12215 12416 40140b 12213->12416 12369 405b99 CreateDirectoryW 12214->12369 12374 405c16 CreateDirectoryW 12215->12374 12216 403a3a 12365 406668 lstrcpynW 12216->12365 12222 403aae SetCurrentDirectoryW 12223 403ac0 12222->12223 12224 403acb 12222->12224 12377 406668 lstrcpynW 12223->12377 12378 406668 lstrcpynW 12224->12378 12229 403b19 CopyFileW 12234 403ad8 12229->12234 12230 403b63 12232 406428 36 API calls 12230->12232 12232->12191 12233 4066a5 17 API calls 12233->12234 12234->12230 12234->12233 12236 403b4d CloseHandle 12234->12236 12379 4066a5 12234->12379 12396 406428 MoveFileExW 12234->12396 12400 405c4b CreateProcessW 12234->12400 12236->12234 12238 4069e7 wsprintfW LoadLibraryExW 12237->12238 12238->12152 12241 406a51 12240->12241 12242 406a5b GetProcAddress 12240->12242 12243 4069c5 3 API calls 12241->12243 12244 403750 12242->12244 12245 406a57 12243->12245 12244->12156 12245->12242 12245->12244 12246->12162 12247->12164 12249 405f6a 12248->12249 12250 4037e8 CharNextW 12249->12250 12251 405f71 CharNextW 12249->12251 12250->12175 12251->12249 12419 4068ef 12252->12419 12254 403625 12254->12170 12255 40361b 12255->12254 12428 405f37 lstrlenW CharPrevW 12255->12428 12258 405c16 2 API calls 12259 403633 12258->12259 12431 406187 12259->12431 12435 406158 GetFileAttributesW CreateFileW 12262->12435 12264 403113 12291 403120 12264->12291 12436 406668 lstrcpynW 12264->12436 12266 403136 12437 405f83 lstrlenW 12266->12437 12270 403147 GetFileSize 12271 403241 12270->12271 12272 40315e 12270->12272 12442 40302e 12271->12442 12272->12271 12277 4032de 12272->12277 12285 40302e 32 API calls 12272->12285 12272->12291 12473 4035e2 12272->12473 12276 403286 GlobalAlloc 12278 40329d 12276->12278 12280 40302e 32 API calls 12277->12280 12282 406187 2 API calls 12278->12282 12280->12291 12281 403267 12283 4035e2 ReadFile 12281->12283 12284 4032ae CreateFileW 12282->12284 12286 403272 12283->12286 12287 4032e8 12284->12287 12284->12291 12285->12272 12286->12276 12286->12291 12457 4035f8 SetFilePointer 12287->12457 12289 4032f6 12458 403371 12289->12458 12291->12181 12291->12291 12293 406a35 5 API calls 12292->12293 12294 403d2b 12293->12294 12295 403d31 12294->12295 12296 403d43 12294->12296 12528 4065af wsprintfW 12295->12528 12529 406536 12296->12529 12300 403d92 lstrcatW 12301 403d41 12300->12301 12520 403fed 12301->12520 12302 406536 3 API calls 12302->12300 12305 40603f 18 API calls 12306 403dc4 12305->12306 12307 403e58 12306->12307 12310 406536 3 API calls 12306->12310 12308 40603f 18 API calls 12307->12308 12309 403e5e 12308->12309 12312 403e6e LoadImageW 12309->12312 12313 4066a5 17 API calls 12309->12313 12311 403df6 12310->12311 12311->12307 12316 403e17 lstrlenW 12311->12316 12319 405f64 CharNextW 12311->12319 12314 403f14 12312->12314 12315 403e95 RegisterClassW 12312->12315 12313->12312 12318 40140b 2 API calls 12314->12318 12317 403ecb SystemParametersInfoW CreateWindowExW 12315->12317 12347 403f1e 12315->12347 12320 403e25 lstrcmpiW 12316->12320 12321 403e4b 12316->12321 12317->12314 12322 403f1a 12318->12322 12323 403e14 12319->12323 12320->12321 12324 403e35 GetFileAttributesW 12320->12324 12325 405f37 3 API calls 12321->12325 12327 403fed 18 API calls 12322->12327 12322->12347 12323->12316 12326 403e41 12324->12326 12328 403e51 12325->12328 12326->12321 12329 405f83 2 API calls 12326->12329 12330 403f2b 12327->12330 12534 406668 lstrcpynW 12328->12534 12329->12321 12332 403f37 ShowWindow 12330->12332 12333 403fba 12330->12333 12335 4069c5 3 API calls 12332->12335 12535 40579d OleInitialize 12333->12535 12336 403f4f 12335->12336 12338 403f5d GetClassInfoW 12336->12338 12341 4069c5 3 API calls 12336->12341 12337 403fc0 12339 403fc4 12337->12339 12340 403fdc 12337->12340 12343 403f71 GetClassInfoW RegisterClassW 12338->12343 12344 403f87 DialogBoxParamW 12338->12344 12346 40140b 2 API calls 12339->12346 12339->12347 12342 40140b 2 API calls 12340->12342 12341->12338 12342->12347 12343->12344 12345 40140b 2 API calls 12344->12345 12348 403faf 12345->12348 12346->12347 12347->12191 12348->12347 12349->12168 12557 406668 lstrcpynW 12350->12557 12352 406050 12558 405fe2 CharNextW CharNextW 12352->12558 12355 403a27 12355->12191 12364 406668 lstrcpynW 12355->12364 12356 4068ef 5 API calls 12362 406066 12356->12362 12357 406097 lstrlenW 12358 4060a2 12357->12358 12357->12362 12359 405f37 3 API calls 12358->12359 12361 4060a7 GetFileAttributesW 12359->12361 12361->12355 12362->12355 12362->12357 12363 405f83 2 API calls 12362->12363 12564 40699e FindFirstFileW 12362->12564 12363->12357 12364->12216 12365->12182 12367 406a35 5 API calls 12366->12367 12368 403a61 lstrcatW 12367->12368 12368->12209 12368->12210 12370 405bea GetLastError 12369->12370 12371 403aa7 12369->12371 12370->12371 12372 405bf9 SetFileSecurityW 12370->12372 12371->12222 12372->12371 12373 405c0f GetLastError 12372->12373 12373->12371 12375 405c26 12374->12375 12376 405c2a GetLastError 12374->12376 12375->12222 12376->12375 12377->12224 12378->12234 12381 4066b2 12379->12381 12380 4068d5 12382 403b0d DeleteFileW 12380->12382 12569 406668 lstrcpynW 12380->12569 12381->12380 12384 4068a3 lstrlenW 12381->12384 12385 406536 3 API calls 12381->12385 12386 4066a5 10 API calls 12381->12386 12387 4067ba GetSystemDirectoryW 12381->12387 12390 4067cd GetWindowsDirectoryW 12381->12390 12391 4066a5 10 API calls 12381->12391 12392 406844 lstrcatW 12381->12392 12393 4068ef 5 API calls 12381->12393 12394 4067fc SHGetSpecialFolderLocation 12381->12394 12567 4065af wsprintfW 12381->12567 12568 406668 lstrcpynW 12381->12568 12382->12229 12382->12234 12384->12381 12385->12381 12386->12384 12387->12381 12390->12381 12391->12381 12392->12381 12393->12381 12394->12381 12395 406814 SHGetPathFromIDListW CoTaskMemFree 12394->12395 12395->12381 12397 406449 12396->12397 12398 40643c 12396->12398 12397->12234 12570 4062ae 12398->12570 12401 405c8a 12400->12401 12402 405c7e CloseHandle 12400->12402 12401->12234 12402->12401 12404 403c40 12403->12404 12405 403c36 CloseHandle 12403->12405 12406 403c54 12404->12406 12407 403c4a CloseHandle 12404->12407 12405->12404 12604 403c82 12406->12604 12407->12406 12415 405cdd 12412->12415 12413 403b89 ExitProcess 12414 405cf1 MessageBoxIndirectW 12414->12413 12415->12413 12415->12414 12417 401389 2 API calls 12416->12417 12418 401420 12417->12418 12418->12194 12425 4068fc 12419->12425 12420 406977 CharPrevW 12422 406972 12420->12422 12421 406965 CharNextW 12421->12422 12421->12425 12422->12420 12423 406998 12422->12423 12423->12255 12424 405f64 CharNextW 12424->12425 12425->12421 12425->12422 12425->12424 12426 406951 CharNextW 12425->12426 12427 406960 CharNextW 12425->12427 12426->12425 12427->12421 12429 405f53 lstrcatW 12428->12429 12430 40362d 12428->12430 12429->12430 12430->12258 12432 406194 GetTickCount GetTempFileNameW 12431->12432 12433 40363e 12432->12433 12434 4061ca 12432->12434 12433->12170 12434->12432 12434->12433 12435->12264 12436->12266 12438 405f91 12437->12438 12439 40313c 12438->12439 12440 405f97 CharPrevW 12438->12440 12441 406668 lstrcpynW 12439->12441 12440->12438 12440->12439 12441->12270 12443 403057 12442->12443 12444 40303f 12442->12444 12447 403067 GetTickCount 12443->12447 12448 40305f 12443->12448 12445 403048 DestroyWindow 12444->12445 12446 40304f 12444->12446 12445->12446 12446->12276 12446->12291 12476 4035f8 SetFilePointer 12446->12476 12447->12446 12450 403075 12447->12450 12477 406a71 12448->12477 12451 4030aa CreateDialogParamW ShowWindow 12450->12451 12452 40307d 12450->12452 12451->12446 12452->12446 12481 403012 12452->12481 12454 40308b wsprintfW 12484 4056ca 12454->12484 12457->12289 12459 403380 SetFilePointer 12458->12459 12460 40339c 12458->12460 12459->12460 12495 403479 GetTickCount 12460->12495 12463 403439 12463->12291 12466 403479 42 API calls 12467 4033d3 12466->12467 12467->12463 12468 40343f ReadFile 12467->12468 12470 4033e2 12467->12470 12468->12463 12470->12463 12471 4061db ReadFile 12470->12471 12510 40620a WriteFile 12470->12510 12471->12470 12474 4061db ReadFile 12473->12474 12475 4035f5 12474->12475 12475->12272 12476->12281 12478 406a8e PeekMessageW 12477->12478 12479 406a84 DispatchMessageW 12478->12479 12480 406a9e 12478->12480 12479->12478 12480->12446 12482 403021 12481->12482 12483 403023 MulDiv 12481->12483 12482->12483 12483->12454 12485 4030a8 12484->12485 12487 4056e5 12484->12487 12485->12446 12486 405701 lstrlenW 12489 40572a 12486->12489 12490 40570f lstrlenW 12486->12490 12487->12486 12488 4066a5 17 API calls 12487->12488 12488->12486 12492 405730 SetWindowTextW 12489->12492 12493 40573d 12489->12493 12490->12485 12491 405721 lstrcatW 12490->12491 12491->12489 12492->12493 12493->12485 12494 405743 SendMessageW SendMessageW SendMessageW 12493->12494 12494->12485 12496 4035d1 12495->12496 12497 4034a7 12495->12497 12498 40302e 32 API calls 12496->12498 12512 4035f8 SetFilePointer 12497->12512 12505 4033a3 12498->12505 12500 4034b2 SetFilePointer 12504 4034d7 12500->12504 12501 4035e2 ReadFile 12501->12504 12503 40302e 32 API calls 12503->12504 12504->12501 12504->12503 12504->12505 12506 40620a WriteFile 12504->12506 12507 4035b2 SetFilePointer 12504->12507 12513 406bb0 12504->12513 12505->12463 12508 4061db ReadFile 12505->12508 12506->12504 12507->12496 12509 4033bc 12508->12509 12509->12463 12509->12466 12511 406228 12510->12511 12511->12470 12512->12500 12514 406bd5 12513->12514 12517 406bdd 12513->12517 12514->12504 12515 406c64 GlobalFree 12516 406c6d GlobalAlloc 12515->12516 12516->12514 12516->12517 12517->12514 12517->12515 12517->12516 12518 406ce4 GlobalAlloc 12517->12518 12519 406cdb GlobalFree 12517->12519 12518->12514 12518->12517 12519->12518 12521 404001 12520->12521 12542 4065af wsprintfW 12521->12542 12523 404072 12543 4040a6 12523->12543 12525 403da2 12525->12305 12526 404077 12526->12525 12527 4066a5 17 API calls 12526->12527 12527->12526 12528->12301 12546 4064d5 12529->12546 12532 403d73 12532->12300 12532->12302 12533 40656a RegQueryValueExW RegCloseKey 12533->12532 12534->12307 12550 404610 12535->12550 12537 4057c0 12541 4057e7 12537->12541 12553 401389 12537->12553 12538 404610 SendMessageW 12539 4057f9 OleUninitialize 12538->12539 12539->12337 12541->12538 12542->12523 12544 4066a5 17 API calls 12543->12544 12545 4040b4 SetWindowTextW 12544->12545 12545->12526 12547 4064e4 12546->12547 12548 4064ed RegOpenKeyExW 12547->12548 12549 4064e8 12547->12549 12548->12549 12549->12532 12549->12533 12551 404628 12550->12551 12552 404619 SendMessageW 12550->12552 12551->12537 12552->12551 12555 401390 12553->12555 12554 4013fe 12554->12537 12555->12554 12556 4013cb MulDiv SendMessageW 12555->12556 12556->12555 12557->12352 12559 405fff 12558->12559 12561 406011 12558->12561 12559->12561 12562 40600c CharNextW 12559->12562 12560 406035 12560->12355 12560->12356 12561->12560 12563 405f64 CharNextW 12561->12563 12562->12560 12563->12561 12565 4069b4 FindClose 12564->12565 12566 4069bf 12564->12566 12565->12566 12566->12362 12567->12381 12568->12381 12569->12382 12571 406304 GetShortPathNameW 12570->12571 12572 4062de 12570->12572 12573 406423 12571->12573 12574 406319 12571->12574 12597 406158 GetFileAttributesW CreateFileW 12572->12597 12573->12397 12574->12573 12577 406321 wsprintfA 12574->12577 12576 4062e8 CloseHandle GetShortPathNameW 12576->12573 12578 4062fc 12576->12578 12579 4066a5 17 API calls 12577->12579 12578->12571 12578->12573 12580 406349 12579->12580 12598 406158 GetFileAttributesW CreateFileW 12580->12598 12582 406356 12582->12573 12583 406365 GetFileSize GlobalAlloc 12582->12583 12584 406387 12583->12584 12585 40641c CloseHandle 12583->12585 12586 4061db ReadFile 12584->12586 12585->12573 12587 40638f 12586->12587 12587->12585 12599 4060bd lstrlenA 12587->12599 12590 4063a6 lstrcpyA 12593 4063c8 12590->12593 12591 4063ba 12592 4060bd 4 API calls 12591->12592 12592->12593 12594 4063ff SetFilePointer 12593->12594 12595 40620a WriteFile 12594->12595 12596 406415 GlobalFree 12595->12596 12596->12585 12597->12576 12598->12582 12600 4060fe lstrlenA 12599->12600 12601 406106 12600->12601 12602 4060d7 lstrcmpiA 12600->12602 12601->12590 12601->12591 12602->12601 12603 4060f5 CharNextA 12602->12603 12603->12600 12605 403c90 12604->12605 12606 403c59 12605->12606 12607 403c95 FreeLibrary GlobalFree 12605->12607 12608 405d74 12606->12608 12607->12606 12607->12607 12609 40603f 18 API calls 12608->12609 12610 405d94 12609->12610 12611 405db3 12610->12611 12612 405d9c DeleteFileW 12610->12612 12614 405ede 12611->12614 12648 406668 lstrcpynW 12611->12648 12613 403b71 OleUninitialize 12612->12613 12613->12189 12613->12190 12614->12613 12621 40699e 2 API calls 12614->12621 12616 405dd9 12617 405dec 12616->12617 12618 405ddf lstrcatW 12616->12618 12620 405f83 2 API calls 12617->12620 12619 405df2 12618->12619 12622 405e02 lstrcatW 12619->12622 12623 405df8 12619->12623 12620->12619 12624 405ef8 12621->12624 12625 405e0d lstrlenW FindFirstFileW 12622->12625 12623->12622 12623->12625 12624->12613 12626 405efc 12624->12626 12627 405ed3 12625->12627 12646 405e2f 12625->12646 12628 405f37 3 API calls 12626->12628 12627->12614 12629 405f02 12628->12629 12631 405d2c 5 API calls 12629->12631 12630 405eb6 FindNextFileW 12634 405ecc FindClose 12630->12634 12630->12646 12633 405f0e 12631->12633 12635 405f12 12633->12635 12636 405f28 12633->12636 12634->12627 12635->12613 12640 4056ca 24 API calls 12635->12640 12638 4056ca 24 API calls 12636->12638 12638->12613 12639 405d74 60 API calls 12639->12646 12641 405f1f 12640->12641 12642 406428 36 API calls 12641->12642 12644 405f26 12642->12644 12643 4056ca 24 API calls 12643->12630 12644->12613 12645 4056ca 24 API calls 12645->12646 12646->12630 12646->12639 12646->12643 12646->12645 12647 406428 36 API calls 12646->12647 12649 406668 lstrcpynW 12646->12649 12650 405d2c 12646->12650 12647->12646 12648->12616 12649->12646 12658 406133 GetFileAttributesW 12650->12658 12653 405d59 12653->12646 12654 405d47 RemoveDirectoryW 12656 405d55 12654->12656 12655 405d4f DeleteFileW 12655->12656 12656->12653 12657 405d65 SetFileAttributesW 12656->12657 12657->12653 12659 405d38 12658->12659 12660 406145 SetFileAttributesW 12658->12660 12659->12653 12659->12654 12659->12655 12660->12659 12664 401941 12665 401943 12664->12665 12670 402da6 12665->12670 12668 405d74 67 API calls 12669 401951 12668->12669 12671 402db2 12670->12671 12672 4066a5 17 API calls 12671->12672 12673 402dd3 12672->12673 12674 401948 12673->12674 12675 4068ef 5 API calls 12673->12675 12674->12668 12675->12674 12826 402950 12827 402da6 17 API calls 12826->12827 12829 40295c 12827->12829 12828 402972 12830 406133 2 API calls 12828->12830 12829->12828 12831 402da6 17 API calls 12829->12831 12832 402978 12830->12832 12831->12828 12854 406158 GetFileAttributesW CreateFileW 12832->12854 12834 402985 12835 402a3b 12834->12835 12836 4029a0 GlobalAlloc 12834->12836 12837 402a23 12834->12837 12838 402a42 DeleteFileW 12835->12838 12839 402a55 12835->12839 12836->12837 12840 4029b9 12836->12840 12841 403371 44 API calls 12837->12841 12838->12839 12855 4035f8 SetFilePointer 12840->12855 12843 402a30 CloseHandle 12841->12843 12843->12835 12844 4029bf 12845 4035e2 ReadFile 12844->12845 12846 4029c8 GlobalAlloc 12845->12846 12847 4029d8 12846->12847 12848 402a0c 12846->12848 12850 403371 44 API calls 12847->12850 12849 40620a WriteFile 12848->12849 12851 402a18 GlobalFree 12849->12851 12853 4029e5 12850->12853 12851->12837 12852 402a03 GlobalFree 12852->12848 12853->12852 12854->12834 12855->12844 14871 402b59 14872 402b60 14871->14872 14873 402bab 14871->14873 14874 402ba9 14872->14874 14877 402d84 17 API calls 14872->14877 14875 406a35 5 API calls 14873->14875 14876 402bb2 14875->14876 14878 402da6 17 API calls 14876->14878 14879 402b6e 14877->14879 14880 402bbb 14878->14880 14881 402d84 17 API calls 14879->14881 14880->14874 14882 402bbf IIDFromString 14880->14882 14884 402b7a 14881->14884 14882->14874 14883 402bce 14882->14883 14883->14874 14889 406668 lstrcpynW 14883->14889 14888 4065af wsprintfW 14884->14888 14886 402beb CoTaskMemFree 14886->14874 14888->14874 14889->14886 13864 402a5b 13865 402d84 17 API calls 13864->13865 13866 402a61 13865->13866 13867 402aa4 13866->13867 13868 402a88 13866->13868 13871 40292e 13866->13871 13869 402abe 13867->13869 13870 402aae 13867->13870 13872 402a8d 13868->13872 13873 402a9e 13868->13873 13875 4066a5 17 API calls 13869->13875 13874 402d84 17 API calls 13870->13874 13878 406668 lstrcpynW 13872->13878 13873->13871 13879 4065af wsprintfW 13873->13879 13874->13873 13875->13873 13878->13871 13879->13871 13787 40175c 13788 402da6 17 API calls 13787->13788 13789 401763 13788->13789 13790 406187 2 API calls 13789->13790 13791 40176a 13790->13791 13792 406187 2 API calls 13791->13792 13792->13791 13804 6efe10e1 13806 6efe1111 13804->13806 13805 6efe12b0 GlobalFree 13806->13805 13807 6efe11b8 13806->13807 13808 6efe11d7 GlobalAlloc 13806->13808 13809 6efe1240 GlobalFree 13806->13809 13811 6efe12ab 13806->13811 13813 6efe129a GlobalFree 13806->13813 13814 6efe1381 lstrcpyW 13806->13814 13815 6efe116b GlobalAlloc 13806->13815 13807->13806 13810 6efe135a 2 API calls 13807->13810 13812 6efe1312 2 API calls 13807->13812 13808->13807 13809->13806 13810->13807 13811->13805 13812->13806 13813->13806 13814->13806 13815->13806 14901 401563 14902 402ba4 14901->14902 14905 4065af wsprintfW 14902->14905 14904 402ba9 14905->14904 14906 401968 14907 402d84 17 API calls 14906->14907 14908 40196f 14907->14908 14909 402d84 17 API calls 14908->14909 14910 40197c 14909->14910 14911 402da6 17 API calls 14910->14911 14912 401993 lstrlenW 14911->14912 14913 4019a4 14912->14913 14914 4019e5 14913->14914 14918 406668 lstrcpynW 14913->14918 14916 4019d5 14916->14914 14917 4019da lstrlenW 14916->14917 14917->14914 14918->14916 12785 40176f 12786 402da6 17 API calls 12785->12786 12787 401776 12786->12787 12788 401796 12787->12788 12789 40179e 12787->12789 12824 406668 lstrcpynW 12788->12824 12825 406668 lstrcpynW 12789->12825 12792 40179c 12796 4068ef 5 API calls 12792->12796 12793 4017a9 12794 405f37 3 API calls 12793->12794 12795 4017af lstrcatW 12794->12795 12795->12792 12807 4017bb 12796->12807 12797 40699e 2 API calls 12797->12807 12798 406133 2 API calls 12798->12807 12800 4017cd CompareFileTime 12800->12807 12801 40188d 12802 4056ca 24 API calls 12801->12802 12803 401897 12802->12803 12806 403371 44 API calls 12803->12806 12804 4056ca 24 API calls 12821 401879 12804->12821 12805 406668 lstrcpynW 12805->12807 12808 4018aa 12806->12808 12807->12797 12807->12798 12807->12800 12807->12801 12807->12805 12810 4066a5 17 API calls 12807->12810 12817 405cc8 MessageBoxIndirectW 12807->12817 12820 401864 12807->12820 12823 406158 GetFileAttributesW CreateFileW 12807->12823 12809 4018be SetFileTime 12808->12809 12811 4018d0 CloseHandle 12808->12811 12809->12811 12810->12807 12812 4018e1 12811->12812 12811->12821 12813 4018e6 12812->12813 12814 4018f9 12812->12814 12815 4066a5 17 API calls 12813->12815 12816 4066a5 17 API calls 12814->12816 12818 4018ee lstrcatW 12815->12818 12819 401901 12816->12819 12817->12807 12818->12819 12819->12821 12822 405cc8 MessageBoxIndirectW 12819->12822 12820->12804 12820->12821 12822->12821 12823->12807 12824->12792 12825->12793 15027 40190c 15028 401943 15027->15028 15029 402da6 17 API calls 15028->15029 15030 401948 15029->15030 15031 405d74 67 API calls 15030->15031 15032 401951 15031->15032 14099 40261c 14100 402da6 17 API calls 14099->14100 14101 402623 14100->14101 14104 406158 GetFileAttributesW CreateFileW 14101->14104 14103 40262f 14104->14103 12752 40252a 12763 402de6 12752->12763 12755 402da6 17 API calls 12756 40253d 12755->12756 12757 402548 RegQueryValueExW 12756->12757 12760 40292e 12756->12760 12758 402568 12757->12758 12762 40256e RegCloseKey 12757->12762 12758->12762 12768 4065af wsprintfW 12758->12768 12762->12760 12764 402da6 17 API calls 12763->12764 12765 402dfd 12764->12765 12766 4064d5 RegOpenKeyExW 12765->12766 12767 402534 12766->12767 12767->12755 12768->12762 14280 40263e 14281 402652 14280->14281 14282 40266d 14280->14282 14283 402d84 17 API calls 14281->14283 14284 402672 14282->14284 14285 40269d 14282->14285 14294 402659 14283->14294 14286 402da6 17 API calls 14284->14286 14287 402da6 17 API calls 14285->14287 14288 402679 14286->14288 14289 4026a4 lstrlenW 14287->14289 14297 40668a WideCharToMultiByte 14288->14297 14289->14294 14291 40268d lstrlenA 14291->14294 14292 4026d1 14293 4026e7 14292->14293 14295 40620a WriteFile 14292->14295 14294->14292 14294->14293 14298 406239 SetFilePointer 14294->14298 14295->14293 14297->14291 14299 406255 14298->14299 14306 40626d 14298->14306 14300 4061db ReadFile 14299->14300 14301 406261 14300->14301 14302 406276 SetFilePointer 14301->14302 14303 40629e SetFilePointer 14301->14303 14301->14306 14302->14303 14304 406281 14302->14304 14303->14306 14305 40620a WriteFile 14304->14305 14305->14306 14306->14292 12661 6efe2a7f 12662 6efe2acf 12661->12662 12663 6efe2a8f VirtualProtect 12661->12663 12663->12662 12676 4015c1 12677 402da6 17 API calls 12676->12677 12678 4015c8 12677->12678 12679 405fe2 4 API calls 12678->12679 12691 4015d1 12679->12691 12680 401631 12682 401663 12680->12682 12683 401636 12680->12683 12681 405f64 CharNextW 12681->12691 12686 401423 24 API calls 12682->12686 12695 401423 12683->12695 12692 40165b 12686->12692 12688 405c16 2 API calls 12688->12691 12689 405c33 5 API calls 12689->12691 12690 40164a SetCurrentDirectoryW 12690->12692 12691->12680 12691->12681 12691->12688 12691->12689 12693 401617 GetFileAttributesW 12691->12693 12694 405b99 4 API calls 12691->12694 12693->12691 12694->12691 12696 4056ca 24 API calls 12695->12696 12697 401431 12696->12697 12698 406668 lstrcpynW 12697->12698 12698->12690 14408 4016cc 14409 402da6 17 API calls 14408->14409 14410 4016d2 GetFullPathNameW 14409->14410 14411 4016ec 14410->14411 14412 40170e 14410->14412 14411->14412 14415 40699e 2 API calls 14411->14415 14413 401723 GetShortPathNameW 14412->14413 14414 402c2a 14412->14414 14413->14414 14416 4016fe 14415->14416 14416->14412 14418 406668 lstrcpynW 14416->14418 14418->14412 13196 4020d8 13197 4020ea 13196->13197 13207 40219c 13196->13207 13198 402da6 17 API calls 13197->13198 13199 4020f1 13198->13199 13201 402da6 17 API calls 13199->13201 13200 401423 24 API calls 13202 4022f6 13200->13202 13203 4020fa 13201->13203 13204 402110 LoadLibraryExW 13203->13204 13205 402102 GetModuleHandleW 13203->13205 13206 402121 13204->13206 13204->13207 13205->13204 13205->13206 13221 406aa4 13206->13221 13207->13200 13210 402132 13213 402151 13210->13213 13214 40213a 13210->13214 13211 40216b 13212 4056ca 24 API calls 13211->13212 13215 402142 13212->13215 13226 6fb54446 13213->13226 13267 6fb5431d 13213->13267 13292 6efe1817 13213->13292 13216 401423 24 API calls 13214->13216 13215->13202 13217 40218e FreeLibrary 13215->13217 13216->13215 13217->13202 13334 40668a WideCharToMultiByte 13221->13334 13223 406ac1 13224 406ac8 GetProcAddress 13223->13224 13225 40212c 13223->13225 13224->13225 13225->13210 13225->13211 13227 6fb54479 GlobalAlloc 13226->13227 13228 6fb54491 GlobalAlloc 13227->13228 13229 6fb545a3 13227->13229 13230 6fb544a7 13228->13230 13231 6fb54598 GlobalFree 13228->13231 13229->13215 13335 6fb5414a 13230->13335 13231->13229 13235 6fb5458f GlobalFree 13235->13231 13236 6fb544d6 lstrcmpiW 13237 6fb544eb lstrcmpiW 13236->13237 13254 6fb544c8 13236->13254 13238 6fb54636 13237->13238 13239 6fb544fb lstrcmpiW 13237->13239 13242 6fb54b73 2 API calls 13238->13242 13243 6fb545fd 13239->13243 13244 6fb5450b lstrcmpiW 13239->13244 13240 6fb5457f 13421 6fb51558 13240->13421 13259 6fb5461d 13242->13259 13250 6fb54b73 2 API calls 13243->13250 13247 6fb545df 13244->13247 13248 6fb5451b lstrcmpiW 13244->13248 13246 6fb54b73 2 API calls 13246->13254 13251 6fb54b73 2 API calls 13247->13251 13253 6fb545b6 13248->13253 13248->13254 13249 6fb5458d 13249->13235 13255 6fb54603 13250->13255 13264 6fb545bc 13251->13264 13252 6fb5455f 13252->13235 13252->13240 13252->13249 13414 6fb52a75 13252->13414 13257 6fb54b73 2 API calls 13253->13257 13254->13236 13254->13246 13254->13252 13256 6fb54532 13254->13256 13255->13252 13258 6fb5460b lstrcmpiW 13255->13258 13256->13254 13393 6fb51a11 13256->13393 13257->13264 13258->13259 13261 6fb54617 13258->13261 13259->13235 13259->13252 13363 6fb51ff4 13259->13363 13265 6fb54b73 2 API calls 13261->13265 13262 6fb545c5 13427 6fb52bb4 13262->13427 13264->13235 13264->13252 13264->13262 13265->13259 13268 6fb5434e GlobalAlloc 13267->13268 13269 6fb54434 13268->13269 13270 6fb54366 13268->13270 13269->13215 13271 6fb5414a 13 API calls 13270->13271 13277 6fb54376 13271->13277 13272 6fb54b73 2 API calls 13272->13277 13273 6fb543c7 13276 6fb54429 GlobalFree 13273->13276 13565 6fb51c1c 13273->13565 13274 6fb5437e lstrcmpiW 13275 6fb54393 lstrcmpiW 13274->13275 13274->13277 13275->13277 13278 6fb543a9 lstrcmpiW 13275->13278 13276->13269 13277->13272 13277->13273 13277->13274 13278->13277 13280 6fb543c9 13278->13280 13280->13273 13281 6fb543cd 13280->13281 13283 6fb54c09 2 API calls 13281->13283 13282 6fb543f6 13284 6fb543fd 13282->13284 13285 6fb5440e GetLastError 13282->13285 13283->13273 13286 6fb54407 13284->13286 13287 6fb54401 13284->13287 13579 6fb53fc3 13285->13579 13286->13276 13289 6fb54c09 2 API calls 13287->13289 13289->13286 13291 6fb54c09 2 API calls 13291->13276 13293 6efe184a 13292->13293 13641 6efe1bff 13293->13641 13295 6efe1851 13296 6efe1976 13295->13296 13297 6efe1869 13295->13297 13298 6efe1862 13295->13298 13296->13215 13675 6efe2480 13297->13675 13691 6efe243e 13298->13691 13303 6efe18af 13704 6efe2655 13303->13704 13304 6efe18cd 13307 6efe191e 13304->13307 13308 6efe18d3 13304->13308 13305 6efe187f 13310 6efe1885 13305->13310 13316 6efe1890 13305->13316 13306 6efe1898 13317 6efe188e 13306->13317 13701 6efe2e23 13306->13701 13314 6efe2655 10 API calls 13307->13314 13723 6efe1666 13308->13723 13310->13317 13685 6efe2b98 13310->13685 13320 6efe190f 13314->13320 13315 6efe18b5 13715 6efe1654 13315->13715 13695 6efe2810 13316->13695 13317->13303 13317->13304 13333 6efe1965 13320->13333 13729 6efe2618 13320->13729 13322 6efe1896 13322->13317 13323 6efe2655 10 API calls 13323->13320 13327 6efe196f GlobalFree 13327->13296 13329 6efe1951 13329->13333 13733 6efe15dd wsprintfW 13329->13733 13331 6efe194a FreeLibrary 13331->13329 13333->13296 13333->13327 13334->13223 13336 6fb5415b 13335->13336 13338 6fb54165 13335->13338 13455 6fb52a6a GlobalAlloc 13336->13455 13340 6fb54b73 2 API calls 13338->13340 13339 6fb54160 13339->13338 13341 6fb54178 13340->13341 13342 6fb541a5 13341->13342 13343 6fb5417c lstrcmpiW 13341->13343 13344 6fb52b39 5 API calls 13342->13344 13352 6fb541bd 13342->13352 13345 6fb5418d 13343->13345 13346 6fb541ac 13343->13346 13355 6fb541d0 13344->13355 13348 6fb54b73 2 API calls 13345->13348 13462 6fb54c09 13346->13462 13351 6fb54192 13348->13351 13350 6fb541d5 13353 6fb541f9 13350->13353 13350->13355 13351->13342 13456 6fb52b39 13351->13456 13352->13342 13352->13350 13358 6fb54b73 13353->13358 13355->13350 13465 6fb5154d GlobalAlloc 13355->13465 13357 6fb541e9 13357->13353 13359 6fb54b81 13358->13359 13360 6fb54baf 13358->13360 13359->13360 13361 6fb54ba0 GlobalFree 13359->13361 13362 6fb54b8d lstrcpyW 13359->13362 13360->13254 13361->13360 13362->13361 13364 6fb52005 13363->13364 13391 6fb520e3 13363->13391 13365 6fb52095 13364->13365 13366 6fb5200f 13364->13366 13466 6fb5240b 13365->13466 13367 6fb5203f 13366->13367 13369 6fb52031 13366->13369 13370 6fb5201d 13366->13370 13372 6fb5205c lstrlenA 13367->13372 13373 6fb52049 13367->13373 13369->13367 13375 6fb52038 13369->13375 13370->13367 13378 6fb52026 GlobalFree 13370->13378 13496 6fb521fb MultiByteToWideChar 13372->13496 13488 6fb515f7 lstrlenW 13373->13488 13379 6fb51558 3 API calls 13375->13379 13378->13367 13379->13367 13380 6fb520b2 13383 6fb52085 13380->13383 13384 6fb520b7 13380->13384 13381 6fb5211a 13381->13383 13386 6fb51558 3 API calls 13381->13386 13382 6fb52052 13382->13391 13387 6fb52151 GlobalFree 13383->13387 13383->13391 13389 6fb520d4 13384->13389 13390 6fb520cf GlobalFree 13384->13390 13384->13391 13385 6fb515f7 4 API calls 13388 6fb52083 13385->13388 13386->13383 13387->13391 13388->13383 13389->13391 13392 6fb520ea GlobalFree 13389->13392 13390->13389 13391->13252 13392->13391 13394 6fb51a1e 13393->13394 13395 6fb51c0f 13394->13395 13537 6fb513f8 lstrlenW 13394->13537 13395->13256 13397 6fb51c08 GlobalFree 13397->13395 13398 6fb51a3a 13398->13395 13398->13397 13399 6fb51a9c 13398->13399 13400 6fb51a5b 13398->13400 13404 6fb51ac9 13398->13404 13399->13400 13401 6fb51aad lstrcmpW 13399->13401 13400->13397 13402 6fb51b22 GlobalAlloc 13400->13402 13401->13399 13401->13400 13403 6fb51b3c 13402->13403 13405 6fb51bab 13403->13405 13407 6fb51b47 GlobalAlloc 13403->13407 13404->13397 13404->13400 13406 6fb51af6 lstrcmpW 13404->13406 13408 6fb51b96 13405->13408 13411 6fb51bc2 lstrlenW GlobalAlloc 13405->13411 13412 6fb51bea GlobalAlloc 13405->13412 13406->13400 13406->13404 13407->13408 13409 6fb51b62 lstrlenW GlobalAlloc 13407->13409 13408->13397 13409->13408 13410 6fb51b89 lstrcpyW 13409->13410 13410->13408 13411->13408 13413 6fb51be0 lstrcpyW 13411->13413 13412->13408 13413->13408 13415 6fb52a81 13414->13415 13416 6fb52ac1 13414->13416 13415->13416 13417 6fb52aa0 lstrcmpiW 13415->13417 13416->13240 13417->13415 13418 6fb52ac3 13417->13418 13419 6fb52adf GlobalFree GlobalFree 13418->13419 13420 6fb52ad9 GlobalFree 13418->13420 13419->13416 13420->13419 13422 6fb51567 13421->13422 13426 6fb515f2 13421->13426 13423 6fb515b2 GlobalFree 13422->13423 13424 6fb515df GlobalFree 13422->13424 13425 6fb515c6 GlobalFree 13422->13425 13422->13426 13423->13422 13424->13422 13425->13424 13426->13249 13541 6fb540c4 13427->13541 13430 6fb52bd3 GlobalAlloc 13431 6fb52be8 13430->13431 13447 6fb52d15 13430->13447 13549 6fb5199e 13431->13549 13436 6fb52c72 13440 6fb5199e 14 API calls 13436->13440 13437 6fb52c0a CreateThread 13438 6fb52c66 GlobalFree 13437->13438 13439 6fb52c1e GlobalAlloc 13437->13439 13438->13447 13442 6fb52c39 wsprintfW 13439->13442 13439->13447 13441 6fb52c7d 13440->13441 13443 6fb519d2 2 API calls 13441->13443 13557 6fb52160 13442->13557 13445 6fb52c83 13443->13445 13445->13447 13448 6fb52c8e CreateThread 13445->13448 13446 6fb52c57 GlobalFree 13446->13447 13447->13252 13448->13447 13452 6fb52ca3 13448->13452 13449 6fb52ca8 MsgWaitForMultipleObjectsEx 13450 6fb52d08 CloseHandle 13449->13450 13449->13452 13450->13447 13451 6fb52cc3 PeekMessageW 13451->13452 13452->13449 13452->13450 13452->13451 13453 6fb52cf1 PostMessageW 13452->13453 13454 6fb52cdb TranslateMessage DispatchMessageW 13452->13454 13453->13452 13454->13451 13455->13339 13459 6fb52b45 13456->13459 13460 6fb52baa 13456->13460 13457 6fb52b56 lstrcmpiW 13457->13459 13457->13460 13458 6fb52b6a 13458->13460 13461 6fb52b6f GlobalAlloc lstrlenW GlobalAlloc lstrcpyW 13458->13461 13459->13457 13459->13458 13460->13342 13461->13460 13463 6fb54c15 GlobalAlloc lstrcpynW 13462->13463 13464 6fb541b1 lstrcpyW 13462->13464 13463->13464 13464->13352 13465->13357 13467 6fb52426 CreateFileW 13466->13467 13468 6fb52492 13466->13468 13471 6fb520a0 13467->13471 13472 6fb5244a GetFileSize 13467->13472 13469 6fb524a4 lstrlenA 13468->13469 13470 6fb5249c lstrlenW 13468->13470 13473 6fb524aa 13469->13473 13470->13473 13471->13380 13471->13381 13471->13391 13474 6fb52486 CloseHandle 13472->13474 13475 6fb5245b GlobalAlloc 13472->13475 13473->13471 13477 6fb524b7 13473->13477 13478 6fb524d3 13473->13478 13474->13473 13475->13474 13476 6fb52476 ReadFile 13475->13476 13476->13474 13501 6fb51052 13477->13501 13480 6fb521fb 4 API calls 13478->13480 13482 6fb524fe 13480->13482 13484 6fb52520 13482->13484 13485 6fb51052 8 API calls 13482->13485 13484->13471 13486 6fb52526 GlobalFree 13484->13486 13487 6fb52514 GlobalFree 13485->13487 13486->13471 13487->13484 13493 6fb5161e GlobalAlloc 13488->13493 13490 6fb517c5 lstrcpyW 13492 6fb517b0 13490->13492 13491 6fb516cb 13491->13490 13494 6fb516d7 13491->13494 13492->13382 13493->13490 13493->13491 13494->13492 13495 6fb51748 wsprintfW 13494->13495 13495->13494 13497 6fb5221c GlobalAlloc 13496->13497 13499 6fb52074 13496->13499 13498 6fb52232 MultiByteToWideChar 13497->13498 13497->13499 13498->13499 13500 6fb5224d GlobalFree 13498->13500 13499->13382 13499->13385 13500->13499 13525 6fb5154d GlobalAlloc 13501->13525 13503 6fb5105e 13504 6fb51081 13503->13504 13505 6fb510bf 13503->13505 13515 6fb510b6 13503->13515 13506 6fb51052 5 API calls 13504->13506 13507 6fb510cf 13505->13507 13508 6fb510e9 13505->13508 13509 6fb5108d 13506->13509 13526 6fb511bb 13507->13526 13531 6fb5122c 13508->13531 13510 6fb510ab 13509->13510 13516 6fb51186 13509->13516 13513 6fb51558 3 API calls 13510->13513 13513->13515 13514 6fb5114b GlobalFree 13514->13515 13515->13484 13516->13515 13518 6fb51052 5 API calls 13516->13518 13517 6fb510f8 13517->13514 13517->13516 13519 6fb51176 GlobalAlloc 13517->13519 13520 6fb51139 13517->13520 13521 6fb511a8 13518->13521 13519->13516 13522 6fb51052 5 API calls 13520->13522 13521->13514 13521->13515 13523 6fb51142 13522->13523 13523->13514 13524 6fb51157 GlobalFree 13523->13524 13524->13516 13525->13503 13527 6fb51052 8 API calls 13526->13527 13529 6fb511cc 13527->13529 13528 6fb511f4 13528->13509 13529->13528 13530 6fb511bb 8 API calls 13529->13530 13530->13528 13533 6fb5123f 13531->13533 13532 6fb512eb 13532->13517 13533->13532 13535 6fb5225b GlobalAlloc 13533->13535 13536 6fb5227d 13535->13536 13536->13532 13538 6fb51438 GlobalAlloc 13537->13538 13539 6fb5141e 13537->13539 13540 6fb51454 13538->13540 13539->13538 13540->13398 13542 6fb540d0 13541->13542 13543 6fb540d5 13541->13543 13563 6fb52a6a GlobalAlloc 13542->13563 13545 6fb52b39 5 API calls 13543->13545 13546 6fb540e8 13545->13546 13548 6fb52bc7 13546->13548 13564 6fb5154d GlobalAlloc 13546->13564 13548->13430 13548->13447 13550 6fb51a11 14 API calls 13549->13550 13551 6fb519b4 13550->13551 13552 6fb519d2 13551->13552 13553 6fb519dd 13552->13553 13555 6fb51a07 13552->13555 13554 6fb519e3 lstrcmpW 13553->13554 13553->13555 13554->13555 13556 6fb519f5 lstrcmpiW 13554->13556 13555->13436 13555->13437 13556->13555 13558 6fb51a11 14 API calls 13557->13558 13559 6fb52176 13558->13559 13560 6fb5218e 13559->13560 13561 6fb51ff4 30 API calls 13559->13561 13560->13446 13562 6fb52189 13561->13562 13562->13446 13563->13543 13564->13548 13566 6fb51c2f 13565->13566 13567 6fb51c44 13565->13567 13566->13567 13602 6fb51000 13566->13602 13568 6fb51ca4 13567->13568 13569 6fb51c5a CreateFileW 13567->13569 13605 6fb52536 13568->13605 13572 6fb51c99 GetLastError 13569->13572 13573 6fb51c7a 13569->13573 13574 6fb51cc7 13572->13574 13589 6fb527ba 13573->13589 13576 6fb51cd5 SetLastError 13574->13576 13577 6fb51cce GlobalFree 13574->13577 13576->13282 13577->13576 13580 6fb53ffb 13579->13580 13581 6fb53fda GetModuleHandleA 13579->13581 13582 6fb5400f FormatMessageW 13580->13582 13581->13582 13583 6fb540af 13582->13583 13584 6fb5401f lstrlenW lstrcpyW lstrcpyW 13582->13584 13585 6fb540b7 LocalFree 13583->13585 13586 6fb540c0 13583->13586 13588 6fb54050 lstrcpyW wsprintfW 13584->13588 13585->13586 13586->13291 13588->13583 13590 6fb51c8d CloseHandle 13589->13590 13596 6fb527c9 13589->13596 13590->13574 13592 6fb527e5 lstrlenW 13594 6fb5238c 7 API calls 13592->13594 13593 6fb5287b lstrlenW 13593->13596 13594->13596 13595 6fb5238c 7 API calls 13595->13596 13596->13590 13596->13593 13596->13595 13597 6fb5238c 7 API calls 13596->13597 13598 6fb527ba 7 API calls 13596->13598 13601 6fb523e4 7 API calls 13596->13601 13620 6fb5238c 13596->13620 13599 6fb5284e lstrlenW 13597->13599 13598->13596 13600 6fb5238c 7 API calls 13599->13600 13600->13596 13601->13596 13633 6fb5154d GlobalAlloc 13602->13633 13604 6fb51008 13604->13567 13606 6fb5279a 13605->13606 13613 6fb5254d 13605->13613 13607 6fb527b5 13606->13607 13608 6fb527a4 lstrcpyW 13606->13608 13607->13574 13608->13607 13611 6fb5263b lstrlenW 13611->13613 13612 6fb5229e 4 API calls 13612->13613 13613->13606 13613->13607 13613->13611 13614 6fb5229e 4 API calls 13613->13614 13615 6fb52536 4 API calls 13613->13615 13618 6fb5229e GlobalReAlloc GetLastError GlobalFree lstrcpyW 13613->13618 13619 6fb5235c GlobalReAlloc GetLastError GlobalFree lstrcpyW 13613->13619 13634 6fb5229e 13613->13634 13616 6fb525fa lstrlenW 13614->13616 13615->13613 13617 6fb5229e 4 API calls 13616->13617 13617->13613 13618->13613 13619->13613 13621 6fb52395 WriteFile 13620->13621 13622 6fb523af 13620->13622 13621->13592 13627 6fb51933 WideCharToMultiByte 13622->13627 13625 6fb523c7 WriteFile GlobalFree 13626 6fb523e1 13625->13626 13626->13592 13628 6fb51997 13627->13628 13629 6fb5195b GlobalAlloc 13627->13629 13628->13625 13628->13626 13629->13628 13630 6fb5196d WideCharToMultiByte 13629->13630 13631 6fb51990 GlobalFree 13630->13631 13632 6fb5198a 13630->13632 13631->13628 13632->13628 13633->13604 13635 6fb52306 13634->13635 13637 6fb522b9 13634->13637 13636 6fb52310 lstrcpyW 13635->13636 13640 6fb5231f lstrlenW 13635->13640 13636->13640 13637->13635 13638 6fb522cf GlobalReAlloc 13637->13638 13637->13640 13638->13637 13639 6fb522de GetLastError GlobalFree 13638->13639 13639->13637 13640->13612 13736 6efe12bb GlobalAlloc 13641->13736 13643 6efe1c26 13737 6efe12bb GlobalAlloc 13643->13737 13645 6efe1e6b GlobalFree GlobalFree GlobalFree 13646 6efe1e88 13645->13646 13662 6efe1ed2 13645->13662 13648 6efe227e 13646->13648 13656 6efe1e9d 13646->13656 13646->13662 13647 6efe1c31 13647->13645 13649 6efe1d26 GlobalAlloc 13647->13649 13651 6efe21ae 13647->13651 13652 6efe1d8f GlobalFree 13647->13652 13655 6efe1d71 lstrcpyW 13647->13655 13658 6efe1d7b lstrcpyW 13647->13658 13661 6efe2126 13647->13661 13647->13662 13667 6efe2067 GlobalFree 13647->13667 13668 6efe1dcd 13647->13668 13670 6efe12cc 2 API calls 13647->13670 13650 6efe22a0 GetModuleHandleW 13648->13650 13648->13662 13649->13647 13653 6efe22c6 13650->13653 13654 6efe22b1 LoadLibraryW 13650->13654 13651->13662 13672 6efe2216 lstrcpyW 13651->13672 13652->13647 13744 6efe16bd WideCharToMultiByte GlobalAlloc WideCharToMultiByte GetProcAddress GlobalFree 13653->13744 13654->13653 13654->13662 13655->13658 13656->13662 13740 6efe12cc 13656->13740 13658->13647 13659 6efe22d8 13660 6efe2318 13659->13660 13673 6efe2302 GetProcAddress 13659->13673 13660->13662 13665 6efe2325 lstrlenW 13660->13665 13743 6efe12bb GlobalAlloc 13661->13743 13662->13295 13745 6efe16bd WideCharToMultiByte GlobalAlloc WideCharToMultiByte GetProcAddress GlobalFree 13665->13745 13667->13647 13668->13647 13738 6efe162f GlobalSize GlobalAlloc 13668->13738 13669 6efe233f 13669->13662 13670->13647 13672->13662 13673->13660 13674 6efe212f 13674->13295 13681 6efe2498 13675->13681 13677 6efe25c1 GlobalFree 13678 6efe186f 13677->13678 13677->13681 13678->13305 13678->13306 13678->13317 13679 6efe256b GlobalAlloc 13683 6efe2582 13679->13683 13680 6efe2540 GlobalAlloc WideCharToMultiByte 13680->13677 13681->13677 13681->13679 13681->13680 13682 6efe12cc GlobalAlloc lstrcpynW 13681->13682 13681->13683 13747 6efe135a 13681->13747 13682->13681 13683->13677 13751 6efe27a4 13683->13751 13686 6efe2baa 13685->13686 13687 6efe2c4f K32GetProcessImageFileNameW 13686->13687 13690 6efe2c6d 13687->13690 13689 6efe2d39 13689->13317 13754 6efe2b42 13690->13754 13692 6efe2453 13691->13692 13693 6efe245e GlobalAlloc 13692->13693 13694 6efe1868 13692->13694 13693->13692 13694->13297 13699 6efe2840 13695->13699 13696 6efe28ee 13698 6efe28f4 GlobalSize 13696->13698 13700 6efe28fe 13696->13700 13697 6efe28db GlobalAlloc 13697->13700 13698->13700 13699->13696 13699->13697 13700->13322 13702 6efe2e2e 13701->13702 13703 6efe2e6e GlobalFree 13702->13703 13758 6efe12bb GlobalAlloc 13704->13758 13706 6efe26fa StringFromGUID2 13712 6efe265f 13706->13712 13707 6efe270b lstrcpynW 13707->13712 13708 6efe26d8 MultiByteToWideChar 13708->13712 13709 6efe271e wsprintfW 13709->13712 13710 6efe2742 GlobalFree 13710->13712 13711 6efe2777 GlobalFree 13711->13315 13712->13706 13712->13707 13712->13708 13712->13709 13712->13710 13712->13711 13713 6efe1312 2 API calls 13712->13713 13759 6efe1381 13712->13759 13713->13712 13763 6efe12bb GlobalAlloc 13715->13763 13717 6efe1659 13718 6efe1666 2 API calls 13717->13718 13719 6efe1663 13718->13719 13720 6efe1312 13719->13720 13721 6efe131b GlobalAlloc lstrcpynW 13720->13721 13722 6efe1355 GlobalFree 13720->13722 13721->13722 13722->13320 13724 6efe169f lstrcpyW 13723->13724 13725 6efe1672 wsprintfW 13723->13725 13728 6efe16b8 13724->13728 13725->13728 13728->13323 13730 6efe2626 13729->13730 13731 6efe1931 13729->13731 13730->13731 13732 6efe2642 GlobalFree 13730->13732 13731->13329 13731->13331 13732->13730 13734 6efe1312 2 API calls 13733->13734 13735 6efe15fe 13734->13735 13735->13333 13736->13643 13737->13647 13739 6efe164d 13738->13739 13739->13668 13746 6efe12bb GlobalAlloc 13740->13746 13742 6efe12db lstrcpynW 13742->13662 13743->13674 13744->13659 13745->13669 13746->13742 13748 6efe1361 13747->13748 13749 6efe12cc 2 API calls 13748->13749 13750 6efe137f 13749->13750 13750->13681 13752 6efe2808 13751->13752 13753 6efe27b2 VirtualAlloc 13751->13753 13752->13683 13753->13752 13755 6efe2b4d 13754->13755 13756 6efe2b5d 13755->13756 13757 6efe2b52 GetLastError 13755->13757 13756->13689 13757->13756 13758->13712 13760 6efe13ac 13759->13760 13761 6efe138a 13759->13761 13760->13712 13761->13760 13762 6efe1390 lstrcpyW 13761->13762 13762->13760 13763->13717 12856 6eff474b 12857 6eff4767 12856->12857 12860 6eff475e 12856->12860 12857->12860 12865 6eff478f 12857->12865 12866 6eff4693 12857->12866 12860->12865 12886 6eff2c7e 12860->12886 12862 6eff47af 12864 6eff4693 77 API calls 12862->12864 12862->12865 12863 6eff4693 77 API calls 12863->12862 12864->12865 12867 6eff469a GetVersion 12866->12867 12868 6eff4718 12866->12868 12889 6eff7a9e HeapCreate 12867->12889 12872 6eff473b 12868->12872 12881 6eff4712 12868->12881 12960 6eff7867 12868->12960 12870 6eff46ac 12871 6eff46b5 GetCommandLineA 12870->12871 12870->12881 12901 6eff8077 12871->12901 12963 6eff7d4e 12872->12963 12880 6eff46fd 12938 6eff7e2a 12880->12938 12881->12860 12883 6eff4702 12947 6eff7d71 12883->12947 12885 6eff4707 12885->12881 13176 6eff2bd3 12886->13176 12888 6eff2c97 12888->12862 12888->12863 12888->12865 12890 6eff7abe 12889->12890 12891 6eff7af4 12889->12891 12974 6eff7956 12890->12974 12891->12870 12894 6eff7acd 12986 6eff99ef HeapAlloc 12894->12986 12895 6eff7ada 12897 6eff7af7 12895->12897 12988 6effa240 12895->12988 12897->12870 12898 6eff7ad7 12898->12897 12900 6eff7ae8 HeapDestroy 12898->12900 12900->12891 12902 6eff80c5 12901->12902 12903 6eff8092 GetEnvironmentStringsW 12901->12903 12904 6eff809a 12902->12904 12906 6eff80b6 12902->12906 12903->12904 12905 6eff80a6 GetEnvironmentStrings 12903->12905 12908 6eff80de WideCharToMultiByte 12904->12908 12909 6eff80d2 GetEnvironmentStringsW 12904->12909 12905->12906 12907 6eff46f3 12905->12907 12906->12907 12910 6eff8158 GetEnvironmentStrings 12906->12910 12911 6eff8164 12906->12911 12924 6eff7ba3 12907->12924 12913 6eff8144 FreeEnvironmentStringsW 12908->12913 12914 6eff8112 12908->12914 12909->12907 12909->12908 12910->12907 12910->12911 12915 6effa864 12 API calls 12911->12915 12913->12907 13051 6effa864 12914->13051 12922 6eff817f 12915->12922 12918 6eff8121 WideCharToMultiByte 12920 6eff8132 12918->12920 12921 6eff813b 12918->12921 12919 6eff8195 FreeEnvironmentStringsA 12919->12907 13054 6effa916 12920->13054 12921->12913 12922->12919 12925 6effa864 12 API calls 12924->12925 12926 6eff7bb4 12925->12926 12927 6eff7bc2 GetStartupInfoA 12926->12927 13121 6eff47e8 12926->13121 12935 6eff7c0e 12927->12935 12936 6eff7cd3 12927->12936 12930 6eff7cfa GetStdHandle 12932 6eff7d08 GetFileType 12930->12932 12930->12936 12931 6eff7d3a SetHandleCount 12931->12880 12932->12936 12933 6eff7c7f 12933->12936 12937 6eff7ca1 GetFileType 12933->12937 12934 6effa864 12 API calls 12934->12935 12935->12933 12935->12934 12935->12936 12936->12930 12936->12931 12937->12933 12939 6eff7e3c 12938->12939 12940 6eff7e41 GetModuleFileNameA 12938->12940 13147 6effad43 12939->13147 12941 6eff7e64 12940->12941 12943 6effa864 12 API calls 12941->12943 12944 6eff7e85 12943->12944 12945 6eff7e95 12944->12945 12946 6eff47e8 7 API calls 12944->12946 12945->12883 12946->12945 12948 6eff7d7e 12947->12948 12950 6eff7d83 12947->12950 12949 6effad43 19 API calls 12948->12949 12949->12950 12951 6effa864 12 API calls 12950->12951 12952 6eff7db0 12951->12952 12953 6eff47e8 7 API calls 12952->12953 12959 6eff7dc4 12952->12959 12953->12959 12954 6eff7e07 12955 6effa916 7 API calls 12954->12955 12956 6eff7e13 12955->12956 12956->12885 12957 6effa864 12 API calls 12957->12959 12958 6eff47e8 7 API calls 12958->12959 12959->12954 12959->12957 12959->12958 13171 6eff7876 12960->13171 12964 6eff7d54 12963->12964 12965 6eff4740 12964->12965 12966 6effa916 7 API calls 12964->12966 12967 6eff7afb 12965->12967 12966->12964 12968 6eff7b6d 12967->12968 12969 6eff7b07 12967->12969 12971 6eff7b94 HeapDestroy 12968->12971 12973 6eff7b80 VirtualFree 12968->12973 12970 6eff7b59 HeapFree 12969->12970 12972 6eff7b27 VirtualFree VirtualFree HeapFree 12969->12972 12970->12971 12971->12881 12972->12970 12972->12972 12973->12968 12997 6eff99c0 12974->12997 12976 6eff7963 GetVersionExA 12977 6eff797f 12976->12977 12978 6eff7999 GetEnvironmentVariableA 12976->12978 12977->12978 12980 6eff7991 12977->12980 12981 6eff79b8 12978->12981 12985 6eff7a76 12978->12985 12980->12894 12980->12895 12982 6eff79fd GetModuleFileNameA 12981->12982 12983 6eff79f5 12981->12983 12982->12983 12983->12985 12999 6eff960a 12983->12999 12985->12980 13002 6eff7929 GetModuleHandleA 12985->13002 12987 6eff9a0b 12986->12987 12987->12898 12989 6effa24d 12988->12989 12990 6effa254 HeapAlloc 12988->12990 12991 6effa271 VirtualAlloc 12989->12991 12990->12991 12996 6effa2a9 12990->12996 12992 6effa366 12991->12992 12993 6effa291 VirtualAlloc 12991->12993 12994 6effa36e HeapFree 12992->12994 12992->12996 12995 6effa358 VirtualFree 12993->12995 12993->12996 12994->12996 12995->12992 12996->12898 12998 6eff99cc 12997->12998 12998->12976 12998->12998 13004 6eff9621 12999->13004 13003 6eff7940 13002->13003 13003->12980 13006 6eff9639 13004->13006 13007 6eff9669 13006->13007 13011 6eff8408 13006->13011 13008 6eff8408 6 API calls 13007->13008 13010 6eff961d 13007->13010 13015 6effc37b 13007->13015 13008->13007 13010->12985 13012 6eff8426 13011->13012 13014 6eff841a 13011->13014 13021 6effb21e 13012->13021 13014->13006 13016 6effc3a6 13015->13016 13020 6effc389 13015->13020 13017 6effc3c2 13016->13017 13018 6eff8408 6 API calls 13016->13018 13017->13020 13033 6effb367 13017->13033 13018->13017 13020->13007 13022 6effb24f GetStringTypeW 13021->13022 13023 6effb267 13021->13023 13022->13023 13024 6effb26b GetStringTypeA 13022->13024 13025 6effb2b6 13023->13025 13026 6effb292 GetStringTypeA 13023->13026 13024->13023 13027 6effb353 13024->13027 13025->13027 13029 6effb2cc MultiByteToWideChar 13025->13029 13026->13027 13027->13014 13029->13027 13030 6effb2f0 13029->13030 13030->13027 13031 6effb32a MultiByteToWideChar 13030->13031 13031->13027 13032 6effb343 GetStringTypeW 13031->13032 13032->13027 13034 6effb397 LCMapStringW 13033->13034 13037 6effb3b3 13033->13037 13035 6effb3bb LCMapStringA 13034->13035 13034->13037 13036 6effb4f5 13035->13036 13035->13037 13036->13020 13038 6effb3fc LCMapStringA 13037->13038 13039 6effb419 13037->13039 13038->13036 13039->13036 13040 6effb42f MultiByteToWideChar 13039->13040 13040->13036 13041 6effb459 13040->13041 13041->13036 13042 6effb48f MultiByteToWideChar 13041->13042 13042->13036 13043 6effb4a8 LCMapStringW 13042->13043 13043->13036 13044 6effb4c3 13043->13044 13045 6effb4c9 13044->13045 13047 6effb509 13044->13047 13045->13036 13046 6effb4d7 LCMapStringW 13045->13046 13046->13036 13047->13036 13048 6effb541 LCMapStringW 13047->13048 13048->13036 13049 6effb559 WideCharToMultiByte 13048->13049 13049->13036 13065 6effa876 13051->13065 13055 6effa922 13054->13055 13063 6effa93e 13054->13063 13058 6effa92c 13055->13058 13059 6effa942 13055->13059 13056 6effa96d 13057 6effa96e HeapFree 13056->13057 13057->13063 13058->13057 13060 6effa938 13058->13060 13059->13056 13062 6effa95c 13059->13062 13102 6eff9a62 13060->13102 13108 6effa4f3 13062->13108 13063->12921 13066 6eff8118 13065->13066 13068 6effa87d 13065->13068 13066->12913 13066->12918 13068->13066 13069 6effa8a2 13068->13069 13070 6effa8b1 13069->13070 13073 6effa8c6 13069->13073 13077 6effa8bf 13070->13077 13078 6eff9d8b 13070->13078 13072 6effa905 HeapAlloc 13074 6effa914 13072->13074 13073->13072 13073->13077 13084 6effa538 13073->13084 13074->13068 13075 6effa8c4 13075->13068 13077->13072 13077->13074 13077->13075 13081 6eff9dbd 13078->13081 13079 6eff9e5c 13082 6eff9e6b 13079->13082 13098 6effa145 13079->13098 13081->13079 13081->13082 13091 6effa094 13081->13091 13082->13077 13085 6effa546 13084->13085 13086 6effa707 13085->13086 13089 6effa632 VirtualAlloc 13085->13089 13090 6effa603 13085->13090 13087 6effa240 5 API calls 13086->13087 13087->13090 13089->13090 13090->13077 13092 6effa0d7 HeapAlloc 13091->13092 13093 6effa0a7 HeapReAlloc 13091->13093 13094 6effa127 13092->13094 13096 6effa0fd VirtualAlloc 13092->13096 13093->13094 13095 6effa0c6 13093->13095 13094->13079 13095->13092 13096->13094 13097 6effa117 HeapFree 13096->13097 13097->13094 13099 6effa157 VirtualAlloc 13098->13099 13101 6effa1a0 13099->13101 13101->13082 13103 6eff9aa0 13102->13103 13107 6eff9d56 13102->13107 13104 6eff9c9c VirtualFree 13103->13104 13103->13107 13105 6eff9d00 13104->13105 13106 6eff9d0f VirtualFree HeapFree 13105->13106 13105->13107 13106->13107 13107->13063 13109 6effa536 13108->13109 13110 6effa520 13108->13110 13109->13063 13110->13109 13112 6effa3da 13110->13112 13115 6effa3e7 13112->13115 13113 6effa497 13113->13109 13114 6effa408 VirtualFree 13114->13115 13115->13113 13115->13114 13117 6effa384 VirtualFree 13115->13117 13118 6effa3a1 13117->13118 13119 6effa3d1 13118->13119 13120 6effa3b1 HeapFree 13118->13120 13119->13115 13120->13115 13122 6eff47f2 13121->13122 13123 6eff4804 13122->13123 13127 6eff81a9 13122->13127 13133 6eff81e2 13123->13133 13128 6eff81b3 13127->13128 13129 6eff81e0 13128->13129 13130 6eff81e2 7 API calls 13128->13130 13129->13123 13131 6eff81ca 13130->13131 13132 6eff81e2 7 API calls 13131->13132 13132->13129 13136 6eff81f5 13133->13136 13134 6eff480d 13134->12927 13135 6eff830c 13139 6eff831f GetStdHandle WriteFile 13135->13139 13136->13134 13136->13135 13137 6eff8235 13136->13137 13137->13134 13138 6eff8241 GetModuleFileNameA 13137->13138 13140 6eff8259 13138->13140 13139->13134 13142 6effb095 13140->13142 13143 6effb0a2 LoadLibraryA 13142->13143 13144 6effb0e4 13142->13144 13143->13144 13145 6effb0b3 GetProcAddress 13143->13145 13144->13134 13145->13144 13146 6effb0ca GetProcAddress GetProcAddress 13145->13146 13146->13144 13148 6effad53 13147->13148 13149 6effad4c 13147->13149 13148->12940 13151 6effa97f 13149->13151 13158 6effab18 13151->13158 13153 6effab0c 13153->13148 13156 6effa9c2 GetCPInfo 13157 6effa9d6 13156->13157 13157->13153 13163 6effabbe GetCPInfo 13157->13163 13159 6effab38 13158->13159 13160 6effab28 GetOEMCP 13158->13160 13161 6effa990 13159->13161 13162 6effab3d GetACP 13159->13162 13160->13159 13161->13153 13161->13156 13161->13157 13162->13161 13164 6effabe1 13163->13164 13170 6effaca9 13163->13170 13165 6effb21e 6 API calls 13164->13165 13166 6effac5d 13165->13166 13167 6effb367 9 API calls 13166->13167 13168 6effac81 13167->13168 13169 6effb367 9 API calls 13168->13169 13169->13170 13170->13153 13172 6eff7882 GetCurrentProcess TerminateProcess 13171->13172 13173 6eff7893 13171->13173 13172->13173 13174 6eff7872 13173->13174 13175 6eff78fd ExitProcess 13173->13175 13174->12872 13177 6eff2c16 13176->13177 13180 6eff2be0 13176->13180 13184 6eff1888 13177->13184 13179 6eff2c22 13181 6eff2c4b 13179->13181 13182 6eff1888 4 API calls 13179->13182 13180->12888 13181->13180 13183 6eff1888 4 API calls 13181->13183 13182->13179 13183->13181 13186 6eff1895 13184->13186 13190 6eff18fb 13184->13190 13187 6eff18ef GlobalFree 13186->13187 13188 6eff18ca GlobalFree 13186->13188 13189 6eff1888 GlobalFree GlobalFree 13186->13189 13191 6eff1847 13186->13191 13187->13186 13187->13190 13188->13187 13189->13186 13190->13179 13192 6eff1885 13191->13192 13195 6eff1853 13191->13195 13192->13186 13193 6eff1877 GlobalFree GlobalFree 13193->13192 13194 6eff1888 2 API calls 13194->13195 13195->13193 13195->13194 15476 401ff6 15477 402da6 17 API calls 15476->15477 15478 401ffd 15477->15478 15479 40699e 2 API calls 15478->15479 15480 402003 15479->15480 15482 402014 15480->15482 15483 4065af wsprintfW 15480->15483 15483->15482 12720 401389 12722 401390 12720->12722 12721 4013fe 12722->12721 12723 4013cb MulDiv SendMessageW 12722->12723 12723->12722 12724 40248a 12725 402da6 17 API calls 12724->12725 12726 40249c 12725->12726 12727 402da6 17 API calls 12726->12727 12728 4024a6 12727->12728 12741 402e36 12728->12741 12731 402c2a 12732 4024de 12734 4024ea 12732->12734 12745 402d84 12732->12745 12733 402da6 17 API calls 12735 4024d4 lstrlenW 12733->12735 12737 402509 RegSetValueExW 12734->12737 12738 403371 44 API calls 12734->12738 12735->12732 12739 40251f RegCloseKey 12737->12739 12738->12737 12739->12731 12742 402e51 12741->12742 12748 406503 12742->12748 12746 4066a5 17 API calls 12745->12746 12747 402d99 12746->12747 12747->12734 12749 406512 12748->12749 12750 4024b6 12749->12750 12751 40651d RegCreateKeyExW 12749->12751 12750->12731 12750->12732 12750->12733 12751->12750 13764 401b9b 13765 401ba8 13764->13765 13766 401bec 13764->13766 13769 401c31 13765->13769 13772 401bbf 13765->13772 13767 401bf1 13766->13767 13768 401c16 GlobalAlloc 13766->13768 13778 40239d 13767->13778 13783 406668 lstrcpynW 13767->13783 13771 4066a5 17 API calls 13768->13771 13770 4066a5 17 API calls 13769->13770 13769->13778 13774 402397 13770->13774 13771->13769 13784 406668 lstrcpynW 13772->13784 13774->13778 13779 405cc8 MessageBoxIndirectW 13774->13779 13776 401c03 GlobalFree 13776->13778 13777 401bce 13785 406668 lstrcpynW 13777->13785 13779->13778 13781 401bdd 13786 406668 lstrcpynW 13781->13786 13783->13776 13784->13777 13785->13781 13786->13778 13793 40259e 13794 402de6 17 API calls 13793->13794 13795 4025a8 13794->13795 13796 402d84 17 API calls 13795->13796 13797 4025b1 13796->13797 13798 4025d9 RegEnumValueW 13797->13798 13799 4025cd RegEnumKeyW 13797->13799 13802 40292e 13797->13802 13800 4025f5 RegCloseKey 13798->13800 13801 4025ee 13798->13801 13799->13800 13800->13802 13801->13800 12699 401fa4 12700 402da6 17 API calls 12699->12700 12701 401faa 12700->12701 12702 4056ca 24 API calls 12701->12702 12703 401fb4 12702->12703 12704 405c4b 2 API calls 12703->12704 12705 401fba 12704->12705 12706 401fdd CloseHandle 12705->12706 12710 40292e 12705->12710 12714 406ae0 WaitForSingleObject 12705->12714 12706->12710 12709 401fcf 12711 401fd4 12709->12711 12712 401fdf 12709->12712 12719 4065af wsprintfW 12711->12719 12712->12706 12715 406afa 12714->12715 12716 406b0c GetExitCodeProcess 12715->12716 12717 406a71 2 API calls 12715->12717 12716->12709 12718 406b01 WaitForSingleObject 12717->12718 12718->12715 12719->12706 12769 4021aa 12770 402da6 17 API calls 12769->12770 12771 4021b1 12770->12771 12772 402da6 17 API calls 12771->12772 12773 4021bb 12772->12773 12774 402da6 17 API calls 12773->12774 12775 4021c5 12774->12775 12776 402da6 17 API calls 12775->12776 12777 4021cf 12776->12777 12778 402da6 17 API calls 12777->12778 12779 4021d9 12778->12779 12780 402218 CoCreateInstance 12779->12780 12781 402da6 17 API calls 12779->12781 12784 402237 12780->12784 12781->12780 12782 401423 24 API calls 12783 4022f6 12782->12783 12784->12782 12784->12783

                                                                                                                                                                                                                                                                                                                  Executed Functions

                                                                                                                                                                                                                                                                                                                  Function 00403640 Relevance: 91.4, APIs: 33, Strings: 19, Instructions: 450stringfilecomCOMMON
                                                                                                                                                                                                                                                                                                                  Download Yara Rule

                                                                                                                                                                                                                                                                                                                  Control-flow Graph

                                                                                                                                                                                                                                                                                                                  • Executed
                                                                                                                                                                                                                                                                                                                  • Not Executed
                                                                                                                                                                                                                                                                                                                  control_flow_graph 0 403640-403690 SetErrorMode GetVersionExW 1 403692-4036c6 GetVersionExW 0->1 2 4036ca-4036d1 0->2 1->2 3 4036d3 2->3 4 4036db-40371b 2->4 3->4 5 40371d-403725 call 406a35 4->5 6 40372e 4->6 5->6 11 403727 5->11 8 403733-403747 call 4069c5 lstrlenA 6->8 13 403749-403765 call 406a35 * 3 8->13 11->6 20 403776-4037d8 #17 OleInitialize SHGetFileInfoW call 406668 GetCommandLineW call 406668 13->20 21 403767-40376d 13->21 28 4037e1-4037f4 call 405f64 CharNextW 20->28 29 4037da-4037dc 20->29 21->20 25 40376f 21->25 25->20 32 4038eb-4038f1 28->32 29->28 33 4038f7 32->33 34 4037f9-4037ff 32->34 37 40390b-403925 GetTempPathW call 40360f 33->37 35 403801-403806 34->35 36 403808-40380e 34->36 35->35 35->36 38 403810-403814 36->38 39 403815-403819 36->39 47 403927-403945 GetWindowsDirectoryW lstrcatW call 40360f 37->47 48 40397d-403995 DeleteFileW call 4030d0 37->48 38->39 41 4038d9-4038e7 call 405f64 39->41 42 40381f-403825 39->42 41->32 59 4038e9-4038ea 41->59 45 403827-40382e 42->45 46 40383f-403878 42->46 51 403830-403833 45->51 52 403835 45->52 53 403894-4038ce 46->53 54 40387a-40387f 46->54 47->48 62 403947-403977 GetTempPathW lstrcatW SetEnvironmentVariableW * 2 call 40360f 47->62 64 40399b-4039a1 48->64 65 403b6c-403b7a call 403c25 OleUninitialize 48->65 51->46 51->52 52->46 57 4038d0-4038d4 53->57 58 4038d6-4038d8 53->58 54->53 61 403881-403889 54->61 57->58 63 4038f9-403906 call 406668 57->63 58->41 59->32 66 403890 61->66 67 40388b-40388e 61->67 62->48 62->65 63->37 69 4039a7-4039ba call 405f64 64->69 70 403a48-403a4f call 403d17 64->70 77 403b91-403b97 65->77 78 403b7c-403b8b call 405cc8 ExitProcess 65->78 66->53 67->53 67->66 84 403a0c-403a19 69->84 85 4039bc-4039f1 69->85 80 403a54-403a57 70->80 82 403b99-403bae GetCurrentProcess OpenProcessToken 77->82 83 403c0f-403c17 77->83 80->65 91 403bb0-403bd9 LookupPrivilegeValueW AdjustTokenPrivileges 82->91 92 403bdf-403bed call 406a35 82->92 86 403c19 83->86 87 403c1c-403c1f ExitProcess 83->87 88 403a1b-403a29 call 40603f 84->88 89 403a5c-403a70 call 405c33 lstrcatW 84->89 93 4039f3-4039f7 85->93 86->87 88->65 103 403a2f-403a45 call 406668 * 2 88->103 106 403a72-403a78 lstrcatW 89->106 107 403a7d-403a97 lstrcatW lstrcmpiW 89->107 91->92 104 403bfb-403c06 ExitWindowsEx 92->104 105 403bef-403bf9 92->105 97 403a00-403a08 93->97 98 4039f9-4039fe 93->98 97->93 102 403a0a 97->102 98->97 98->102 102->84 103->70 104->83 111 403c08-403c0a call 40140b 104->111 105->104 105->111 106->107 108 403b6a 107->108 109 403a9d-403aa0 107->109 108->65 112 403aa2-403aa7 call 405b99 109->112 113 403aa9 call 405c16 109->113 111->83 121 403aae-403abe SetCurrentDirectoryW 112->121 113->121 123 403ac0-403ac6 call 406668 121->123 124 403acb-403af7 call 406668 121->124 123->124 128 403afc-403b17 call 4066a5 DeleteFileW 124->128 131 403b57-403b61 128->131 132 403b19-403b29 CopyFileW 128->132 131->128 134 403b63-403b65 call 406428 131->134 132->131 133 403b2b-403b4b call 406428 call 4066a5 call 405c4b 132->133 133->131 142 403b4d-403b54 CloseHandle 133->142 134->108 142->131
                                                                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                                                                  • SetErrorMode.KERNEL32(00008001), ref: 00403663
                                                                                                                                                                                                                                                                                                                  • GetVersionExW.KERNEL32(?), ref: 0040368C
                                                                                                                                                                                                                                                                                                                  • GetVersionExW.KERNEL32(0000011C), ref: 004036A3
                                                                                                                                                                                                                                                                                                                  • lstrlenA.KERNEL32(UXTHEME,UXTHEME), ref: 0040373A
                                                                                                                                                                                                                                                                                                                  • #17.COMCTL32(00000007,00000009,0000000B), ref: 00403776
                                                                                                                                                                                                                                                                                                                  • OleInitialize.OLE32(00000000), ref: 0040377D
                                                                                                                                                                                                                                                                                                                  • SHGetFileInfoW.SHELL32(00421708,00000000,?,000002B4,00000000), ref: 0040379B
                                                                                                                                                                                                                                                                                                                  • GetCommandLineW.KERNEL32(00429260,NSIS Error), ref: 004037B0
                                                                                                                                                                                                                                                                                                                  • CharNextW.USER32(00000000,"C:\Users\user\AppData\Local\Temp\nsr7B99.tmp" /internal 1728048003008516 /force,00000020,"C:\Users\user\AppData\Local\Temp\nsr7B99.tmp" /internal 1728048003008516 /force,00000000), ref: 004037E9
                                                                                                                                                                                                                                                                                                                  • GetTempPathW.KERNEL32(00000400,C:\Users\user\AppData\Local\Temp\,00000000,?), ref: 0040391C
                                                                                                                                                                                                                                                                                                                  • GetWindowsDirectoryW.KERNEL32(C:\Users\user\AppData\Local\Temp\,000003FB), ref: 0040392D
                                                                                                                                                                                                                                                                                                                  • lstrcatW.KERNEL32(C:\Users\user\AppData\Local\Temp\,\Temp), ref: 00403939
                                                                                                                                                                                                                                                                                                                  • GetTempPathW.KERNEL32(000003FC,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,\Temp), ref: 0040394D
                                                                                                                                                                                                                                                                                                                  • lstrcatW.KERNEL32(C:\Users\user\AppData\Local\Temp\,Low), ref: 00403955
                                                                                                                                                                                                                                                                                                                  • SetEnvironmentVariableW.KERNEL32(TEMP,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,Low), ref: 00403966
                                                                                                                                                                                                                                                                                                                  • SetEnvironmentVariableW.KERNEL32(TMP,C:\Users\user\AppData\Local\Temp\), ref: 0040396E
                                                                                                                                                                                                                                                                                                                  • DeleteFileW.KERNEL32(1033), ref: 00403982
                                                                                                                                                                                                                                                                                                                  • lstrcatW.KERNEL32(C:\Users\user\AppData\Local\Temp\,~nsu,"C:\Users\user\AppData\Local\Temp\nsr7B99.tmp" /internal 1728048003008516 /force,00000000,?), ref: 00403A69
                                                                                                                                                                                                                                                                                                                  • lstrcatW.KERNEL32(C:\Users\user\AppData\Local\Temp\,0040A328,C:\Users\user\AppData\Local\Temp\,~nsu,"C:\Users\user\AppData\Local\Temp\nsr7B99.tmp" /internal 1728048003008516 /force,00000000,?), ref: 00403A78
                                                                                                                                                                                                                                                                                                                    • Part of subcall function 00405C16: CreateDirectoryW.KERNEL32(?,00000000,00403633,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,00403923), ref: 00405C1C
                                                                                                                                                                                                                                                                                                                  • lstrcatW.KERNEL32(C:\Users\user\AppData\Local\Temp\,.tmp,C:\Users\user\AppData\Local\Temp\,~nsu,"C:\Users\user\AppData\Local\Temp\nsr7B99.tmp" /internal 1728048003008516 /force,00000000,?), ref: 00403A83
                                                                                                                                                                                                                                                                                                                  • lstrcmpiW.KERNEL32(C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp,C:\Users\user\AppData\Local\Temp\,.tmp,C:\Users\user\AppData\Local\Temp\,~nsu,"C:\Users\user\AppData\Local\Temp\nsr7B99.tmp" /internal 1728048003008516 /force,00000000,?), ref: 00403A8F
                                                                                                                                                                                                                                                                                                                  • SetCurrentDirectoryW.KERNEL32(C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\), ref: 00403AAF
                                                                                                                                                                                                                                                                                                                  • DeleteFileW.KERNEL32(00420F08,00420F08,?,5974062,?), ref: 00403B0E
                                                                                                                                                                                                                                                                                                                  • CopyFileW.KERNEL32(C:\Users\user\AppData\Local\Temp\nsr7B99.tmp,00420F08,00000001), ref: 00403B21
                                                                                                                                                                                                                                                                                                                  • CloseHandle.KERNEL32(00000000,00420F08,00420F08,?,00420F08,00000000), ref: 00403B4E
                                                                                                                                                                                                                                                                                                                  • OleUninitialize.OLE32(?), ref: 00403B71
                                                                                                                                                                                                                                                                                                                  • ExitProcess.KERNEL32 ref: 00403B8B
                                                                                                                                                                                                                                                                                                                  • GetCurrentProcess.KERNEL32(00000028,?), ref: 00403B9F
                                                                                                                                                                                                                                                                                                                  • OpenProcessToken.ADVAPI32(00000000), ref: 00403BA6
                                                                                                                                                                                                                                                                                                                  • LookupPrivilegeValueW.ADVAPI32(00000000,SeShutdownPrivilege,?), ref: 00403BBA
                                                                                                                                                                                                                                                                                                                  • AdjustTokenPrivileges.ADVAPI32(?,00000000,?,00000000,00000000,00000000), ref: 00403BD9
                                                                                                                                                                                                                                                                                                                  • ExitWindowsEx.USER32(00000002,80040002), ref: 00403BFE
                                                                                                                                                                                                                                                                                                                  • ExitProcess.KERNEL32 ref: 00403C1F
                                                                                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                                                                  • Source File: 0000000B.00000002.3116855936.0000000000401000.00000020.00000001.01000000.0000000E.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                                  • Associated: 0000000B.00000002.3116825906.0000000000400000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 0000000B.00000002.3116905887.0000000000408000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 0000000B.00000002.3116932743.000000000040A000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 0000000B.00000002.3116932743.0000000000427000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 0000000B.00000002.3116932743.000000000042B000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 0000000B.00000002.3116932743.000000000042F000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 0000000B.00000002.3116932743.0000000000433000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 0000000B.00000002.3116932743.0000000000435000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 0000000B.00000002.3116932743.0000000000454000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 0000000B.00000002.3116932743.0000000000457000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 0000000B.00000002.3117248813.000000000045D000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 0000000B.00000002.3117248813.000000000045F000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_11_2_400000_nsr7B99.jbxd
                                                                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                                                                  • API ID: lstrcat$FileProcess$DirectoryExit$CurrentDeleteEnvironmentPathTempTokenVariableVersionWindows$AdjustCharCloseCommandCopyCreateErrorHandleInfoInitializeLineLookupModeNextOpenPrivilegePrivilegesUninitializeValuelstrcmpilstrlen
                                                                                                                                                                                                                                                                                                                  • String ID: "C:\Users\user\AppData\Local\Temp\nsr7B99.tmp" /internal 1728048003008516 /force$.tmp$1033$5974062$C:\Users\user\AppData\Local\Temp$C:\Users\user\AppData\Local\Temp\$C:\Users\user\AppData\Local\Temp\nsr7B99.tmp$C:\Users\user\PCAppStore$C:\Users\user\PCAppStore$Error launching installer$Error writing temporary file. Make sure your temp folder is valid.$Low$NSIS Error$SeShutdownPrivilege$TEMP$TMP$UXTHEME$\Temp$~nsu
                                                                                                                                                                                                                                                                                                                  • API String ID: 3859024572-813309632
                                                                                                                                                                                                                                                                                                                  • Opcode ID: 54eba713b65b488fe05b557adb658f0301d1077f312d6d7219dab3d109336353
                                                                                                                                                                                                                                                                                                                  • Instruction ID: d56582c8b11bee4b9d4e83ad1f604629a9588d533935b381636b20c84fba3529
                                                                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 54eba713b65b488fe05b557adb658f0301d1077f312d6d7219dab3d109336353
                                                                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: D4E1F471A00214AADB20AFB58D45A6E3EB8EB05709F50847FF945B32D1DB7C8A41CB6D
                                                                                                                                                                                                                                                                                                                  Function 6EFE1BFF Relevance: 20.1, APIs: 13, Instructions: 597stringlibrarymemoryCOMMON
                                                                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                                                                    • Part of subcall function 6EFE12BB: GlobalAlloc.KERNEL32(00000040,?,6EFE12DB,?,6EFE137F,00000019,6EFE11CA,-000000A0), ref: 6EFE12C5
                                                                                                                                                                                                                                                                                                                  • GlobalAlloc.KERNEL32(00000040,00001CA4), ref: 6EFE1D2D
                                                                                                                                                                                                                                                                                                                  • lstrcpyW.KERNEL32(00000008,?), ref: 6EFE1D75
                                                                                                                                                                                                                                                                                                                  • lstrcpyW.KERNEL32(00000808,?), ref: 6EFE1D7F
                                                                                                                                                                                                                                                                                                                  • GlobalFree.KERNEL32(00000000), ref: 6EFE1D92
                                                                                                                                                                                                                                                                                                                  • GlobalFree.KERNEL32(?), ref: 6EFE1E74
                                                                                                                                                                                                                                                                                                                  • GlobalFree.KERNEL32(?), ref: 6EFE1E79
                                                                                                                                                                                                                                                                                                                  • GlobalFree.KERNEL32(?), ref: 6EFE1E7E
                                                                                                                                                                                                                                                                                                                  • GlobalFree.KERNEL32(00000000), ref: 6EFE2068
                                                                                                                                                                                                                                                                                                                  • lstrcpyW.KERNEL32(?,?), ref: 6EFE2222
                                                                                                                                                                                                                                                                                                                  • GetModuleHandleW.KERNEL32(00000008), ref: 6EFE22A1
                                                                                                                                                                                                                                                                                                                  • LoadLibraryW.KERNEL32(00000008), ref: 6EFE22B2
                                                                                                                                                                                                                                                                                                                  • GetProcAddress.KERNEL32(?,?), ref: 6EFE230C
                                                                                                                                                                                                                                                                                                                  • lstrlenW.KERNEL32(00000808), ref: 6EFE2326
                                                                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                                                                  • Source File: 0000000B.00000002.3121354560.000000006EFE1000.00000020.00000001.01000000.0000000F.sdmp, Offset: 6EFE0000, based on PE: true
                                                                                                                                                                                                                                                                                                                  • Associated: 0000000B.00000002.3121303186.000000006EFE0000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 0000000B.00000002.3121405293.000000006EFE4000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 0000000B.00000002.3121454401.000000006EFE6000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_11_2_6efe0000_nsr7B99.jbxd
                                                                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                                                                  • API ID: Global$Free$lstrcpy$Alloc$AddressHandleLibraryLoadModuleProclstrlen
                                                                                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                                                                                  • API String ID: 245916457-0
                                                                                                                                                                                                                                                                                                                  • Opcode ID: a7294413cc78a5bd3010a5dfd984df6221ec816fe8dd1bd6aa0385bb30d3bf46
                                                                                                                                                                                                                                                                                                                  • Instruction ID: c25a9fc8e37a011f286f1b27a3cc8950f21e63a88ef220d7fbe765013b5fb7c8
                                                                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: a7294413cc78a5bd3010a5dfd984df6221ec816fe8dd1bd6aa0385bb30d3bf46
                                                                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 5422CD71D1420AEFEB509FEAC8A06EDB7B4FB05315F10452ED1A5E3A80E7747A89CB40
                                                                                                                                                                                                                                                                                                                  Function 00405D74 Relevance: 19.4, APIs: 7, Strings: 4, Instructions: 148filestringCOMMON
                                                                                                                                                                                                                                                                                                                  Download Yara Rule

                                                                                                                                                                                                                                                                                                                  Control-flow Graph

                                                                                                                                                                                                                                                                                                                  • Executed
                                                                                                                                                                                                                                                                                                                  • Not Executed
                                                                                                                                                                                                                                                                                                                  control_flow_graph 637 405d74-405d9a call 40603f 640 405db3-405dba 637->640 641 405d9c-405dae DeleteFileW 637->641 643 405dbc-405dbe 640->643 644 405dcd-405ddd call 406668 640->644 642 405f30-405f34 641->642 645 405dc4-405dc7 643->645 646 405ede-405ee3 643->646 650 405dec-405ded call 405f83 644->650 651 405ddf-405dea lstrcatW 644->651 645->644 645->646 646->642 648 405ee5-405ee8 646->648 652 405ef2-405efa call 40699e 648->652 653 405eea-405ef0 648->653 654 405df2-405df6 650->654 651->654 652->642 661 405efc-405f10 call 405f37 call 405d2c 652->661 653->642 657 405e02-405e08 lstrcatW 654->657 658 405df8-405e00 654->658 660 405e0d-405e29 lstrlenW FindFirstFileW 657->660 658->657 658->660 662 405ed3-405ed7 660->662 663 405e2f-405e37 660->663 677 405f12-405f15 661->677 678 405f28-405f2b call 4056ca 661->678 662->646 665 405ed9 662->665 666 405e57-405e6b call 406668 663->666 667 405e39-405e41 663->667 665->646 679 405e82-405e8d call 405d2c 666->679 680 405e6d-405e75 666->680 669 405e43-405e4b 667->669 670 405eb6-405ec6 FindNextFileW 667->670 669->666 673 405e4d-405e55 669->673 670->663 676 405ecc-405ecd FindClose 670->676 673->666 673->670 676->662 677->653 683 405f17-405f26 call 4056ca call 406428 677->683 678->642 690 405eae-405eb1 call 4056ca 679->690 691 405e8f-405e92 679->691 680->670 684 405e77-405e80 call 405d74 680->684 683->642 684->670 690->670 693 405e94-405ea4 call 4056ca call 406428 691->693 694 405ea6-405eac 691->694 693->670 694->670
                                                                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                                                                  • DeleteFileW.KERNEL32(?,?,74DF3420,74DF2EE0,00000000), ref: 00405D9D
                                                                                                                                                                                                                                                                                                                  • lstrcatW.KERNEL32(00425750,\*.*,00425750,?,?,74DF3420,74DF2EE0,00000000), ref: 00405DE5
                                                                                                                                                                                                                                                                                                                  • lstrcatW.KERNEL32(?,0040A014,?,00425750,?,?,74DF3420,74DF2EE0,00000000), ref: 00405E08
                                                                                                                                                                                                                                                                                                                  • lstrlenW.KERNEL32(?,?,0040A014,?,00425750,?,?,74DF3420,74DF2EE0,00000000), ref: 00405E0E
                                                                                                                                                                                                                                                                                                                  • FindFirstFileW.KERNEL32(00425750,?,?,?,0040A014,?,00425750,?,?,74DF3420,74DF2EE0,00000000), ref: 00405E1E
                                                                                                                                                                                                                                                                                                                  • FindNextFileW.KERNEL32(00000000,00000010,000000F2,?,?,?,?,0000002E), ref: 00405EBE
                                                                                                                                                                                                                                                                                                                  • FindClose.KERNEL32(00000000), ref: 00405ECD
                                                                                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                                                                  • Source File: 0000000B.00000002.3116855936.0000000000401000.00000020.00000001.01000000.0000000E.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                                  • Associated: 0000000B.00000002.3116825906.0000000000400000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 0000000B.00000002.3116905887.0000000000408000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 0000000B.00000002.3116932743.000000000040A000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 0000000B.00000002.3116932743.0000000000427000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 0000000B.00000002.3116932743.000000000042B000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 0000000B.00000002.3116932743.000000000042F000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 0000000B.00000002.3116932743.0000000000433000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 0000000B.00000002.3116932743.0000000000435000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 0000000B.00000002.3116932743.0000000000454000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 0000000B.00000002.3116932743.0000000000457000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 0000000B.00000002.3117248813.000000000045D000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 0000000B.00000002.3117248813.000000000045F000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_11_2_400000_nsr7B99.jbxd
                                                                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                                                                  • API ID: FileFind$lstrcat$CloseDeleteFirstNextlstrlen
                                                                                                                                                                                                                                                                                                                  • String ID: .$.$PWB$\*.*
                                                                                                                                                                                                                                                                                                                  • API String ID: 2035342205-2468439962
                                                                                                                                                                                                                                                                                                                  • Opcode ID: eb4081a649fdbb44c8907daec76b44e1c805ca5b036c6d0867ef95af4715127c
                                                                                                                                                                                                                                                                                                                  • Instruction ID: 3801e3340fbbb9c460ab277ab089a7ece50ce31247a5b640c745bca9484d7288
                                                                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: eb4081a649fdbb44c8907daec76b44e1c805ca5b036c6d0867ef95af4715127c
                                                                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 46410330800A15AADB21AB61CC49BBF7678EF41715F50413FF881711D1DB7C4A82CEAE
                                                                                                                                                                                                                                                                                                                  Function 00406D5F Relevance: 5.4, APIs: 4, Instructions: 382COMMON
                                                                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                                                                  • Source File: 0000000B.00000002.3116855936.0000000000401000.00000020.00000001.01000000.0000000E.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                                  • Associated: 0000000B.00000002.3116825906.0000000000400000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 0000000B.00000002.3116905887.0000000000408000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 0000000B.00000002.3116932743.000000000040A000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 0000000B.00000002.3116932743.0000000000427000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 0000000B.00000002.3116932743.000000000042B000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 0000000B.00000002.3116932743.000000000042F000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 0000000B.00000002.3116932743.0000000000433000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 0000000B.00000002.3116932743.0000000000435000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 0000000B.00000002.3116932743.0000000000454000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 0000000B.00000002.3116932743.0000000000457000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 0000000B.00000002.3117248813.000000000045D000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 0000000B.00000002.3117248813.000000000045F000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_11_2_400000_nsr7B99.jbxd
                                                                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                                                                                                                                  • Opcode ID: 6ae840c17bc4cb012e3c6e2f9739eb08ea49decd14d2b7f73774d31e5ba5825a
                                                                                                                                                                                                                                                                                                                  • Instruction ID: 02c1e40b0c9780dd067322b7733c474732bd0f187a49f53fd7fd3c108ee94619
                                                                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 6ae840c17bc4cb012e3c6e2f9739eb08ea49decd14d2b7f73774d31e5ba5825a
                                                                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 7CF15570D04229CBDF28CFA8C8946ADBBB0FF44305F24816ED456BB281D7386A86DF45
                                                                                                                                                                                                                                                                                                                  Function 0040699E Relevance: 3.0, APIs: 2, Instructions: 14fileCOMMON
                                                                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                                                                  • FindFirstFileW.KERNEL32(74DF3420,00426798,00425F50,00406088,00425F50,00425F50,00000000,00425F50,00425F50,74DF3420,?,74DF2EE0,00405D94,?,74DF3420,74DF2EE0), ref: 004069A9
                                                                                                                                                                                                                                                                                                                  • FindClose.KERNEL32(00000000), ref: 004069B5
                                                                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                                                                  • Source File: 0000000B.00000002.3116855936.0000000000401000.00000020.00000001.01000000.0000000E.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                                  • Associated: 0000000B.00000002.3116825906.0000000000400000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 0000000B.00000002.3116905887.0000000000408000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 0000000B.00000002.3116932743.000000000040A000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 0000000B.00000002.3116932743.0000000000427000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 0000000B.00000002.3116932743.000000000042B000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 0000000B.00000002.3116932743.000000000042F000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 0000000B.00000002.3116932743.0000000000433000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 0000000B.00000002.3116932743.0000000000435000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 0000000B.00000002.3116932743.0000000000454000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 0000000B.00000002.3116932743.0000000000457000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 0000000B.00000002.3117248813.000000000045D000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 0000000B.00000002.3117248813.000000000045F000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_11_2_400000_nsr7B99.jbxd
                                                                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                                                                  • API ID: Find$CloseFileFirst
                                                                                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                                                                                  • API String ID: 2295610775-0
                                                                                                                                                                                                                                                                                                                  • Opcode ID: 1093b80bdde5f117a2aeaff90f04fc035896fcf98737a4a628a8a679d5dfa397
                                                                                                                                                                                                                                                                                                                  • Instruction ID: 0ca7534fdffec89160a31ceabb6ef5ff718bfc83d1618d69d17f9e635378cbc3
                                                                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 1093b80bdde5f117a2aeaff90f04fc035896fcf98737a4a628a8a679d5dfa397
                                                                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 5ED012B15192205FC34057387E0C84B7A989F563317268A36B4AAF11E0CB348C3297AC
                                                                                                                                                                                                                                                                                                                  Function 00403D17 Relevance: 45.7, APIs: 13, Strings: 13, Instructions: 215stringregistryCOMMON
                                                                                                                                                                                                                                                                                                                  Download Yara Rule

                                                                                                                                                                                                                                                                                                                  Control-flow Graph

                                                                                                                                                                                                                                                                                                                  • Executed
                                                                                                                                                                                                                                                                                                                  • Not Executed
                                                                                                                                                                                                                                                                                                                  control_flow_graph 143 403d17-403d2f call 406a35 146 403d31-403d41 call 4065af 143->146 147 403d43-403d7a call 406536 143->147 156 403d9d-403dc6 call 403fed call 40603f 146->156 152 403d92-403d98 lstrcatW 147->152 153 403d7c-403d8d call 406536 147->153 152->156 153->152 161 403e58-403e60 call 40603f 156->161 162 403dcc-403dd1 156->162 168 403e62-403e69 call 4066a5 161->168 169 403e6e-403e93 LoadImageW 161->169 162->161 164 403dd7-403dff call 406536 162->164 164->161 170 403e01-403e05 164->170 168->169 172 403f14-403f1c call 40140b 169->172 173 403e95-403ec5 RegisterClassW 169->173 174 403e17-403e23 lstrlenW 170->174 175 403e07-403e14 call 405f64 170->175 186 403f26-403f31 call 403fed 172->186 187 403f1e-403f21 172->187 176 403fe3 173->176 177 403ecb-403f0f SystemParametersInfoW CreateWindowExW 173->177 181 403e25-403e33 lstrcmpiW 174->181 182 403e4b-403e53 call 405f37 call 406668 174->182 175->174 180 403fe5-403fec 176->180 177->172 181->182 185 403e35-403e3f GetFileAttributesW 181->185 182->161 189 403e41-403e43 185->189 190 403e45-403e46 call 405f83 185->190 196 403f37-403f51 ShowWindow call 4069c5 186->196 197 403fba-403fc2 call 40579d 186->197 187->180 189->182 189->190 190->182 202 403f53-403f58 call 4069c5 196->202 203 403f5d-403f6f GetClassInfoW 196->203 204 403fc4-403fca 197->204 205 403fdc-403fde call 40140b 197->205 202->203 208 403f71-403f81 GetClassInfoW RegisterClassW 203->208 209 403f87-403fb8 DialogBoxParamW call 40140b call 403c67 203->209 204->187 210 403fd0-403fd7 call 40140b 204->210 205->176 208->209 209->180 210->187
                                                                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                                                                    • Part of subcall function 00406A35: GetModuleHandleA.KERNEL32(?,00000020,?,00403750,0000000B), ref: 00406A47
                                                                                                                                                                                                                                                                                                                    • Part of subcall function 00406A35: GetProcAddress.KERNEL32(00000000,?), ref: 00406A62
                                                                                                                                                                                                                                                                                                                  • lstrcatW.KERNEL32(1033,00423748,80000001,Control Panel\Desktop\ResourceLocale,00000000,00423748,00000000,00000002,74DF3420,C:\Users\user\AppData\Local\Temp\,?,00000000,?), ref: 00403D98
                                                                                                                                                                                                                                                                                                                  • lstrlenW.KERNEL32(get,?,?,?,get,00000000,C:\Users\user\PCAppStore,1033,00423748,80000001,Control Panel\Desktop\ResourceLocale,00000000,00423748,00000000,00000002,74DF3420), ref: 00403E18
                                                                                                                                                                                                                                                                                                                  • lstrcmpiW.KERNEL32(?,.exe,get,?,?,?,get,00000000,C:\Users\user\PCAppStore,1033,00423748,80000001,Control Panel\Desktop\ResourceLocale,00000000,00423748,00000000), ref: 00403E2B
                                                                                                                                                                                                                                                                                                                  • GetFileAttributesW.KERNEL32(get,?,00000000,?), ref: 00403E36
                                                                                                                                                                                                                                                                                                                  • LoadImageW.USER32(00000067,00000001,00000000,00000000,00008040,C:\Users\user\PCAppStore), ref: 00403E7F
                                                                                                                                                                                                                                                                                                                    • Part of subcall function 004065AF: wsprintfW.USER32 ref: 004065BC
                                                                                                                                                                                                                                                                                                                  • RegisterClassW.USER32(00429200), ref: 00403EBC
                                                                                                                                                                                                                                                                                                                  • SystemParametersInfoW.USER32(00000030,00000000,?,00000000), ref: 00403ED4
                                                                                                                                                                                                                                                                                                                  • CreateWindowExW.USER32(00000080,_Nb,00000000,80000000,?,?,?,?,00000000,00000000,00000000), ref: 00403F09
                                                                                                                                                                                                                                                                                                                  • ShowWindow.USER32(00000005,00000000,?,00000000,?), ref: 00403F3F
                                                                                                                                                                                                                                                                                                                  • GetClassInfoW.USER32(00000000,RichEdit20W,00429200), ref: 00403F6B
                                                                                                                                                                                                                                                                                                                  • GetClassInfoW.USER32(00000000,RichEdit,00429200), ref: 00403F78
                                                                                                                                                                                                                                                                                                                  • RegisterClassW.USER32(00429200), ref: 00403F81
                                                                                                                                                                                                                                                                                                                  • DialogBoxParamW.USER32(?,00000000,004040C5,00000000), ref: 00403FA0
                                                                                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                                                                  • Source File: 0000000B.00000002.3116855936.0000000000401000.00000020.00000001.01000000.0000000E.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                                  • Associated: 0000000B.00000002.3116825906.0000000000400000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 0000000B.00000002.3116905887.0000000000408000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 0000000B.00000002.3116932743.000000000040A000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 0000000B.00000002.3116932743.0000000000427000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 0000000B.00000002.3116932743.000000000042B000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 0000000B.00000002.3116932743.000000000042F000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 0000000B.00000002.3116932743.0000000000433000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 0000000B.00000002.3116932743.0000000000435000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 0000000B.00000002.3116932743.0000000000454000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 0000000B.00000002.3116932743.0000000000457000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 0000000B.00000002.3117248813.000000000045D000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 0000000B.00000002.3117248813.000000000045F000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_11_2_400000_nsr7B99.jbxd
                                                                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                                                                  • API ID: Class$Info$RegisterWindow$AddressAttributesCreateDialogFileHandleImageLoadModuleParamParametersProcShowSystemlstrcatlstrcmpilstrlenwsprintf
                                                                                                                                                                                                                                                                                                                  • String ID: .DEFAULT\Control Panel\International$.exe$1033$C:\Users\user\AppData\Local\Temp\$C:\Users\user\PCAppStore$Control Panel\Desktop\ResourceLocale$H7B$RichEd20$RichEd32$RichEdit$RichEdit20W$_Nb$get
                                                                                                                                                                                                                                                                                                                  • API String ID: 1975747703-284748347
                                                                                                                                                                                                                                                                                                                  • Opcode ID: 78a63079156de9a95659751e2075cee6996798d0e51b0c114acce594fd97feca
                                                                                                                                                                                                                                                                                                                  • Instruction ID: e235badc60aeba35c86cf297cd954ec43a22164425911800af60bc979c7621a1
                                                                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 78a63079156de9a95659751e2075cee6996798d0e51b0c114acce594fd97feca
                                                                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: E661D570640201BAD730AF66AD45E2B3A7CEB84B49F40457FF945B22E1DB3D5911CA3D
                                                                                                                                                                                                                                                                                                                  Function 004030D0 Relevance: 24.7, APIs: 5, Strings: 9, Instructions: 204memoryCOMMON
                                                                                                                                                                                                                                                                                                                  Download Yara Rule

                                                                                                                                                                                                                                                                                                                  Control-flow Graph

                                                                                                                                                                                                                                                                                                                  • Executed
                                                                                                                                                                                                                                                                                                                  • Not Executed
                                                                                                                                                                                                                                                                                                                  control_flow_graph 217 4030d0-40311e GetTickCount GetModuleFileNameW call 406158 220 403120-403125 217->220 221 40312a-403158 call 406668 call 405f83 call 406668 GetFileSize 217->221 222 40336a-40336e 220->222 229 403243-403251 call 40302e 221->229 230 40315e 221->230 236 403322-403327 229->236 237 403257-40325a 229->237 232 403163-40317a 230->232 234 40317c 232->234 235 40317e-403187 call 4035e2 232->235 234->235 242 40318d-403194 235->242 243 4032de-4032e6 call 40302e 235->243 236->222 239 403286-4032d2 GlobalAlloc call 406b90 call 406187 CreateFileW 237->239 240 40325c-403274 call 4035f8 call 4035e2 237->240 268 4032d4-4032d9 239->268 269 4032e8-403318 call 4035f8 call 403371 239->269 240->236 264 40327a-403280 240->264 246 403210-403214 242->246 247 403196-4031aa call 406113 242->247 243->236 254 403216-40321d call 40302e 246->254 255 40321e-403224 246->255 247->255 266 4031ac-4031b3 247->266 254->255 257 403233-40323b 255->257 258 403226-403230 call 406b22 255->258 257->232 267 403241 257->267 258->257 264->236 264->239 266->255 271 4031b5-4031bc 266->271 267->229 268->222 278 40331d-403320 269->278 271->255 273 4031be-4031c5 271->273 273->255 275 4031c7-4031ce 273->275 275->255 277 4031d0-4031f0 275->277 277->236 279 4031f6-4031fa 277->279 278->236 280 403329-40333a 278->280 283 403202-40320a 279->283 284 4031fc-403200 279->284 281 403342-403347 280->281 282 40333c 280->282 285 403348-40334e 281->285 282->281 283->255 286 40320c-40320e 283->286 284->267 284->283 285->285 287 403350-403368 call 406113 285->287 286->255 287->222
                                                                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                                                                  • GetTickCount.KERNEL32 ref: 004030E4
                                                                                                                                                                                                                                                                                                                  • GetModuleFileNameW.KERNEL32(00000000,C:\Users\user\AppData\Local\Temp\nsr7B99.tmp,00000400), ref: 00403100
                                                                                                                                                                                                                                                                                                                    • Part of subcall function 00406158: GetFileAttributesW.KERNEL32(00000003,00403113,C:\Users\user\AppData\Local\Temp\nsr7B99.tmp,80000000,00000003), ref: 0040615C
                                                                                                                                                                                                                                                                                                                    • Part of subcall function 00406158: CreateFileW.KERNEL32(?,?,00000001,00000000,?,00000001,00000000), ref: 0040617E
                                                                                                                                                                                                                                                                                                                  • GetFileSize.KERNEL32(00000000,00000000,00439000,00000000,C:\Users\user\AppData\Local\Temp,C:\Users\user\AppData\Local\Temp,C:\Users\user\AppData\Local\Temp\nsr7B99.tmp,C:\Users\user\AppData\Local\Temp\nsr7B99.tmp,80000000,00000003), ref: 00403149
                                                                                                                                                                                                                                                                                                                  • GlobalAlloc.KERNEL32(00000040,?), ref: 0040328B
                                                                                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                                                                  • Source File: 0000000B.00000002.3116855936.0000000000401000.00000020.00000001.01000000.0000000E.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                                  • Associated: 0000000B.00000002.3116825906.0000000000400000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 0000000B.00000002.3116905887.0000000000408000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 0000000B.00000002.3116932743.000000000040A000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 0000000B.00000002.3116932743.0000000000427000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 0000000B.00000002.3116932743.000000000042B000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 0000000B.00000002.3116932743.000000000042F000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 0000000B.00000002.3116932743.0000000000433000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 0000000B.00000002.3116932743.0000000000435000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 0000000B.00000002.3116932743.0000000000454000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 0000000B.00000002.3116932743.0000000000457000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 0000000B.00000002.3117248813.000000000045D000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 0000000B.00000002.3117248813.000000000045F000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_11_2_400000_nsr7B99.jbxd
                                                                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                                                                  • API ID: File$AllocAttributesCountCreateGlobalModuleNameSizeTick
                                                                                                                                                                                                                                                                                                                  • String ID: C:\Users\user\AppData\Local\Temp$C:\Users\user\AppData\Local\Temp\$C:\Users\user\AppData\Local\Temp\nsr7B99.tmp$Error launching installer$Error writing temporary file. Make sure your temp folder is valid.$Inst$Installer integrity check has failed. Common causes includeincomplete download and damaged media. Contact theinstaller's author $Null$soft
                                                                                                                                                                                                                                                                                                                  • API String ID: 2803837635-3392257719
                                                                                                                                                                                                                                                                                                                  • Opcode ID: dff409350d06ce17b221650d583fb97333c6afb1e6ebf9b4c6eec62bfd946937
                                                                                                                                                                                                                                                                                                                  • Instruction ID: 6a7077609e6cbe8902eef3654a796be60faa9129f620d49927b75729aeb44cd1
                                                                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: dff409350d06ce17b221650d583fb97333c6afb1e6ebf9b4c6eec62bfd946937
                                                                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 74710271A40204ABDB20DFB5DD85B9E3AACAB04315F21457FF901B72D2CB789E418B6D
                                                                                                                                                                                                                                                                                                                  Function 6FB54446 Relevance: 24.2, APIs: 10, Strings: 6, Instructions: 182stringmemoryCOMMON
                                                                                                                                                                                                                                                                                                                  Download Yara Rule

                                                                                                                                                                                                                                                                                                                  Control-flow Graph

                                                                                                                                                                                                                                                                                                                  • Executed
                                                                                                                                                                                                                                                                                                                  • Not Executed
                                                                                                                                                                                                                                                                                                                  control_flow_graph 290 6fb54446-6fb5448b GlobalAlloc 292 6fb54491-6fb544a1 GlobalAlloc 290->292 293 6fb545a3-6fb545a8 290->293 294 6fb544a7-6fb544ca call 6fb5414a call 6fb54b73 292->294 295 6fb54598-6fb545a1 GlobalFree 292->295 296 6fb545af-6fb545b5 293->296 301 6fb544d0 294->301 302 6fb54562-6fb54565 294->302 295->293 295->296 305 6fb544d6-6fb544e0 lstrcmpiW 301->305 303 6fb54567-6fb5456a 302->303 304 6fb5458f-6fb54592 GlobalFree 302->304 303->304 306 6fb5456c-6fb54572 303->306 304->295 307 6fb544e2-6fb544e9 305->307 308 6fb544eb-6fb544f5 lstrcmpiW 305->308 312 6fb54574-6fb54580 call 6fb52a75 306->312 313 6fb54581-6fb5458e call 6fb51558 306->313 309 6fb54551-6fb54559 call 6fb54b73 307->309 310 6fb54636-6fb5463e call 6fb54b73 308->310 311 6fb544fb-6fb54505 lstrcmpiW 308->311 309->305 329 6fb5455f 309->329 328 6fb54644-6fb54647 310->328 310->329 316 6fb545fd-6fb54605 call 6fb54b73 311->316 317 6fb5450b-6fb54515 lstrcmpiW 311->317 312->313 313->304 316->329 337 6fb5460b-6fb54615 lstrcmpiW 316->337 322 6fb545df-6fb545e7 call 6fb54b73 317->322 323 6fb5451b-6fb54525 lstrcmpiW 317->323 322->329 338 6fb545ed-6fb545f0 322->338 330 6fb545b6-6fb545be call 6fb54b73 323->330 331 6fb5452b-6fb54530 323->331 328->304 334 6fb5464d 328->334 329->302 330->329 347 6fb545c0-6fb545c3 330->347 331->309 335 6fb54532-6fb5454e call 6fb51a11 331->335 339 6fb5464f-6fb54658 call 6fb51ff4 334->339 335->309 342 6fb54617-6fb5461f call 6fb54b73 337->342 343 6fb54632-6fb54634 337->343 338->304 344 6fb545f2-6fb545fb 338->344 353 6fb545d3-6fb545d8 339->353 342->329 354 6fb54625-6fb54628 342->354 343->339 349 6fb545ce call 6fb52bb4 344->349 347->304 351 6fb545c5-6fb545c9 347->351 349->353 351->349 353->329 356 6fb545da-6fb545dd 353->356 354->304 357 6fb5462e-6fb54630 354->357 356->304 357->339
                                                                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                                                                  • GlobalAlloc.KERNEL32(00000040), ref: 6FB54481
                                                                                                                                                                                                                                                                                                                  • GlobalAlloc.KERNEL32(00000040), ref: 6FB54494
                                                                                                                                                                                                                                                                                                                  • lstrcmpiW.KERNEL32(00000000,/index,00000000), ref: 6FB544DC
                                                                                                                                                                                                                                                                                                                  • lstrcmpiW.KERNEL32(00000000,/value), ref: 6FB544F1
                                                                                                                                                                                                                                                                                                                  • lstrcmpiW.KERNEL32(00000000,/file), ref: 6FB54501
                                                                                                                                                                                                                                                                                                                  • lstrcmpiW.KERNEL32(00000000,/http), ref: 6FB54511
                                                                                                                                                                                                                                                                                                                  • lstrcmpiW.KERNEL32(00000000,/exec), ref: 6FB54521
                                                                                                                                                                                                                                                                                                                  • GlobalFree.KERNEL32(?), ref: 6FB54592
                                                                                                                                                                                                                                                                                                                  • GlobalFree.KERNEL32(00000000), ref: 6FB54599
                                                                                                                                                                                                                                                                                                                  • lstrcmpiW.KERNEL32(00000000,/unicode,00000000), ref: 6FB54611
                                                                                                                                                                                                                                                                                                                    • Part of subcall function 6FB5414A: lstrcmpiW.KERNEL32(?,/tree,?,00000000,00000000,00000000,?,6FB52D8C,00000000,00000000,00000000), ref: 6FB54182
                                                                                                                                                                                                                                                                                                                    • Part of subcall function 6FB54B73: lstrcpyW.KERNEL32(00000000,00000004,00000000,?,6FB54178,?,00000000,00000000,00000000,?,6FB52D8C,00000000,00000000,00000000), ref: 6FB54B94
                                                                                                                                                                                                                                                                                                                    • Part of subcall function 6FB54B73: GlobalFree.KERNEL32(00000000), ref: 6FB54BA5
                                                                                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                                                                  • Source File: 0000000B.00000002.3121957134.000000006FB51000.00000020.00000001.01000000.00000012.sdmp, Offset: 6FB50000, based on PE: true
                                                                                                                                                                                                                                                                                                                  • Associated: 0000000B.00000002.3121909200.000000006FB50000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 0000000B.00000002.3122021784.000000006FB55000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 0000000B.00000002.3122082427.000000006FB57000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_11_2_6fb50000_nsr7B99.jbxd
                                                                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                                                                  • API ID: lstrcmpi$Global$Free$Alloc$lstrcpy
                                                                                                                                                                                                                                                                                                                  • String ID: /exec$/file$/http$/index$/unicode$/value
                                                                                                                                                                                                                                                                                                                  • API String ID: 2337425550-1467310578
                                                                                                                                                                                                                                                                                                                  • Opcode ID: c4bf3a5d858b6cf2b57bf062edcaeb71ab77ab50a86680f01bac32fe4dde19cd
                                                                                                                                                                                                                                                                                                                  • Instruction ID: 0a9180a07debd70916c254fba4c46d9c02cd11b7d926dd281eaec433af65d140
                                                                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: c4bf3a5d858b6cf2b57bf062edcaeb71ab77ab50a86680f01bac32fe4dde19cd
                                                                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 9D51A07150078AEBDF019F69BCA0ADE3BA8FF05355F104122F91496144EB7CEA35CBA9
                                                                                                                                                                                                                                                                                                                  Function 004066A5 Relevance: 19.4, APIs: 7, Strings: 4, Instructions: 196stringCOMMON
                                                                                                                                                                                                                                                                                                                  Download Yara Rule

                                                                                                                                                                                                                                                                                                                  Control-flow Graph

                                                                                                                                                                                                                                                                                                                  • Executed
                                                                                                                                                                                                                                                                                                                  • Not Executed
                                                                                                                                                                                                                                                                                                                  control_flow_graph 579 4066a5-4066b0 580 4066b2-4066c1 579->580 581 4066c3-4066d9 579->581 580->581 582 4066f1-4066fa 581->582 583 4066db-4066e8 581->583 585 406700 582->585 586 4068d5-4068e0 582->586 583->582 584 4066ea-4066ed 583->584 584->582 587 406705-406712 585->587 588 4068e2-4068e6 call 406668 586->588 589 4068eb-4068ec 586->589 587->586 590 406718-406721 587->590 588->589 592 4068b3 590->592 593 406727-406764 590->593 594 4068c1-4068c4 592->594 595 4068b5-4068bf 592->595 596 406857-40685c 593->596 597 40676a-406771 593->597 598 4068c6-4068cf 594->598 595->598 599 40685e-406864 596->599 600 40688f-406894 596->600 601 406773-406775 597->601 602 406776-406778 597->602 598->586 607 406702 598->607 608 406874-406880 call 406668 599->608 609 406866-406872 call 4065af 599->609 605 4068a3-4068b1 lstrlenW 600->605 606 406896-40689e call 4066a5 600->606 601->602 603 4067b5-4067b8 602->603 604 40677a-4067a1 call 406536 602->604 612 4067c8-4067cb 603->612 613 4067ba-4067c6 GetSystemDirectoryW 603->613 624 4067a7-4067b0 call 4066a5 604->624 625 40683e-406842 604->625 605->598 606->605 607->587 621 406885-40688b 608->621 609->621 618 406834-406836 612->618 619 4067cd-4067db GetWindowsDirectoryW 612->619 617 406838-40683c 613->617 617->625 626 40684f-406855 call 4068ef 617->626 618->617 623 4067dd-4067e5 618->623 619->618 621->605 622 40688d 621->622 622->626 630 4067e7-4067f0 623->630 631 4067fc-406812 SHGetSpecialFolderLocation 623->631 624->617 625->626 628 406844-40684a lstrcatW 625->628 626->605 628->626 636 4067f8-4067fa 630->636 634 406830 631->634 635 406814-40682e SHGetPathFromIDListW CoTaskMemFree 631->635 634->618 635->617 635->634 636->617 636->631
                                                                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                                                                  • GetSystemDirectoryW.KERNEL32(get,00000400), ref: 004067C0
                                                                                                                                                                                                                                                                                                                  • GetWindowsDirectoryW.KERNEL32(get,00000400,00000000,00422728,?,00405701,00422728,00000000,00000000,00000000,00000000), ref: 004067D3
                                                                                                                                                                                                                                                                                                                  • lstrcatW.KERNEL32(get,\Microsoft\Internet Explorer\Quick Launch), ref: 0040684A
                                                                                                                                                                                                                                                                                                                  • lstrlenW.KERNEL32(get,00000000,00422728,?,00405701,00422728,00000000), ref: 004068A4
                                                                                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                                                                  • Source File: 0000000B.00000002.3116855936.0000000000401000.00000020.00000001.01000000.0000000E.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                                  • Associated: 0000000B.00000002.3116825906.0000000000400000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 0000000B.00000002.3116905887.0000000000408000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 0000000B.00000002.3116932743.000000000040A000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 0000000B.00000002.3116932743.0000000000427000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 0000000B.00000002.3116932743.000000000042B000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 0000000B.00000002.3116932743.000000000042F000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 0000000B.00000002.3116932743.0000000000433000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 0000000B.00000002.3116932743.0000000000435000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 0000000B.00000002.3116932743.0000000000454000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 0000000B.00000002.3116932743.0000000000457000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 0000000B.00000002.3117248813.000000000045D000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 0000000B.00000002.3117248813.000000000045F000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_11_2_400000_nsr7B99.jbxd
                                                                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                                                                  • API ID: Directory$SystemWindowslstrcatlstrlen
                                                                                                                                                                                                                                                                                                                  • String ID: 5974062$Software\Microsoft\Windows\CurrentVersion$\Microsoft\Internet Explorer\Quick Launch$get
                                                                                                                                                                                                                                                                                                                  • API String ID: 4260037668-1738198175
                                                                                                                                                                                                                                                                                                                  • Opcode ID: a56a8a4d956183f5ceef7ff9e42496adb417aa599aaeb911d527621cdebcfcc9
                                                                                                                                                                                                                                                                                                                  • Instruction ID: 414c90a3e727c3679fd522760d05a71ccfd37451a898d0680c6fb4b4ce958948
                                                                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: a56a8a4d956183f5ceef7ff9e42496adb417aa599aaeb911d527621cdebcfcc9
                                                                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: CD61E172A02115EBDB20AF64CD40BAA37A5EF10314F22C13EE946B62D0DB3D49A1CB5D
                                                                                                                                                                                                                                                                                                                  Function 0040176F Relevance: 15.9, APIs: 5, Strings: 4, Instructions: 145stringtimeCOMMON
                                                                                                                                                                                                                                                                                                                  Download Yara Rule

                                                                                                                                                                                                                                                                                                                  Control-flow Graph

                                                                                                                                                                                                                                                                                                                  • Executed
                                                                                                                                                                                                                                                                                                                  • Not Executed
                                                                                                                                                                                                                                                                                                                  control_flow_graph 701 40176f-401794 call 402da6 call 405fae 706 401796-40179c call 406668 701->706 707 40179e-4017b0 call 406668 call 405f37 lstrcatW 701->707 712 4017b5-4017b6 call 4068ef 706->712 707->712 716 4017bb-4017bf 712->716 717 4017c1-4017cb call 40699e 716->717 718 4017f2-4017f5 716->718 725 4017dd-4017ef 717->725 726 4017cd-4017db CompareFileTime 717->726 720 4017f7-4017f8 call 406133 718->720 721 4017fd-401819 call 406158 718->721 720->721 728 40181b-40181e 721->728 729 40188d-4018b6 call 4056ca call 403371 721->729 725->718 726->725 730 401820-40185e call 406668 * 2 call 4066a5 call 406668 call 405cc8 728->730 731 40186f-401879 call 4056ca 728->731 741 4018b8-4018bc 729->741 742 4018be-4018ca SetFileTime 729->742 730->716 763 401864-401865 730->763 743 401882-401888 731->743 741->742 746 4018d0-4018db CloseHandle 741->746 742->746 747 402c33 743->747 749 4018e1-4018e4 746->749 750 402c2a-402c2d 746->750 751 402c35-402c39 747->751 753 4018e6-4018f7 call 4066a5 lstrcatW 749->753 754 4018f9-4018fc call 4066a5 749->754 750->747 760 401901-402398 753->760 754->760 764 40239d-4023a2 760->764 765 402398 call 405cc8 760->765 763->743 766 401867-401868 763->766 764->751 765->764 766->731
                                                                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                                                                  • lstrcatW.KERNEL32(00000000,00000000,get,C:\Users\user\PCAppStore,?,?,00000031), ref: 004017B0
                                                                                                                                                                                                                                                                                                                  • CompareFileTime.KERNEL32(-00000014,?,get,get,00000000,00000000,get,C:\Users\user\PCAppStore,?,?,00000031), ref: 004017D5
                                                                                                                                                                                                                                                                                                                    • Part of subcall function 00406668: lstrcpynW.KERNEL32(?,?,00000400,004037B0,00429260,NSIS Error), ref: 00406675
                                                                                                                                                                                                                                                                                                                    • Part of subcall function 004056CA: lstrlenW.KERNEL32(00422728,00000000,00000000,00000000,?,?,?,?,?,?,?,?,?,004030A8,00000000,?), ref: 00405702
                                                                                                                                                                                                                                                                                                                    • Part of subcall function 004056CA: lstrlenW.KERNEL32(004030A8,00422728,00000000,00000000,00000000,?,?,?,?,?,?,?,?,?,004030A8,00000000), ref: 00405712
                                                                                                                                                                                                                                                                                                                    • Part of subcall function 004056CA: lstrcatW.KERNEL32(00422728,004030A8,004030A8,00422728,00000000,00000000,00000000), ref: 00405725
                                                                                                                                                                                                                                                                                                                    • Part of subcall function 004056CA: SetWindowTextW.USER32(00422728,00422728), ref: 00405737
                                                                                                                                                                                                                                                                                                                    • Part of subcall function 004056CA: SendMessageW.USER32(?,00001004,00000000,00000000), ref: 0040575D
                                                                                                                                                                                                                                                                                                                    • Part of subcall function 004056CA: SendMessageW.USER32(?,0000104D,00000000,00000001), ref: 00405777
                                                                                                                                                                                                                                                                                                                    • Part of subcall function 004056CA: SendMessageW.USER32(?,00001013,?,00000000), ref: 00405785
                                                                                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                                                                  • Source File: 0000000B.00000002.3116855936.0000000000401000.00000020.00000001.01000000.0000000E.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                                  • Associated: 0000000B.00000002.3116825906.0000000000400000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 0000000B.00000002.3116905887.0000000000408000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 0000000B.00000002.3116932743.000000000040A000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 0000000B.00000002.3116932743.0000000000427000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 0000000B.00000002.3116932743.000000000042B000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 0000000B.00000002.3116932743.000000000042F000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 0000000B.00000002.3116932743.0000000000433000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 0000000B.00000002.3116932743.0000000000435000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 0000000B.00000002.3116932743.0000000000454000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 0000000B.00000002.3116932743.0000000000457000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 0000000B.00000002.3117248813.000000000045D000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 0000000B.00000002.3117248813.000000000045F000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_11_2_400000_nsr7B99.jbxd
                                                                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                                                                  • API ID: MessageSend$lstrcatlstrlen$CompareFileTextTimeWindowlstrcpyn
                                                                                                                                                                                                                                                                                                                  • String ID: C:\Users\user\AppData\Local\Temp\nsr9111.tmp$C:\Users\user\AppData\Local\Temp\nsr9111.tmp\inetc.dll$C:\Users\user\PCAppStore$get
                                                                                                                                                                                                                                                                                                                  • API String ID: 1941528284-924634934
                                                                                                                                                                                                                                                                                                                  • Opcode ID: 8a10f81b580edd96727de623d2cb72512ccae63576be40aac63ba19ed1c47bc7
                                                                                                                                                                                                                                                                                                                  • Instruction ID: 87dd38174d63fc88252c3cacf76d35d2aef1a13c6195c1d88e2760da23471212
                                                                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 8a10f81b580edd96727de623d2cb72512ccae63576be40aac63ba19ed1c47bc7
                                                                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: DE41B771500205BACF10BBB5CD85DAE7A75EF45328B20473FF422B21E1D63D89619A2E
                                                                                                                                                                                                                                                                                                                  Function 6FB5431D Relevance: 15.1, APIs: 6, Strings: 4, Instructions: 115memorystringCOMMON
                                                                                                                                                                                                                                                                                                                  Download Yara Rule

                                                                                                                                                                                                                                                                                                                  Control-flow Graph

                                                                                                                                                                                                                                                                                                                  • Executed
                                                                                                                                                                                                                                                                                                                  • Not Executed
                                                                                                                                                                                                                                                                                                                  control_flow_graph 767 6fb5431d-6fb54360 GlobalAlloc 769 6fb54434-6fb5443c 767->769 770 6fb54366-6fb5437c call 6fb5414a 767->770 771 6fb5443f-6fb54445 769->771 774 6fb543bd-6fb543c5 call 6fb54b73 770->774 777 6fb543c7 774->777 778 6fb5437e-6fb5438c lstrcmpiW 774->778 779 6fb543d3-6fb543d8 777->779 780 6fb54393-6fb543a1 lstrcmpiW 778->780 781 6fb5438e-6fb54391 778->781 782 6fb54429-6fb54432 GlobalFree 779->782 783 6fb543da-6fb543f1 call 6fb51c1c 779->783 784 6fb543a3-6fb543a7 780->784 785 6fb543a9-6fb543b7 lstrcmpiW 780->785 781->774 782->769 782->771 790 6fb543f6-6fb543fb 783->790 784->774 787 6fb543c9-6fb543cb 785->787 788 6fb543b9-6fb543ba 785->788 787->779 789 6fb543cd-6fb543ce call 6fb54c09 787->789 788->774 789->779 792 6fb543fd-6fb543ff 790->792 793 6fb5440e-6fb54424 GetLastError call 6fb53fc3 call 6fb54c09 790->793 794 6fb54407-6fb5440c 792->794 795 6fb54401-6fb54402 call 6fb54c09 792->795 793->782 794->782 795->794
                                                                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                                                                  • GlobalAlloc.KERNEL32(00000040,00000000), ref: 6FB54356
                                                                                                                                                                                                                                                                                                                    • Part of subcall function 6FB5414A: lstrcmpiW.KERNEL32(?,/tree,?,00000000,00000000,00000000,?,6FB52D8C,00000000,00000000,00000000), ref: 6FB54182
                                                                                                                                                                                                                                                                                                                    • Part of subcall function 6FB54B73: lstrcpyW.KERNEL32(00000000,00000004,00000000,?,6FB54178,?,00000000,00000000,00000000,?,6FB52D8C,00000000,00000000,00000000), ref: 6FB54B94
                                                                                                                                                                                                                                                                                                                    • Part of subcall function 6FB54B73: GlobalFree.KERNEL32(00000000), ref: 6FB54BA5
                                                                                                                                                                                                                                                                                                                  • lstrcmpiW.KERNEL32(00000000,/file,00000000), ref: 6FB54384
                                                                                                                                                                                                                                                                                                                  • GetLastError.KERNEL32 ref: 6FB5440E
                                                                                                                                                                                                                                                                                                                    • Part of subcall function 6FB54C09: GlobalAlloc.KERNEL32(00000040,?,00000000,?,6FB541B1,?,?,6FB52D8C,00000000,00000000,00000000), ref: 6FB54C25
                                                                                                                                                                                                                                                                                                                    • Part of subcall function 6FB54C09: lstrcpynW.KERNEL32(00000004,?,?,6FB541B1,?,?,6FB52D8C,00000000,00000000,00000000), ref: 6FB54C3A
                                                                                                                                                                                                                                                                                                                  • GlobalFree.KERNEL32(00000000), ref: 6FB5442A
                                                                                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                                                                  • Source File: 0000000B.00000002.3121957134.000000006FB51000.00000020.00000001.01000000.00000012.sdmp, Offset: 6FB50000, based on PE: true
                                                                                                                                                                                                                                                                                                                  • Associated: 0000000B.00000002.3121909200.000000006FB50000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 0000000B.00000002.3122021784.000000006FB55000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 0000000B.00000002.3122082427.000000006FB57000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_11_2_6fb50000_nsr7B99.jbxd
                                                                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                                                                  • API ID: Global$AllocFreelstrcmpi$ErrorLastlstrcpylstrcpyn
                                                                                                                                                                                                                                                                                                                  • String ID: /file$/format$/unicode$JSON_Serialize
                                                                                                                                                                                                                                                                                                                  • API String ID: 2114172429-2463986589
                                                                                                                                                                                                                                                                                                                  • Opcode ID: 6bfdb08efcfff519474b3bab85590cb088e9540ca2415b7314dca9db0f82d47a
                                                                                                                                                                                                                                                                                                                  • Instruction ID: 3bd9372c791af47cbdf4897bcc67c83e50c76666b625b37cb89066b635de8560
                                                                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 6bfdb08efcfff519474b3bab85590cb088e9540ca2415b7314dca9db0f82d47a
                                                                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 1231B270645685EFDB009F6AAC94E9F37B8FF46355B04002AFD09D7200EB7CE93586A9
                                                                                                                                                                                                                                                                                                                  Function 6FB5240B Relevance: 13.6, APIs: 9, Instructions: 120filestringmemoryCOMMON
                                                                                                                                                                                                                                                                                                                  Download Yara Rule

                                                                                                                                                                                                                                                                                                                  Control-flow Graph

                                                                                                                                                                                                                                                                                                                  • Executed
                                                                                                                                                                                                                                                                                                                  • Not Executed
                                                                                                                                                                                                                                                                                                                  control_flow_graph 800 6fb5240b-6fb52424 801 6fb52426-6fb52444 CreateFileW 800->801 802 6fb52492-6fb5249a 800->802 805 6fb5252d-6fb52535 801->805 806 6fb5244a-6fb52459 GetFileSize 801->806 803 6fb524a4 lstrlenA 802->803 804 6fb5249c-6fb524a2 lstrlenW 802->804 807 6fb524aa 803->807 804->807 808 6fb52486-6fb52490 CloseHandle 806->808 809 6fb5245b-6fb52474 GlobalAlloc 806->809 811 6fb524ad-6fb524af 807->811 808->811 809->808 810 6fb52476-6fb52480 ReadFile 809->810 810->808 811->805 812 6fb524b1-6fb524b5 811->812 813 6fb524b7-6fb524d1 call 6fb51492 call 6fb51052 812->813 814 6fb524d3-6fb524d9 812->814 827 6fb52520-6fb52524 813->827 816 6fb524f2 814->816 817 6fb524db-6fb524df 814->817 818 6fb524f4-6fb52504 call 6fb521fb 816->818 817->816 820 6fb524e1-6fb524e5 817->820 826 6fb52506-6fb5251a call 6fb51052 GlobalFree 818->826 818->827 820->816 821 6fb524e7-6fb524f0 820->821 821->818 826->827 827->805 829 6fb52526-6fb52527 GlobalFree 827->829 829->805
                                                                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                                                                  • CreateFileW.KERNEL32(00000002,80000000,00000001,00000000,00000003,00000080,00000000,00000000,00000002,74DEF360,00000000,00000002,00000000), ref: 6FB52439
                                                                                                                                                                                                                                                                                                                  • GetFileSize.KERNEL32(00000000,00000000), ref: 6FB5244C
                                                                                                                                                                                                                                                                                                                  • GlobalAlloc.KERNEL32(00000040,00000000), ref: 6FB5246A
                                                                                                                                                                                                                                                                                                                  • ReadFile.KERNEL32(00000000,00000000,?,?,00000000), ref: 6FB52480
                                                                                                                                                                                                                                                                                                                  • CloseHandle.KERNEL32(00000000), ref: 6FB52487
                                                                                                                                                                                                                                                                                                                  • lstrlenW.KERNEL32(00000002,00000000,00000002,74DEF360), ref: 6FB5249C
                                                                                                                                                                                                                                                                                                                  • lstrlenA.KERNEL32(00000002,00000000,00000002,74DEF360), ref: 6FB524A4
                                                                                                                                                                                                                                                                                                                  • GlobalFree.KERNEL32(00000000), ref: 6FB5251A
                                                                                                                                                                                                                                                                                                                  • GlobalFree.KERNEL32(00000002), ref: 6FB52527
                                                                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                                                                  • Source File: 0000000B.00000002.3121957134.000000006FB51000.00000020.00000001.01000000.00000012.sdmp, Offset: 6FB50000, based on PE: true
                                                                                                                                                                                                                                                                                                                  • Associated: 0000000B.00000002.3121909200.000000006FB50000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 0000000B.00000002.3122021784.000000006FB55000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 0000000B.00000002.3122082427.000000006FB57000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_11_2_6fb50000_nsr7B99.jbxd
                                                                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                                                                  • API ID: FileGlobal$Freelstrlen$AllocCloseCreateHandleReadSize
                                                                                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                                                                                  • API String ID: 670225477-0
                                                                                                                                                                                                                                                                                                                  • Opcode ID: ab81377c3db8784bfae17d0e4e2b05df4eefc06eb47285747b83e8193bb7c14d
                                                                                                                                                                                                                                                                                                                  • Instruction ID: 2c484f54a11a92382736a04cfe4fb9c747f73e86d999c79c3870d76aa0125b57
                                                                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: ab81377c3db8784bfae17d0e4e2b05df4eefc06eb47285747b83e8193bb7c14d
                                                                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 3F31C571802785BBDB108F69EC49A9E7BB8EF46334F048119FD2596280D73CAA25CB60
                                                                                                                                                                                                                                                                                                                  Function 004069C5 Relevance: 10.5, APIs: 3, Strings: 3, Instructions: 36libraryCOMMON
                                                                                                                                                                                                                                                                                                                  Download Yara Rule

                                                                                                                                                                                                                                                                                                                  Control-flow Graph

                                                                                                                                                                                                                                                                                                                  • Executed
                                                                                                                                                                                                                                                                                                                  • Not Executed
                                                                                                                                                                                                                                                                                                                  control_flow_graph 831 4069c5-4069e5 GetSystemDirectoryW 832 4069e7 831->832 833 4069e9-4069eb 831->833 832->833 834 4069fc-4069fe 833->834 835 4069ed-4069f6 833->835 837 4069ff-406a32 wsprintfW LoadLibraryExW 834->837 835->834 836 4069f8-4069fa 835->836 836->837
                                                                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                                                                  • GetSystemDirectoryW.KERNEL32(?,00000104), ref: 004069DC
                                                                                                                                                                                                                                                                                                                  • wsprintfW.USER32 ref: 00406A17
                                                                                                                                                                                                                                                                                                                  • LoadLibraryExW.KERNEL32(?,00000000,00000008), ref: 00406A2B
                                                                                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                                                                  • Source File: 0000000B.00000002.3116855936.0000000000401000.00000020.00000001.01000000.0000000E.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                                  • Associated: 0000000B.00000002.3116825906.0000000000400000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 0000000B.00000002.3116905887.0000000000408000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 0000000B.00000002.3116932743.000000000040A000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 0000000B.00000002.3116932743.0000000000427000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 0000000B.00000002.3116932743.000000000042B000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 0000000B.00000002.3116932743.000000000042F000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 0000000B.00000002.3116932743.0000000000433000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 0000000B.00000002.3116932743.0000000000435000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 0000000B.00000002.3116932743.0000000000454000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 0000000B.00000002.3116932743.0000000000457000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 0000000B.00000002.3117248813.000000000045D000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 0000000B.00000002.3117248813.000000000045F000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_11_2_400000_nsr7B99.jbxd
                                                                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                                                                  • API ID: DirectoryLibraryLoadSystemwsprintf
                                                                                                                                                                                                                                                                                                                  • String ID: %s%S.dll$UXTHEME$\
                                                                                                                                                                                                                                                                                                                  • API String ID: 2200240437-1946221925
                                                                                                                                                                                                                                                                                                                  • Opcode ID: 63130bafcb32548bd4340548baa3f8658423137b3882cd96386db367ad08b740
                                                                                                                                                                                                                                                                                                                  • Instruction ID: e2ac2e7087162e0187f8b4d6776822ec24d6e31928394cf94a41c199a4feb156
                                                                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 63130bafcb32548bd4340548baa3f8658423137b3882cd96386db367ad08b740
                                                                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 3AF096B154121DA7DB14AB68DD0EF9B366CAB00705F11447EA646F20E0EB7CDA68CB98
                                                                                                                                                                                                                                                                                                                  Function 00402950 Relevance: 9.1, APIs: 6, Instructions: 91memoryfileCOMMON
                                                                                                                                                                                                                                                                                                                  Download Yara Rule

                                                                                                                                                                                                                                                                                                                  Control-flow Graph

                                                                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                                                                  • GlobalAlloc.KERNEL32(00000040,?,00000000,40000000,00000002,00000000,00000000,000000F0), ref: 004029B1
                                                                                                                                                                                                                                                                                                                  • GlobalAlloc.KERNEL32(00000040,?,00000000,?), ref: 004029CD
                                                                                                                                                                                                                                                                                                                  • GlobalFree.KERNEL32(?), ref: 00402A06
                                                                                                                                                                                                                                                                                                                  • GlobalFree.KERNEL32(00000000), ref: 00402A19
                                                                                                                                                                                                                                                                                                                  • CloseHandle.KERNEL32(?,?,?,?,?,00000000,40000000,00000002,00000000,00000000,000000F0), ref: 00402A35
                                                                                                                                                                                                                                                                                                                  • DeleteFileW.KERNEL32(?,00000000,40000000,00000002,00000000,00000000,000000F0), ref: 00402A48
                                                                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                                                                  • Source File: 0000000B.00000002.3116855936.0000000000401000.00000020.00000001.01000000.0000000E.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                                  • Associated: 0000000B.00000002.3116825906.0000000000400000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 0000000B.00000002.3116905887.0000000000408000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 0000000B.00000002.3116932743.000000000040A000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 0000000B.00000002.3116932743.0000000000427000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 0000000B.00000002.3116932743.000000000042B000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 0000000B.00000002.3116932743.000000000042F000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 0000000B.00000002.3116932743.0000000000433000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 0000000B.00000002.3116932743.0000000000435000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 0000000B.00000002.3116932743.0000000000454000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 0000000B.00000002.3116932743.0000000000457000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 0000000B.00000002.3117248813.000000000045D000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 0000000B.00000002.3117248813.000000000045F000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_11_2_400000_nsr7B99.jbxd
                                                                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                                                                  • API ID: Global$AllocFree$CloseDeleteFileHandle
                                                                                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                                                                                  • API String ID: 2667972263-0
                                                                                                                                                                                                                                                                                                                  • Opcode ID: 3dd095c025195d1a428b75d74b89fb792f772f3b0487a4c6f2200001eeea121b
                                                                                                                                                                                                                                                                                                                  • Instruction ID: 78b93316678d616cb595922dcd62a83f4062aa2fb33f08fb70827f98fa9650ab
                                                                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 3dd095c025195d1a428b75d74b89fb792f772f3b0487a4c6f2200001eeea121b
                                                                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: E131B171D00124BBCF216FA9CE89D9EBE79AF09364F10023AF461762E1CB794D429B58
                                                                                                                                                                                                                                                                                                                  Function 00405B99 Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 39COMMON
                                                                                                                                                                                                                                                                                                                  Download Yara Rule

                                                                                                                                                                                                                                                                                                                  Control-flow Graph

                                                                                                                                                                                                                                                                                                                  • Executed
                                                                                                                                                                                                                                                                                                                  • Not Executed
                                                                                                                                                                                                                                                                                                                  control_flow_graph 874 405b99-405be4 CreateDirectoryW 875 405be6-405be8 874->875 876 405bea-405bf7 GetLastError 874->876 877 405c11-405c13 875->877 876->877 878 405bf9-405c0d SetFileSecurityW 876->878 878->875 879 405c0f GetLastError 878->879 879->877
                                                                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                                                                  • CreateDirectoryW.KERNEL32(?,?,C:\Users\user\AppData\Local\Temp\), ref: 00405BDC
                                                                                                                                                                                                                                                                                                                  • GetLastError.KERNEL32 ref: 00405BF0
                                                                                                                                                                                                                                                                                                                  • SetFileSecurityW.ADVAPI32(?,80000007,00000001), ref: 00405C05
                                                                                                                                                                                                                                                                                                                  • GetLastError.KERNEL32 ref: 00405C0F
                                                                                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                                                                                  • C:\Users\user\AppData\Local\Temp\, xrefs: 00405BBF
                                                                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                                                                  • Source File: 0000000B.00000002.3116855936.0000000000401000.00000020.00000001.01000000.0000000E.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                                  • Associated: 0000000B.00000002.3116825906.0000000000400000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 0000000B.00000002.3116905887.0000000000408000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 0000000B.00000002.3116932743.000000000040A000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 0000000B.00000002.3116932743.0000000000427000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 0000000B.00000002.3116932743.000000000042B000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 0000000B.00000002.3116932743.000000000042F000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 0000000B.00000002.3116932743.0000000000433000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 0000000B.00000002.3116932743.0000000000435000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 0000000B.00000002.3116932743.0000000000454000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 0000000B.00000002.3116932743.0000000000457000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 0000000B.00000002.3117248813.000000000045D000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 0000000B.00000002.3117248813.000000000045F000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_11_2_400000_nsr7B99.jbxd
                                                                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                                                                  • API ID: ErrorLast$CreateDirectoryFileSecurity
                                                                                                                                                                                                                                                                                                                  • String ID: C:\Users\user\AppData\Local\Temp\
                                                                                                                                                                                                                                                                                                                  • API String ID: 3449924974-3081826266
                                                                                                                                                                                                                                                                                                                  • Opcode ID: 4d8c721838b8a92ea27708fe49d100345a2f80ebd1be40878b53e15a1b169c58
                                                                                                                                                                                                                                                                                                                  • Instruction ID: 886f74eda6482ab63e8fe18d08a652fea41827dc0a526659a7d7b5e138c44e4e
                                                                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 4d8c721838b8a92ea27708fe49d100345a2f80ebd1be40878b53e15a1b169c58
                                                                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 95010871D04219EAEF009FA1CD44BEFBBB8EF14314F04403ADA44B6180E7789648CB99
                                                                                                                                                                                                                                                                                                                  Function 6FB51C1C Relevance: 7.6, APIs: 5, Instructions: 87fileCOMMON
                                                                                                                                                                                                                                                                                                                  Download Yara Rule

                                                                                                                                                                                                                                                                                                                  Control-flow Graph

                                                                                                                                                                                                                                                                                                                  • Executed
                                                                                                                                                                                                                                                                                                                  • Not Executed
                                                                                                                                                                                                                                                                                                                  control_flow_graph 880 6fb51c1c-6fb51c2d 881 6fb51c53 880->881 882 6fb51c2f-6fb51c34 880->882 884 6fb51c55-6fb51c58 881->884 882->881 883 6fb51c36-6fb51c39 882->883 883->881 885 6fb51c3b-6fb51c51 call 6fb51000 883->885 886 6fb51ca4-6fb51cc7 call 6fb52536 884->886 887 6fb51c5a-6fb51c78 CreateFileW 884->887 885->884 892 6fb51cca-6fb51ccc 886->892 890 6fb51c99-6fb51ca2 GetLastError 887->890 891 6fb51c7a-6fb51c88 call 6fb527ba 887->891 890->892 898 6fb51c8d-6fb51c97 CloseHandle 891->898 896 6fb51cd5-6fb51cec SetLastError 892->896 897 6fb51cce-6fb51ccf GlobalFree 892->897 897->896 898->892
                                                                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                                                                  • CreateFileW.KERNEL32(00000000,40000000,00000002,00000000,00000002,00000080,00000000,00000000,00000000,00000000,?,?,6FB53F05,?,00000000,?), ref: 6FB51C6D
                                                                                                                                                                                                                                                                                                                  • CloseHandle.KERNEL32(00000000,?,00000000,00000000,00000000), ref: 6FB51C91
                                                                                                                                                                                                                                                                                                                  • GetLastError.KERNEL32(?,?,6FB53F05,?,00000000,?,00000000,00000000,00000000), ref: 6FB51C99
                                                                                                                                                                                                                                                                                                                  • GlobalFree.KERNEL32(00000000), ref: 6FB51CCF
                                                                                                                                                                                                                                                                                                                  • SetLastError.KERNEL32(00000000,6FB53F05,?,00000000,?,00000000,00000000,00000000), ref: 6FB51CD8
                                                                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                                                                  • Source File: 0000000B.00000002.3121957134.000000006FB51000.00000020.00000001.01000000.00000012.sdmp, Offset: 6FB50000, based on PE: true
                                                                                                                                                                                                                                                                                                                  • Associated: 0000000B.00000002.3121909200.000000006FB50000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 0000000B.00000002.3122021784.000000006FB55000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 0000000B.00000002.3122082427.000000006FB57000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_11_2_6fb50000_nsr7B99.jbxd
                                                                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                                                                  • API ID: ErrorLast$CloseCreateFileFreeGlobalHandle
                                                                                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                                                                                  • API String ID: 653717721-0
                                                                                                                                                                                                                                                                                                                  • Opcode ID: 68d25963a4167c64366932eb324d79ad58e213de2d9f9a76bfb97edb6dd65291
                                                                                                                                                                                                                                                                                                                  • Instruction ID: 839ff6f6b8941337900cc996da03f5acb9beb017f230f573dd9e141e490ee131
                                                                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 68d25963a4167c64366932eb324d79ad58e213de2d9f9a76bfb97edb6dd65291
                                                                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 2821A3B2900608FFDB009F75EC44EDF37ACEF45365F198126F9159B140E639AE248AA0
                                                                                                                                                                                                                                                                                                                  Function 6EFE1817 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 120COMMON
                                                                                                                                                                                                                                                                                                                  Download Yara Rule

                                                                                                                                                                                                                                                                                                                  Control-flow Graph

                                                                                                                                                                                                                                                                                                                  • Executed
                                                                                                                                                                                                                                                                                                                  • Not Executed
                                                                                                                                                                                                                                                                                                                  control_flow_graph 899 6efe1817-6efe1856 call 6efe1bff 903 6efe185c-6efe1860 899->903 904 6efe1976-6efe1978 899->904 905 6efe1869-6efe1876 call 6efe2480 903->905 906 6efe1862-6efe1868 call 6efe243e 903->906 911 6efe1878-6efe187d 905->911 912 6efe18a6-6efe18ad 905->912 906->905 915 6efe187f-6efe1880 911->915 916 6efe1898-6efe189b 911->916 913 6efe18af-6efe18cb call 6efe2655 call 6efe1654 call 6efe1312 GlobalFree 912->913 914 6efe18cd-6efe18d1 912->914 939 6efe1925-6efe1929 913->939 917 6efe191e-6efe1924 call 6efe2655 914->917 918 6efe18d3-6efe191c call 6efe1666 call 6efe2655 914->918 921 6efe1888-6efe1889 call 6efe2b98 915->921 922 6efe1882-6efe1883 915->922 916->912 919 6efe189d-6efe189e call 6efe2e23 916->919 917->939 918->939 933 6efe18a3 919->933 930 6efe188e 921->930 928 6efe1885-6efe1886 922->928 929 6efe1890-6efe1896 call 6efe2810 922->929 928->912 928->921 938 6efe18a5 929->938 930->933 933->938 938->912 943 6efe192b-6efe1939 call 6efe2618 939->943 944 6efe1966-6efe196d 939->944 949 6efe193b-6efe193e 943->949 950 6efe1951-6efe1958 943->950 944->904 946 6efe196f-6efe1970 GlobalFree 944->946 946->904 949->950 951 6efe1940-6efe1948 949->951 950->944 952 6efe195a-6efe1965 call 6efe15dd 950->952 951->950 953 6efe194a-6efe194b FreeLibrary 951->953 952->944 953->950
                                                                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                                                                    • Part of subcall function 6EFE1BFF: GlobalFree.KERNEL32(?), ref: 6EFE1E74
                                                                                                                                                                                                                                                                                                                    • Part of subcall function 6EFE1BFF: GlobalFree.KERNEL32(?), ref: 6EFE1E79
                                                                                                                                                                                                                                                                                                                    • Part of subcall function 6EFE1BFF: GlobalFree.KERNEL32(?), ref: 6EFE1E7E
                                                                                                                                                                                                                                                                                                                  • GlobalFree.KERNEL32(00000000), ref: 6EFE18C5
                                                                                                                                                                                                                                                                                                                  • FreeLibrary.KERNEL32(?), ref: 6EFE194B
                                                                                                                                                                                                                                                                                                                  • GlobalFree.KERNEL32(00000000), ref: 6EFE1970
                                                                                                                                                                                                                                                                                                                    • Part of subcall function 6EFE243E: GlobalAlloc.KERNEL32(00000040,?), ref: 6EFE246F
                                                                                                                                                                                                                                                                                                                    • Part of subcall function 6EFE2810: GlobalAlloc.KERNEL32(00000040,00000000,?,?,00000000,?,?,?,6EFE1896,00000000), ref: 6EFE28E0
                                                                                                                                                                                                                                                                                                                    • Part of subcall function 6EFE1666: wsprintfW.USER32 ref: 6EFE1694
                                                                                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                                                                  • Source File: 0000000B.00000002.3121354560.000000006EFE1000.00000020.00000001.01000000.0000000F.sdmp, Offset: 6EFE0000, based on PE: true
                                                                                                                                                                                                                                                                                                                  • Associated: 0000000B.00000002.3121303186.000000006EFE0000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 0000000B.00000002.3121405293.000000006EFE4000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 0000000B.00000002.3121454401.000000006EFE6000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_11_2_6efe0000_nsr7B99.jbxd
                                                                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                                                                  • API ID: Global$Free$Alloc$Librarywsprintf
                                                                                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                                                                                  • API String ID: 3962662361-3916222277
                                                                                                                                                                                                                                                                                                                  • Opcode ID: 8a0f7004798f18f5abdff130cc6a75b4e7c8050f7efec95a63047ef71f7e0f93
                                                                                                                                                                                                                                                                                                                  • Instruction ID: 2deffc58ec21095c3bc885c283cac9f1d0323c02561970966619a5e0ef74665e
                                                                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 8a0f7004798f18f5abdff130cc6a75b4e7c8050f7efec95a63047ef71f7e0f93
                                                                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 1541CB71500206BBEF409FF6D8B4BD937ACAF05354F044966EA185A886EB74B28CC7A0
                                                                                                                                                                                                                                                                                                                  Function 0040248A Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 64registrystringCOMMON
                                                                                                                                                                                                                                                                                                                  Download Yara Rule

                                                                                                                                                                                                                                                                                                                  Control-flow Graph

                                                                                                                                                                                                                                                                                                                  • Executed
                                                                                                                                                                                                                                                                                                                  • Not Executed
                                                                                                                                                                                                                                                                                                                  control_flow_graph 956 40248a-4024bb call 402da6 * 2 call 402e36 963 4024c1-4024cb 956->963 964 402c2a-402c39 956->964 966 4024cd-4024da call 402da6 lstrlenW 963->966 967 4024de-4024e1 963->967 966->967 969 4024e3-4024f4 call 402d84 967->969 970 4024f5-4024f8 967->970 969->970 974 402509-40251d RegSetValueExW 970->974 975 4024fa-402504 call 403371 970->975 978 402522-402603 RegCloseKey 974->978 979 40251f 974->979 975->974 978->964 979->978
                                                                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                                                                  • lstrlenW.KERNEL32(C:\Users\user\AppData\Local\Temp\nsr9111.tmp,00000023,00000011,00000002), ref: 004024D5
                                                                                                                                                                                                                                                                                                                  • RegSetValueExW.KERNEL32(?,?,?,?,C:\Users\user\AppData\Local\Temp\nsr9111.tmp,00000000,00000011,00000002), ref: 00402515
                                                                                                                                                                                                                                                                                                                  • RegCloseKey.KERNEL32(?,?,?,C:\Users\user\AppData\Local\Temp\nsr9111.tmp,00000000,00000011,00000002), ref: 004025FD
                                                                                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                                                                  • Source File: 0000000B.00000002.3116855936.0000000000401000.00000020.00000001.01000000.0000000E.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                                  • Associated: 0000000B.00000002.3116825906.0000000000400000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 0000000B.00000002.3116905887.0000000000408000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 0000000B.00000002.3116932743.000000000040A000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 0000000B.00000002.3116932743.0000000000427000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 0000000B.00000002.3116932743.000000000042B000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 0000000B.00000002.3116932743.000000000042F000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 0000000B.00000002.3116932743.0000000000433000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 0000000B.00000002.3116932743.0000000000435000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 0000000B.00000002.3116932743.0000000000454000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 0000000B.00000002.3116932743.0000000000457000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 0000000B.00000002.3117248813.000000000045D000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 0000000B.00000002.3117248813.000000000045F000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_11_2_400000_nsr7B99.jbxd
                                                                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                                                                  • API ID: CloseValuelstrlen
                                                                                                                                                                                                                                                                                                                  • String ID: C:\Users\user\AppData\Local\Temp\nsr9111.tmp
                                                                                                                                                                                                                                                                                                                  • API String ID: 2655323295-1106444067
                                                                                                                                                                                                                                                                                                                  • Opcode ID: 0c53a365a9c608e81ef79c85193ab9a3ad89e5c6fa2fbf23b50052b3995ee250
                                                                                                                                                                                                                                                                                                                  • Instruction ID: a516967871aadb8e7373f7254d3c24ec0cdbd982f2b4049ed7d94b0996b6da2b
                                                                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 0c53a365a9c608e81ef79c85193ab9a3ad89e5c6fa2fbf23b50052b3995ee250
                                                                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 4011AF71E00108BEEF10AFA1CE49EAEB6B8EB44354F11443AF404B61C1DBB98D409658
                                                                                                                                                                                                                                                                                                                  Function 00406187 Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 37COMMON
                                                                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                                                                  • GetTickCount.KERNEL32 ref: 004061A5
                                                                                                                                                                                                                                                                                                                  • GetTempFileNameW.KERNEL32(?,?,00000000,?,?,?,?,0040363E,1033,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,00403923), ref: 004061C0
                                                                                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                                                                  • Source File: 0000000B.00000002.3116855936.0000000000401000.00000020.00000001.01000000.0000000E.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                                  • Associated: 0000000B.00000002.3116825906.0000000000400000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 0000000B.00000002.3116905887.0000000000408000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 0000000B.00000002.3116932743.000000000040A000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 0000000B.00000002.3116932743.0000000000427000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 0000000B.00000002.3116932743.000000000042B000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 0000000B.00000002.3116932743.000000000042F000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 0000000B.00000002.3116932743.0000000000433000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 0000000B.00000002.3116932743.0000000000435000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 0000000B.00000002.3116932743.0000000000454000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 0000000B.00000002.3116932743.0000000000457000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 0000000B.00000002.3117248813.000000000045D000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 0000000B.00000002.3117248813.000000000045F000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_11_2_400000_nsr7B99.jbxd
                                                                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                                                                  • API ID: CountFileNameTempTick
                                                                                                                                                                                                                                                                                                                  • String ID: C:\Users\user\AppData\Local\Temp\$nsa
                                                                                                                                                                                                                                                                                                                  • API String ID: 1716503409-678247507
                                                                                                                                                                                                                                                                                                                  • Opcode ID: 6315ab6e6f8253ba2c88c9b6803a176270f8621abb800126aa0f3c3b7b9ef66c
                                                                                                                                                                                                                                                                                                                  • Instruction ID: 21b676f9b33da427d45e0b2d6905a63b6509bf3d89a4e990effff8b21c6fdcbe
                                                                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 6315ab6e6f8253ba2c88c9b6803a176270f8621abb800126aa0f3c3b7b9ef66c
                                                                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: C3F09076700214BFEB008F59DD05E9AB7BCEBA1710F11803AEE05EB180E6B0A9648768
                                                                                                                                                                                                                                                                                                                  Function 6FB51FF4 Relevance: 6.4, APIs: 5, Instructions: 147stringCOMMON
                                                                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                                                                  • GlobalFree.KERNEL32(?), ref: 6FB52029
                                                                                                                                                                                                                                                                                                                    • Part of subcall function 6FB51558: GlobalFree.KERNEL32(?), ref: 6FB515B5
                                                                                                                                                                                                                                                                                                                    • Part of subcall function 6FB51558: GlobalFree.KERNEL32(?), ref: 6FB515C9
                                                                                                                                                                                                                                                                                                                    • Part of subcall function 6FB51558: GlobalFree.KERNEL32(00000000), ref: 6FB515E0
                                                                                                                                                                                                                                                                                                                  • lstrlenA.KERNEL32(00000000,00000000,00000000,74DEF360,?,6FB54658), ref: 6FB5205F
                                                                                                                                                                                                                                                                                                                  • GlobalFree.KERNEL32(?), ref: 6FB520D2
                                                                                                                                                                                                                                                                                                                  • GlobalFree.KERNEL32(00000000), ref: 6FB520F1
                                                                                                                                                                                                                                                                                                                  • GlobalFree.KERNEL32(00000000), ref: 6FB52152
                                                                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                                                                  • Source File: 0000000B.00000002.3121957134.000000006FB51000.00000020.00000001.01000000.00000012.sdmp, Offset: 6FB50000, based on PE: true
                                                                                                                                                                                                                                                                                                                  • Associated: 0000000B.00000002.3121909200.000000006FB50000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 0000000B.00000002.3122021784.000000006FB55000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 0000000B.00000002.3122082427.000000006FB57000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_11_2_6fb50000_nsr7B99.jbxd
                                                                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                                                                  • API ID: FreeGlobal$lstrlen
                                                                                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                                                                                  • API String ID: 3041391548-0
                                                                                                                                                                                                                                                                                                                  • Opcode ID: 48c279c3adc2569905132697d9553db9b236ee6cea2914c840b7e33c99349919
                                                                                                                                                                                                                                                                                                                  • Instruction ID: 7bf317d8b3fe414f48a4b4ce93b7d6078c1fbd52ffc08704b8323925e530254a
                                                                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 48c279c3adc2569905132697d9553db9b236ee6cea2914c840b7e33c99349919
                                                                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: BB516171106786DFDB118F28E88099AB7E4FF06364724C52EEAA9CA250D739E4A5CF40
                                                                                                                                                                                                                                                                                                                  Function 6EFE10E1 Relevance: 6.4, APIs: 5, Instructions: 145memoryCOMMON
                                                                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                                                                  • GlobalAlloc.KERNEL32(00000040,?), ref: 6EFE1171
                                                                                                                                                                                                                                                                                                                  • GlobalAlloc.KERNEL32(00000040,?), ref: 6EFE11E3
                                                                                                                                                                                                                                                                                                                  • GlobalFree.KERNEL32 ref: 6EFE124A
                                                                                                                                                                                                                                                                                                                  • GlobalFree.KERNEL32(?), ref: 6EFE129B
                                                                                                                                                                                                                                                                                                                  • GlobalFree.KERNEL32(00000000), ref: 6EFE12B1
                                                                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                                                                  • Source File: 0000000B.00000002.3121354560.000000006EFE1000.00000020.00000001.01000000.0000000F.sdmp, Offset: 6EFE0000, based on PE: true
                                                                                                                                                                                                                                                                                                                  • Associated: 0000000B.00000002.3121303186.000000006EFE0000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 0000000B.00000002.3121405293.000000006EFE4000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 0000000B.00000002.3121454401.000000006EFE6000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_11_2_6efe0000_nsr7B99.jbxd
                                                                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                                                                  • API ID: Global$Free$Alloc
                                                                                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                                                                                  • API String ID: 1780285237-0
                                                                                                                                                                                                                                                                                                                  • Opcode ID: 8baf48a45c5c566857e97d92ff696e0d8e298dbb453a717a6860782dfa4d5640
                                                                                                                                                                                                                                                                                                                  • Instruction ID: 2cd907d750c0b2b99737cad8fe49d7e2691590dac3b806e83a2e6e32a127bf64
                                                                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 8baf48a45c5c566857e97d92ff696e0d8e298dbb453a717a6860782dfa4d5640
                                                                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: C551A375910607FFDB40DFAAC864A6677E8FB8A315B00492AFA04DBA50E734FD08CB50
                                                                                                                                                                                                                                                                                                                  Function 004015C1 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 65COMMON
                                                                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                                                                    • Part of subcall function 00405FE2: CharNextW.USER32(?,?,00425F50,?,00406056,00425F50,00425F50,74DF3420,?,74DF2EE0,00405D94,?,74DF3420,74DF2EE0,00000000), ref: 00405FF0
                                                                                                                                                                                                                                                                                                                    • Part of subcall function 00405FE2: CharNextW.USER32(00000000), ref: 00405FF5
                                                                                                                                                                                                                                                                                                                    • Part of subcall function 00405FE2: CharNextW.USER32(00000000), ref: 0040600D
                                                                                                                                                                                                                                                                                                                  • GetFileAttributesW.KERNEL32(?,?,00000000,0000005C,00000000,000000F0), ref: 0040161A
                                                                                                                                                                                                                                                                                                                    • Part of subcall function 00405B99: CreateDirectoryW.KERNEL32(?,?,C:\Users\user\AppData\Local\Temp\), ref: 00405BDC
                                                                                                                                                                                                                                                                                                                  • SetCurrentDirectoryW.KERNEL32(?,C:\Users\user\PCAppStore,?,00000000,000000F0), ref: 0040164D
                                                                                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                                                                                  • C:\Users\user\PCAppStore, xrefs: 00401640
                                                                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                                                                  • Source File: 0000000B.00000002.3116855936.0000000000401000.00000020.00000001.01000000.0000000E.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                                  • Associated: 0000000B.00000002.3116825906.0000000000400000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 0000000B.00000002.3116905887.0000000000408000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 0000000B.00000002.3116932743.000000000040A000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 0000000B.00000002.3116932743.0000000000427000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 0000000B.00000002.3116932743.000000000042B000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 0000000B.00000002.3116932743.000000000042F000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 0000000B.00000002.3116932743.0000000000433000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 0000000B.00000002.3116932743.0000000000435000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 0000000B.00000002.3116932743.0000000000454000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 0000000B.00000002.3116932743.0000000000457000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 0000000B.00000002.3117248813.000000000045D000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 0000000B.00000002.3117248813.000000000045F000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_11_2_400000_nsr7B99.jbxd
                                                                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                                                                  • API ID: CharNext$Directory$AttributesCreateCurrentFile
                                                                                                                                                                                                                                                                                                                  • String ID: C:\Users\user\PCAppStore
                                                                                                                                                                                                                                                                                                                  • API String ID: 1892508949-1816341478
                                                                                                                                                                                                                                                                                                                  • Opcode ID: ff9909915b16c23767ee925164981e8f632181fd0fe0b495a8c7e415af322c96
                                                                                                                                                                                                                                                                                                                  • Instruction ID: a0118e7b9b939ef3ea3e51add98df8039a5aa70d3b8e99a19be4f9c31e9f39fe
                                                                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: ff9909915b16c23767ee925164981e8f632181fd0fe0b495a8c7e415af322c96
                                                                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 04112231508105EBCF30AFA0CD4099E36A0EF15329B28493BF901B22F1DB3E4982DB5E
                                                                                                                                                                                                                                                                                                                  Function 00407194 Relevance: 5.2, APIs: 4, Instructions: 236COMMON
                                                                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                                                                  • Source File: 0000000B.00000002.3116855936.0000000000401000.00000020.00000001.01000000.0000000E.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                                  • Associated: 0000000B.00000002.3116825906.0000000000400000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 0000000B.00000002.3116905887.0000000000408000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 0000000B.00000002.3116932743.000000000040A000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 0000000B.00000002.3116932743.0000000000427000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 0000000B.00000002.3116932743.000000000042B000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 0000000B.00000002.3116932743.000000000042F000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 0000000B.00000002.3116932743.0000000000433000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 0000000B.00000002.3116932743.0000000000435000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 0000000B.00000002.3116932743.0000000000454000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 0000000B.00000002.3116932743.0000000000457000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 0000000B.00000002.3117248813.000000000045D000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 0000000B.00000002.3117248813.000000000045F000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_11_2_400000_nsr7B99.jbxd
                                                                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                                                                                                                                  • Opcode ID: 9f3cc98df1e3ecd253cf91825a4064c55af45d063240f038e3dc270cc3f81a7c
                                                                                                                                                                                                                                                                                                                  • Instruction ID: 10cc2cc0f2c892254e5285b7a8bac4c216a70fda8fb68dfa7c3680dd08f727d3
                                                                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 9f3cc98df1e3ecd253cf91825a4064c55af45d063240f038e3dc270cc3f81a7c
                                                                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 55A15571E04228DBDF28CFA8C8547ADBBB1FF44305F10842AD856BB281D778A986DF45
                                                                                                                                                                                                                                                                                                                  Function 00407395 Relevance: 5.2, APIs: 4, Instructions: 208COMMON
                                                                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                                                                  • Source File: 0000000B.00000002.3116855936.0000000000401000.00000020.00000001.01000000.0000000E.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                                  • Associated: 0000000B.00000002.3116825906.0000000000400000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 0000000B.00000002.3116905887.0000000000408000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 0000000B.00000002.3116932743.000000000040A000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 0000000B.00000002.3116932743.0000000000427000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 0000000B.00000002.3116932743.000000000042B000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 0000000B.00000002.3116932743.000000000042F000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 0000000B.00000002.3116932743.0000000000433000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 0000000B.00000002.3116932743.0000000000435000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 0000000B.00000002.3116932743.0000000000454000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 0000000B.00000002.3116932743.0000000000457000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 0000000B.00000002.3117248813.000000000045D000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 0000000B.00000002.3117248813.000000000045F000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_11_2_400000_nsr7B99.jbxd
                                                                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                                                                                                                                  • Opcode ID: 97748a737734167d5846b9d8dd4738ada3f75d0b833fdafa89234df63502b4a5
                                                                                                                                                                                                                                                                                                                  • Instruction ID: d49815ad38d406b3cd0a1a90ea7be1526168d9e39684835ffa6a026ef1ef4849
                                                                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 97748a737734167d5846b9d8dd4738ada3f75d0b833fdafa89234df63502b4a5
                                                                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 91913270D04228DBEF28CF98C8547ADBBB1FF44305F14816AD856BB281D778A986DF45
                                                                                                                                                                                                                                                                                                                  Function 004070AB Relevance: 5.2, APIs: 4, Instructions: 205COMMON
                                                                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                                                                  • Source File: 0000000B.00000002.3116855936.0000000000401000.00000020.00000001.01000000.0000000E.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                                  • Associated: 0000000B.00000002.3116825906.0000000000400000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 0000000B.00000002.3116905887.0000000000408000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 0000000B.00000002.3116932743.000000000040A000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 0000000B.00000002.3116932743.0000000000427000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 0000000B.00000002.3116932743.000000000042B000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 0000000B.00000002.3116932743.000000000042F000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 0000000B.00000002.3116932743.0000000000433000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 0000000B.00000002.3116932743.0000000000435000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 0000000B.00000002.3116932743.0000000000454000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 0000000B.00000002.3116932743.0000000000457000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 0000000B.00000002.3117248813.000000000045D000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 0000000B.00000002.3117248813.000000000045F000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_11_2_400000_nsr7B99.jbxd
                                                                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                                                                                                                                  • Opcode ID: 93c083d05bcdf6195ca23c2a54f1652f9efbc2f2339d63ff2f761c89645e7c92
                                                                                                                                                                                                                                                                                                                  • Instruction ID: 0a676f48c9952aad729ccf503b6a86ce95496029d8c73069f89f3073be052f6e
                                                                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 93c083d05bcdf6195ca23c2a54f1652f9efbc2f2339d63ff2f761c89645e7c92
                                                                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: C3813471D08228DFDF24CFA8C8847ADBBB1FB44305F24816AD456BB281D778A986DF05
                                                                                                                                                                                                                                                                                                                  Function 00406BB0 Relevance: 5.2, APIs: 4, Instructions: 198COMMON
                                                                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                                                                  • Source File: 0000000B.00000002.3116855936.0000000000401000.00000020.00000001.01000000.0000000E.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                                  • Associated: 0000000B.00000002.3116825906.0000000000400000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 0000000B.00000002.3116905887.0000000000408000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 0000000B.00000002.3116932743.000000000040A000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 0000000B.00000002.3116932743.0000000000427000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 0000000B.00000002.3116932743.000000000042B000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 0000000B.00000002.3116932743.000000000042F000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 0000000B.00000002.3116932743.0000000000433000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 0000000B.00000002.3116932743.0000000000435000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 0000000B.00000002.3116932743.0000000000454000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 0000000B.00000002.3116932743.0000000000457000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 0000000B.00000002.3117248813.000000000045D000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 0000000B.00000002.3117248813.000000000045F000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_11_2_400000_nsr7B99.jbxd
                                                                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                                                                                                                                  • Opcode ID: 42fe04b556333c9da529a864bcd0db0a91825228453d2ef5331aa29539740558
                                                                                                                                                                                                                                                                                                                  • Instruction ID: 41bbaa2e3590000dceee7c9791d291245bc26db239967492cd44d063337b5de0
                                                                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 42fe04b556333c9da529a864bcd0db0a91825228453d2ef5331aa29539740558
                                                                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 3E814831D08228DBEF28CFA8C8447ADBBB1FF44305F14816AD856B7281D778A986DF45
                                                                                                                                                                                                                                                                                                                  Function 00406FFE Relevance: 5.2, APIs: 4, Instructions: 180COMMON
                                                                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                                                                  • Source File: 0000000B.00000002.3116855936.0000000000401000.00000020.00000001.01000000.0000000E.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                                  • Associated: 0000000B.00000002.3116825906.0000000000400000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 0000000B.00000002.3116905887.0000000000408000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 0000000B.00000002.3116932743.000000000040A000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 0000000B.00000002.3116932743.0000000000427000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 0000000B.00000002.3116932743.000000000042B000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 0000000B.00000002.3116932743.000000000042F000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 0000000B.00000002.3116932743.0000000000433000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 0000000B.00000002.3116932743.0000000000435000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 0000000B.00000002.3116932743.0000000000454000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 0000000B.00000002.3116932743.0000000000457000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 0000000B.00000002.3117248813.000000000045D000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 0000000B.00000002.3117248813.000000000045F000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_11_2_400000_nsr7B99.jbxd
                                                                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                                                                                                                                  • Opcode ID: 7ccf24f4e081119859c9f0e48baaaa1d38e3934f3a3b1d8a87677b84cb71901f
                                                                                                                                                                                                                                                                                                                  • Instruction ID: 4a3513360c1d1cc4287bdabe5afcaa460628bed3c0d7ae87261646ca99be8a9f
                                                                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 7ccf24f4e081119859c9f0e48baaaa1d38e3934f3a3b1d8a87677b84cb71901f
                                                                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 0D711271D04228DBEF28CF98C9947ADBBF1FB44305F14806AD856B7280D738A986DF05
                                                                                                                                                                                                                                                                                                                  Function 0040711C Relevance: 5.2, APIs: 4, Instructions: 170COMMON
                                                                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                                                                  • Source File: 0000000B.00000002.3116855936.0000000000401000.00000020.00000001.01000000.0000000E.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                                  • Associated: 0000000B.00000002.3116825906.0000000000400000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 0000000B.00000002.3116905887.0000000000408000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 0000000B.00000002.3116932743.000000000040A000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 0000000B.00000002.3116932743.0000000000427000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 0000000B.00000002.3116932743.000000000042B000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 0000000B.00000002.3116932743.000000000042F000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 0000000B.00000002.3116932743.0000000000433000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 0000000B.00000002.3116932743.0000000000435000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 0000000B.00000002.3116932743.0000000000454000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 0000000B.00000002.3116932743.0000000000457000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 0000000B.00000002.3117248813.000000000045D000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 0000000B.00000002.3117248813.000000000045F000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_11_2_400000_nsr7B99.jbxd
                                                                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                                                                                                                                  • Opcode ID: c68610f165bc536a6a66ce61bc987e677a2aaa57ebbfa987bd426c3fc0f92c56
                                                                                                                                                                                                                                                                                                                  • Instruction ID: aecab3f40db1f9fc07a3dc9ea3777efa7aa3d7dc23f88bc09ddd959c6243594a
                                                                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: c68610f165bc536a6a66ce61bc987e677a2aaa57ebbfa987bd426c3fc0f92c56
                                                                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 2B711571D04228DBEF28CF98C8547ADBBB1FF44305F14806AD856BB281D778A986DF05
                                                                                                                                                                                                                                                                                                                  Function 00407068 Relevance: 5.2, APIs: 4, Instructions: 168COMMON
                                                                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                                                                  • Source File: 0000000B.00000002.3116855936.0000000000401000.00000020.00000001.01000000.0000000E.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                                  • Associated: 0000000B.00000002.3116825906.0000000000400000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 0000000B.00000002.3116905887.0000000000408000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 0000000B.00000002.3116932743.000000000040A000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 0000000B.00000002.3116932743.0000000000427000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 0000000B.00000002.3116932743.000000000042B000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 0000000B.00000002.3116932743.000000000042F000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 0000000B.00000002.3116932743.0000000000433000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 0000000B.00000002.3116932743.0000000000435000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 0000000B.00000002.3116932743.0000000000454000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 0000000B.00000002.3116932743.0000000000457000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 0000000B.00000002.3117248813.000000000045D000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 0000000B.00000002.3117248813.000000000045F000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_11_2_400000_nsr7B99.jbxd
                                                                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                                                                                                                                  • Opcode ID: b33066b9a67caffcdb2859c2a3d237c195f810e8b6f417b46283b98aba377de3
                                                                                                                                                                                                                                                                                                                  • Instruction ID: 947ff9f4813c08031b822263453b6bbc7859602ae013fffc9a74d3363ad91bbb
                                                                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: b33066b9a67caffcdb2859c2a3d237c195f810e8b6f417b46283b98aba377de3
                                                                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: FE713471E04228DBEF28CF98C8547ADBBB1FF44305F15806AD856BB281C778A986DF45
                                                                                                                                                                                                                                                                                                                  Function 00403479 Relevance: 4.6, APIs: 3, Instructions: 101COMMON
                                                                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                                                                  • GetTickCount.KERNEL32 ref: 0040348D
                                                                                                                                                                                                                                                                                                                    • Part of subcall function 004035F8: SetFilePointer.KERNEL32(00000000,00000000,00000000,004032F6,?), ref: 00403606
                                                                                                                                                                                                                                                                                                                  • SetFilePointer.KERNEL32(00000000,00000000,?,00000000,004033A3,00000004,00000000,00000000,?,?,0040331D,000000FF,00000000,00000000,?,?), ref: 004034C0
                                                                                                                                                                                                                                                                                                                  • SetFilePointer.KERNEL32(12F69086,00000000,00000000,00414EF0,00004000,?,00000000,004033A3,00000004,00000000,00000000,?,?,0040331D,000000FF,00000000), ref: 004035BB
                                                                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                                                                  • Source File: 0000000B.00000002.3116855936.0000000000401000.00000020.00000001.01000000.0000000E.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                                  • Associated: 0000000B.00000002.3116825906.0000000000400000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 0000000B.00000002.3116905887.0000000000408000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 0000000B.00000002.3116932743.000000000040A000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 0000000B.00000002.3116932743.0000000000427000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 0000000B.00000002.3116932743.000000000042B000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 0000000B.00000002.3116932743.000000000042F000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 0000000B.00000002.3116932743.0000000000433000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 0000000B.00000002.3116932743.0000000000435000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 0000000B.00000002.3116932743.0000000000454000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 0000000B.00000002.3116932743.0000000000457000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 0000000B.00000002.3117248813.000000000045D000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 0000000B.00000002.3117248813.000000000045F000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_11_2_400000_nsr7B99.jbxd
                                                                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                                                                  • API ID: FilePointer$CountTick
                                                                                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                                                                                  • API String ID: 1092082344-0
                                                                                                                                                                                                                                                                                                                  • Opcode ID: 3ac154d52ea9800dffc85ef1316eb03f3be91f57b238af8bcd161a90f23d8065
                                                                                                                                                                                                                                                                                                                  • Instruction ID: 4a0f782daef8a724a5dada35133bb9654e3c612a62d69fcdf17392b9264be50a
                                                                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 3ac154d52ea9800dffc85ef1316eb03f3be91f57b238af8bcd161a90f23d8065
                                                                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 3A31AEB2650205EFC7209F29EE848263BADF70475A755023BE900B22F1C7B59D42DB9D
                                                                                                                                                                                                                                                                                                                  Function 004020D8 Relevance: 4.6, APIs: 3, Instructions: 73libraryCOMMON
                                                                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                                                                  • GetModuleHandleW.KERNEL32(00000000,00000001,000000F0), ref: 00402103
                                                                                                                                                                                                                                                                                                                    • Part of subcall function 004056CA: lstrlenW.KERNEL32(00422728,00000000,00000000,00000000,?,?,?,?,?,?,?,?,?,004030A8,00000000,?), ref: 00405702
                                                                                                                                                                                                                                                                                                                    • Part of subcall function 004056CA: lstrlenW.KERNEL32(004030A8,00422728,00000000,00000000,00000000,?,?,?,?,?,?,?,?,?,004030A8,00000000), ref: 00405712
                                                                                                                                                                                                                                                                                                                    • Part of subcall function 004056CA: lstrcatW.KERNEL32(00422728,004030A8,004030A8,00422728,00000000,00000000,00000000), ref: 00405725
                                                                                                                                                                                                                                                                                                                    • Part of subcall function 004056CA: SetWindowTextW.USER32(00422728,00422728), ref: 00405737
                                                                                                                                                                                                                                                                                                                    • Part of subcall function 004056CA: SendMessageW.USER32(?,00001004,00000000,00000000), ref: 0040575D
                                                                                                                                                                                                                                                                                                                    • Part of subcall function 004056CA: SendMessageW.USER32(?,0000104D,00000000,00000001), ref: 00405777
                                                                                                                                                                                                                                                                                                                    • Part of subcall function 004056CA: SendMessageW.USER32(?,00001013,?,00000000), ref: 00405785
                                                                                                                                                                                                                                                                                                                  • LoadLibraryExW.KERNEL32(00000000,?,00000008,00000001,000000F0), ref: 00402114
                                                                                                                                                                                                                                                                                                                  • FreeLibrary.KERNEL32(?,?,000000F7,?,?,00000008,00000001,000000F0), ref: 00402191
                                                                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                                                                  • Source File: 0000000B.00000002.3116855936.0000000000401000.00000020.00000001.01000000.0000000E.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                                  • Associated: 0000000B.00000002.3116825906.0000000000400000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 0000000B.00000002.3116905887.0000000000408000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 0000000B.00000002.3116932743.000000000040A000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 0000000B.00000002.3116932743.0000000000427000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 0000000B.00000002.3116932743.000000000042B000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 0000000B.00000002.3116932743.000000000042F000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 0000000B.00000002.3116932743.0000000000433000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 0000000B.00000002.3116932743.0000000000435000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 0000000B.00000002.3116932743.0000000000454000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 0000000B.00000002.3116932743.0000000000457000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 0000000B.00000002.3117248813.000000000045D000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 0000000B.00000002.3117248813.000000000045F000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_11_2_400000_nsr7B99.jbxd
                                                                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                                                                  • API ID: MessageSend$Librarylstrlen$FreeHandleLoadModuleTextWindowlstrcat
                                                                                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                                                                                  • API String ID: 334405425-0
                                                                                                                                                                                                                                                                                                                  • Opcode ID: 52f8d756bd50154f6a3dea7293860066d65bf9effb7e174b318ab9c425843f66
                                                                                                                                                                                                                                                                                                                  • Instruction ID: 1e7e134340f86907485d462c64894228b35b3344cd4f3d252167f9901203d809
                                                                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 52f8d756bd50154f6a3dea7293860066d65bf9effb7e174b318ab9c425843f66
                                                                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: C521C231904104FADF11AFA5CF48A9D7A70BF48354F60413BF605B91E0DBBD8A929A5D
                                                                                                                                                                                                                                                                                                                  Function 00401B9B Relevance: 4.6, APIs: 2, Strings: 1, Instructions: 72memoryCOMMON
                                                                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                                                                  • GlobalFree.KERNEL32(0385D2D8), ref: 00401C0B
                                                                                                                                                                                                                                                                                                                  • GlobalAlloc.KERNEL32(00000040,00000804), ref: 00401C1D
                                                                                                                                                                                                                                                                                                                    • Part of subcall function 004066A5: lstrcatW.KERNEL32(get,\Microsoft\Internet Explorer\Quick Launch), ref: 0040684A
                                                                                                                                                                                                                                                                                                                    • Part of subcall function 004066A5: lstrlenW.KERNEL32(get,00000000,00422728,?,00405701,00422728,00000000), ref: 004068A4
                                                                                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                                                                  • Source File: 0000000B.00000002.3116855936.0000000000401000.00000020.00000001.01000000.0000000E.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                                  • Associated: 0000000B.00000002.3116825906.0000000000400000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 0000000B.00000002.3116905887.0000000000408000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 0000000B.00000002.3116932743.000000000040A000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 0000000B.00000002.3116932743.0000000000427000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 0000000B.00000002.3116932743.000000000042B000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 0000000B.00000002.3116932743.000000000042F000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 0000000B.00000002.3116932743.0000000000433000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 0000000B.00000002.3116932743.0000000000435000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 0000000B.00000002.3116932743.0000000000454000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 0000000B.00000002.3116932743.0000000000457000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 0000000B.00000002.3117248813.000000000045D000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 0000000B.00000002.3117248813.000000000045F000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_11_2_400000_nsr7B99.jbxd
                                                                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                                                                  • API ID: Global$AllocFreelstrcatlstrlen
                                                                                                                                                                                                                                                                                                                  • String ID: get
                                                                                                                                                                                                                                                                                                                  • API String ID: 3292104215-4248514160
                                                                                                                                                                                                                                                                                                                  • Opcode ID: 4319b31a17754bffce461f57a5489b402a00cd847fb6eeae40cdae925115eaf0
                                                                                                                                                                                                                                                                                                                  • Instruction ID: d74cddccbdd50a14e5bf5e3e63826a63b2a65df0fd836753f00777670cd3b466
                                                                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 4319b31a17754bffce461f57a5489b402a00cd847fb6eeae40cdae925115eaf0
                                                                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 5321D872904210DBDB20EFA4DEC4E5E73A4AB047157150A3BF542F72D0D6BD9C518BAD
                                                                                                                                                                                                                                                                                                                  Function 0040259E Relevance: 4.5, APIs: 3, Instructions: 47registryCOMMON
                                                                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                                                                  • RegEnumKeyW.ADVAPI32(00000000,00000000,?,000003FF), ref: 004025D1
                                                                                                                                                                                                                                                                                                                  • RegEnumValueW.ADVAPI32(00000000,00000000,?,?), ref: 004025E4
                                                                                                                                                                                                                                                                                                                  • RegCloseKey.KERNEL32(?,?,?,C:\Users\user\AppData\Local\Temp\nsr9111.tmp,00000000,00000011,00000002), ref: 004025FD
                                                                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                                                                  • Source File: 0000000B.00000002.3116855936.0000000000401000.00000020.00000001.01000000.0000000E.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                                  • Associated: 0000000B.00000002.3116825906.0000000000400000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 0000000B.00000002.3116905887.0000000000408000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 0000000B.00000002.3116932743.000000000040A000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 0000000B.00000002.3116932743.0000000000427000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 0000000B.00000002.3116932743.000000000042B000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 0000000B.00000002.3116932743.000000000042F000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 0000000B.00000002.3116932743.0000000000433000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 0000000B.00000002.3116932743.0000000000435000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 0000000B.00000002.3116932743.0000000000454000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 0000000B.00000002.3116932743.0000000000457000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 0000000B.00000002.3117248813.000000000045D000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 0000000B.00000002.3117248813.000000000045F000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_11_2_400000_nsr7B99.jbxd
                                                                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                                                                  • API ID: Enum$CloseValue
                                                                                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                                                                                  • API String ID: 397863658-0
                                                                                                                                                                                                                                                                                                                  • Opcode ID: a2874957321bf6034ab335a01143add9f6f6121a8284cc98450072ad0413cc1f
                                                                                                                                                                                                                                                                                                                  • Instruction ID: fdd171a53236be04b49e80cc8c25aaf428e2db1c32e81cf7e645575326a8d696
                                                                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: a2874957321bf6034ab335a01143add9f6f6121a8284cc98450072ad0413cc1f
                                                                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 35017CB1A04105ABEB159F94DE58AAEB66CEF40348F10403AF501B61D0EBB85E45966D
                                                                                                                                                                                                                                                                                                                  Function 6FB5238C Relevance: 4.5, APIs: 3, Instructions: 37fileCOMMON
                                                                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                                                                  • WriteFile.KERNEL32(00000000,00000000,?,00000000,00000000,?,6FB5294A,00000000,6FB5510C,00000001,00000000,00000000,00000000,00000000,?,6FB51C8D), ref: 6FB523A7
                                                                                                                                                                                                                                                                                                                  • WriteFile.KERNEL32(00000000,00000000,00000000,?,00000000,00000000,00000000,00000000), ref: 6FB523D4
                                                                                                                                                                                                                                                                                                                  • GlobalFree.KERNEL32(00000000), ref: 6FB523DB
                                                                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                                                                  • Source File: 0000000B.00000002.3121957134.000000006FB51000.00000020.00000001.01000000.00000012.sdmp, Offset: 6FB50000, based on PE: true
                                                                                                                                                                                                                                                                                                                  • Associated: 0000000B.00000002.3121909200.000000006FB50000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 0000000B.00000002.3122021784.000000006FB55000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 0000000B.00000002.3122082427.000000006FB57000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_11_2_6fb50000_nsr7B99.jbxd
                                                                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                                                                  • API ID: FileWrite$FreeGlobal
                                                                                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                                                                                  • API String ID: 1622085458-0
                                                                                                                                                                                                                                                                                                                  • Opcode ID: f5b5df4feac7d138dced1220c72897dfd71c7e6c257fcca873af9a650652bc64
                                                                                                                                                                                                                                                                                                                  • Instruction ID: 3a4fdf35207c455ff927501c96b721810172e04d7c8f63bb18ffe529a036287a
                                                                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: f5b5df4feac7d138dced1220c72897dfd71c7e6c257fcca873af9a650652bc64
                                                                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 70F0F432042619AFDF019E85EC04FEA3BACEF04266F444061BE1896060D7759A79DBE5
                                                                                                                                                                                                                                                                                                                  Function 6FB527BA Relevance: 3.9, APIs: 3, Instructions: 168stringCOMMON
                                                                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                                                                  • lstrlenW.KERNEL32(?,00000000,00000000,00000000,00000000,?,6FB51C8D,00000000,00000000,00000000,?,?,?,6FB53F05,?,00000000), ref: 6FB5287F
                                                                                                                                                                                                                                                                                                                  • lstrlenW.KERNEL32(?,00000000,?,00000000,00000000,00000000), ref: 6FB527EC
                                                                                                                                                                                                                                                                                                                    • Part of subcall function 6FB5238C: WriteFile.KERNEL32(00000000,00000000,00000000,?,00000000,00000000,00000000,00000000), ref: 6FB523D4
                                                                                                                                                                                                                                                                                                                    • Part of subcall function 6FB5238C: GlobalFree.KERNEL32(00000000), ref: 6FB523DB
                                                                                                                                                                                                                                                                                                                  • lstrlenW.KERNEL32(?,00000000,?,00000000,00000000,00000000), ref: 6FB52855
                                                                                                                                                                                                                                                                                                                    • Part of subcall function 6FB5238C: WriteFile.KERNEL32(00000000,00000000,?,00000000,00000000,?,6FB5294A,00000000,6FB5510C,00000001,00000000,00000000,00000000,00000000,?,6FB51C8D), ref: 6FB523A7
                                                                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                                                                  • Source File: 0000000B.00000002.3121957134.000000006FB51000.00000020.00000001.01000000.00000012.sdmp, Offset: 6FB50000, based on PE: true
                                                                                                                                                                                                                                                                                                                  • Associated: 0000000B.00000002.3121909200.000000006FB50000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 0000000B.00000002.3122021784.000000006FB55000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 0000000B.00000002.3122082427.000000006FB57000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_11_2_6fb50000_nsr7B99.jbxd
                                                                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                                                                  • API ID: lstrlen$FileWrite$FreeGlobal
                                                                                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                                                                                  • API String ID: 3086006887-0
                                                                                                                                                                                                                                                                                                                  • Opcode ID: e8bc53b076e297e37da8097dfda0d121064e041dec038f3cec0b8d3714f1cc8c
                                                                                                                                                                                                                                                                                                                  • Instruction ID: 6687041889fbd4329aecc92effb0f775b740fd0099ec688318c37def6efe3fc9
                                                                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: e8bc53b076e297e37da8097dfda0d121064e041dec038f3cec0b8d3714f1cc8c
                                                                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: E541E4315022817BEF251E15ACC6FFF3A6CEF06719F040064F9186D191D7ADA8B5C6B6
                                                                                                                                                                                                                                                                                                                  Function 004021AA Relevance: 3.6, APIs: 1, Strings: 1, Instructions: 129comCOMMON
                                                                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                                                                  • CoCreateInstance.OLE32(004084E4,?,00000001,004084D4,?,?,00000045,000000CD,00000002,000000DF,000000F0), ref: 00402229
                                                                                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                                                                                  • C:\Users\user\PCAppStore, xrefs: 00402269
                                                                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                                                                  • Source File: 0000000B.00000002.3116855936.0000000000401000.00000020.00000001.01000000.0000000E.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                                  • Associated: 0000000B.00000002.3116825906.0000000000400000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 0000000B.00000002.3116905887.0000000000408000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 0000000B.00000002.3116932743.000000000040A000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 0000000B.00000002.3116932743.0000000000427000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 0000000B.00000002.3116932743.000000000042B000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 0000000B.00000002.3116932743.000000000042F000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 0000000B.00000002.3116932743.0000000000433000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 0000000B.00000002.3116932743.0000000000435000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 0000000B.00000002.3116932743.0000000000454000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 0000000B.00000002.3116932743.0000000000457000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 0000000B.00000002.3117248813.000000000045D000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 0000000B.00000002.3117248813.000000000045F000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_11_2_400000_nsr7B99.jbxd
                                                                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                                                                  • API ID: CreateInstance
                                                                                                                                                                                                                                                                                                                  • String ID: C:\Users\user\PCAppStore
                                                                                                                                                                                                                                                                                                                  • API String ID: 542301482-1816341478
                                                                                                                                                                                                                                                                                                                  • Opcode ID: 4e8b9e8d9efc1323b126c51a2f9450484e7b2217165b473e9f4f1a567a0bf10e
                                                                                                                                                                                                                                                                                                                  • Instruction ID: f110e38d5ccd8909b9e85e2ea6b1342c5fae2602ce40754bea02e3b472428d32
                                                                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 4e8b9e8d9efc1323b126c51a2f9450484e7b2217165b473e9f4f1a567a0bf10e
                                                                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: BC411771A00209EFCF40DFE4C989E9D7BB5BF49304B20456AF505EB2D1DB799981CB94
                                                                                                                                                                                                                                                                                                                  Function 004064D5 Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 19registryCOMMON
                                                                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                                                                  • RegOpenKeyExW.KERNEL32(00000000,00000000,00000000,?,?,00422728,?,('B,00406563,('B,00000000,?,?,get,?), ref: 004064F9
                                                                                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                                                                  • Source File: 0000000B.00000002.3116855936.0000000000401000.00000020.00000001.01000000.0000000E.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                                  • Associated: 0000000B.00000002.3116825906.0000000000400000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 0000000B.00000002.3116905887.0000000000408000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 0000000B.00000002.3116932743.000000000040A000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 0000000B.00000002.3116932743.0000000000427000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 0000000B.00000002.3116932743.000000000042B000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 0000000B.00000002.3116932743.000000000042F000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 0000000B.00000002.3116932743.0000000000433000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 0000000B.00000002.3116932743.0000000000435000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 0000000B.00000002.3116932743.0000000000454000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 0000000B.00000002.3116932743.0000000000457000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 0000000B.00000002.3117248813.000000000045D000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 0000000B.00000002.3117248813.000000000045F000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_11_2_400000_nsr7B99.jbxd
                                                                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                                                                  • API ID: Open
                                                                                                                                                                                                                                                                                                                  • String ID: ('B
                                                                                                                                                                                                                                                                                                                  • API String ID: 71445658-2332581011
                                                                                                                                                                                                                                                                                                                  • Opcode ID: 759d75b29ffd137612e455953a298f0698f5beae901813cd77d6ec234b014f3e
                                                                                                                                                                                                                                                                                                                  • Instruction ID: 5036765eb4ab6e58186d81024f5778724aa2024cd81e2e1d5ca813995cf5404a
                                                                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 759d75b29ffd137612e455953a298f0698f5beae901813cd77d6ec234b014f3e
                                                                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: BAD0123210020DBBDF115F90AD01FAB375DAB08310F018426FE06A4092D775D534A728
                                                                                                                                                                                                                                                                                                                  Function 00403371 Relevance: 3.1, APIs: 2, Instructions: 88COMMON
                                                                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                                                                  • SetFilePointer.KERNEL32(?,00000000,00000000,00000000,00000000,?,?,0040331D,000000FF,00000000,00000000,?,?), ref: 00403396
                                                                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                                                                  • Source File: 0000000B.00000002.3116855936.0000000000401000.00000020.00000001.01000000.0000000E.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                                  • Associated: 0000000B.00000002.3116825906.0000000000400000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 0000000B.00000002.3116905887.0000000000408000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 0000000B.00000002.3116932743.000000000040A000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 0000000B.00000002.3116932743.0000000000427000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 0000000B.00000002.3116932743.000000000042B000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 0000000B.00000002.3116932743.000000000042F000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 0000000B.00000002.3116932743.0000000000433000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 0000000B.00000002.3116932743.0000000000435000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 0000000B.00000002.3116932743.0000000000454000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 0000000B.00000002.3116932743.0000000000457000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 0000000B.00000002.3117248813.000000000045D000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 0000000B.00000002.3117248813.000000000045F000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_11_2_400000_nsr7B99.jbxd
                                                                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                                                                  • API ID: FilePointer
                                                                                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                                                                                  • API String ID: 973152223-0
                                                                                                                                                                                                                                                                                                                  • Opcode ID: b1bf35b654f0c361909532a2badc84153f12731a676864620281ad9f652e4f28
                                                                                                                                                                                                                                                                                                                  • Instruction ID: 963a71f16df831595788c30304fa9cedbf2cad19eb63879c1ada4fe15c9ed8fa
                                                                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: b1bf35b654f0c361909532a2badc84153f12731a676864620281ad9f652e4f28
                                                                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 93319F70200219EFDB129F65ED84E9A3FA8FF00355B10443AF905EA1A1D778CE51DBA9
                                                                                                                                                                                                                                                                                                                  Function 0040252A Relevance: 3.1, APIs: 2, Instructions: 56registryCOMMON
                                                                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                                                                  • RegQueryValueExW.KERNEL32(00000000,00000000,?,?,?,?,?,?,?,?,00000033), ref: 0040255B
                                                                                                                                                                                                                                                                                                                  • RegCloseKey.KERNEL32(?,?,?,C:\Users\user\AppData\Local\Temp\nsr9111.tmp,00000000,00000011,00000002), ref: 004025FD
                                                                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                                                                  • Source File: 0000000B.00000002.3116855936.0000000000401000.00000020.00000001.01000000.0000000E.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                                  • Associated: 0000000B.00000002.3116825906.0000000000400000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 0000000B.00000002.3116905887.0000000000408000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 0000000B.00000002.3116932743.000000000040A000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 0000000B.00000002.3116932743.0000000000427000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 0000000B.00000002.3116932743.000000000042B000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 0000000B.00000002.3116932743.000000000042F000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 0000000B.00000002.3116932743.0000000000433000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 0000000B.00000002.3116932743.0000000000435000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 0000000B.00000002.3116932743.0000000000454000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 0000000B.00000002.3116932743.0000000000457000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 0000000B.00000002.3117248813.000000000045D000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 0000000B.00000002.3117248813.000000000045F000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_11_2_400000_nsr7B99.jbxd
                                                                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                                                                  • API ID: CloseQueryValue
                                                                                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                                                                                  • API String ID: 3356406503-0
                                                                                                                                                                                                                                                                                                                  • Opcode ID: 2f519eafec3af35988992028302c1fe2ffbfb85c9afca13b7af9384ace0fec36
                                                                                                                                                                                                                                                                                                                  • Instruction ID: eaee0c709954dca67eb2d1c59e66f6ca2c08a593dad46a4828cc6951ae7b5872
                                                                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 2f519eafec3af35988992028302c1fe2ffbfb85c9afca13b7af9384ace0fec36
                                                                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 5C116D71900219EBDF14DFA4DE589AE7774FF04345B20443BE401B62D0E7B88A45EB5D
                                                                                                                                                                                                                                                                                                                  Function 00401389 Relevance: 3.0, APIs: 2, Instructions: 43windowCOMMON
                                                                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                                                                  • MulDiv.KERNEL32(00007530,00000000,00000000), ref: 004013E4
                                                                                                                                                                                                                                                                                                                  • SendMessageW.USER32(?,00000402,00000000), ref: 004013F4
                                                                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                                                                  • Source File: 0000000B.00000002.3116855936.0000000000401000.00000020.00000001.01000000.0000000E.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                                  • Associated: 0000000B.00000002.3116825906.0000000000400000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 0000000B.00000002.3116905887.0000000000408000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 0000000B.00000002.3116932743.000000000040A000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 0000000B.00000002.3116932743.0000000000427000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 0000000B.00000002.3116932743.000000000042B000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 0000000B.00000002.3116932743.000000000042F000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 0000000B.00000002.3116932743.0000000000433000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 0000000B.00000002.3116932743.0000000000435000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 0000000B.00000002.3116932743.0000000000454000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 0000000B.00000002.3116932743.0000000000457000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 0000000B.00000002.3117248813.000000000045D000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 0000000B.00000002.3117248813.000000000045F000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_11_2_400000_nsr7B99.jbxd
                                                                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                                                                  • API ID: MessageSend
                                                                                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                                                                                  • API String ID: 3850602802-0
                                                                                                                                                                                                                                                                                                                  • Opcode ID: 09e122a9c5ca6d14e20a0c17f6d9bb0c47d9e5f073d0cae9cf8d248ab6fa9320
                                                                                                                                                                                                                                                                                                                  • Instruction ID: af17251ef12b8b272b5eaf8d1bef107274ce64b6e67bb2dd4604cf2723900e86
                                                                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 09e122a9c5ca6d14e20a0c17f6d9bb0c47d9e5f073d0cae9cf8d248ab6fa9320
                                                                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 6F012831724220EBEB295B389D05B6A3698E710714F10857FF855F76F1E678CC029B6D
                                                                                                                                                                                                                                                                                                                  Function 6EFF7A9E Relevance: 3.0, APIs: 2, Instructions: 30memoryCOMMON
                                                                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                                                                  • HeapCreate.KERNELBASE(00000000,00001000,00000000,6EFF46AC,00000000), ref: 6EFF7AAF
                                                                                                                                                                                                                                                                                                                    • Part of subcall function 6EFF7956: GetVersionExA.KERNEL32 ref: 6EFF7975
                                                                                                                                                                                                                                                                                                                  • HeapDestroy.KERNEL32 ref: 6EFF7AEE
                                                                                                                                                                                                                                                                                                                    • Part of subcall function 6EFF99EF: HeapAlloc.KERNEL32(00000000,00000140,6EFF7AD7,000003F8), ref: 6EFF99FC
                                                                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                                                                  • Source File: 0000000B.00000002.3121529695.000000006EFF1000.00000020.00000001.01000000.00000011.sdmp, Offset: 6EFF0000, based on PE: true
                                                                                                                                                                                                                                                                                                                  • Associated: 0000000B.00000002.3121482743.000000006EFF0000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 0000000B.00000002.3121589070.000000006EFFD000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 0000000B.00000002.3121640141.000000006EFFE000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 0000000B.00000002.3121681624.000000006F000000.00000008.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 0000000B.00000002.3121752033.000000006F001000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 0000000B.00000002.3121797437.000000006F009000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 0000000B.00000002.3121844914.000000006F00C000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_11_2_6eff0000_nsr7B99.jbxd
                                                                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                                                                  • API ID: Heap$AllocCreateDestroyVersion
                                                                                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                                                                                  • API String ID: 2507506473-0
                                                                                                                                                                                                                                                                                                                  • Opcode ID: 0b0c4bf53baa85aa3518a7a787bd34c7e8b8f71031b6b8344b7f6e80d99f01e9
                                                                                                                                                                                                                                                                                                                  • Instruction ID: 5b66e9732272484e7ffa9cee29bcdd8d54407b5aa16c56182666fbc64ef20189
                                                                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 0b0c4bf53baa85aa3518a7a787bd34c7e8b8f71031b6b8344b7f6e80d99f01e9
                                                                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 9AF0E570638203DBDF506BB0486579E7A98AF45B55F110867F800C81F4FBA081C29611
                                                                                                                                                                                                                                                                                                                  Function 00405C4B Relevance: 3.0, APIs: 2, Instructions: 24processCOMMON
                                                                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                                                                  • CreateProcessW.KERNEL32(00000000,?,00000000,00000000,00000000,04000000,00000000,00000000,00426750,00000000,00000000), ref: 00405C74
                                                                                                                                                                                                                                                                                                                  • CloseHandle.KERNEL32(?), ref: 00405C81
                                                                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                                                                  • Source File: 0000000B.00000002.3116855936.0000000000401000.00000020.00000001.01000000.0000000E.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                                  • Associated: 0000000B.00000002.3116825906.0000000000400000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 0000000B.00000002.3116905887.0000000000408000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 0000000B.00000002.3116932743.000000000040A000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 0000000B.00000002.3116932743.0000000000427000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 0000000B.00000002.3116932743.000000000042B000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 0000000B.00000002.3116932743.000000000042F000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 0000000B.00000002.3116932743.0000000000433000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 0000000B.00000002.3116932743.0000000000435000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 0000000B.00000002.3116932743.0000000000454000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 0000000B.00000002.3116932743.0000000000457000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 0000000B.00000002.3117248813.000000000045D000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 0000000B.00000002.3117248813.000000000045F000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_11_2_400000_nsr7B99.jbxd
                                                                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                                                                  • API ID: CloseCreateHandleProcess
                                                                                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                                                                                  • API String ID: 3712363035-0
                                                                                                                                                                                                                                                                                                                  • Opcode ID: ab61a979a714f7ec4effc1a78875f568a822f35fd178278bd28005db307d5d14
                                                                                                                                                                                                                                                                                                                  • Instruction ID: 91309136e62a13352d93043ad9bb7922807806bb2ea2f765c8e9c4a894a003d9
                                                                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: ab61a979a714f7ec4effc1a78875f568a822f35fd178278bd28005db307d5d14
                                                                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 59E0B6B4600209BFFB109B64EE09F7B7BADFB04648F414565BD51F2190D778A8158A78
                                                                                                                                                                                                                                                                                                                  Function 00406A35 Relevance: 3.0, APIs: 2, Instructions: 22libraryloaderCOMMON
                                                                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                                                                  • GetModuleHandleA.KERNEL32(?,00000020,?,00403750,0000000B), ref: 00406A47
                                                                                                                                                                                                                                                                                                                  • GetProcAddress.KERNEL32(00000000,?), ref: 00406A62
                                                                                                                                                                                                                                                                                                                    • Part of subcall function 004069C5: GetSystemDirectoryW.KERNEL32(?,00000104), ref: 004069DC
                                                                                                                                                                                                                                                                                                                    • Part of subcall function 004069C5: wsprintfW.USER32 ref: 00406A17
                                                                                                                                                                                                                                                                                                                    • Part of subcall function 004069C5: LoadLibraryExW.KERNEL32(?,00000000,00000008), ref: 00406A2B
                                                                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                                                                  • Source File: 0000000B.00000002.3116855936.0000000000401000.00000020.00000001.01000000.0000000E.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                                  • Associated: 0000000B.00000002.3116825906.0000000000400000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 0000000B.00000002.3116905887.0000000000408000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 0000000B.00000002.3116932743.000000000040A000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 0000000B.00000002.3116932743.0000000000427000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 0000000B.00000002.3116932743.000000000042B000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 0000000B.00000002.3116932743.000000000042F000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 0000000B.00000002.3116932743.0000000000433000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 0000000B.00000002.3116932743.0000000000435000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 0000000B.00000002.3116932743.0000000000454000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 0000000B.00000002.3116932743.0000000000457000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 0000000B.00000002.3117248813.000000000045D000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 0000000B.00000002.3117248813.000000000045F000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_11_2_400000_nsr7B99.jbxd
                                                                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                                                                  • API ID: AddressDirectoryHandleLibraryLoadModuleProcSystemwsprintf
                                                                                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                                                                                  • API String ID: 2547128583-0
                                                                                                                                                                                                                                                                                                                  • Opcode ID: a89557e88259ac32882439a66efe2bded2b7fe37332f597cb2162f61758b0433
                                                                                                                                                                                                                                                                                                                  • Instruction ID: 0464b4a7853edb7079d0776797c383171681067eb8499b99987f1e8ea9f8efb8
                                                                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: a89557e88259ac32882439a66efe2bded2b7fe37332f597cb2162f61758b0433
                                                                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: E0E086727042106AD210A6745D08D3773E8ABC6711307883EF557F2040D738DC359A79
                                                                                                                                                                                                                                                                                                                  Function 00406158 Relevance: 3.0, APIs: 2, Instructions: 16fileCOMMON
                                                                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                                                                  • GetFileAttributesW.KERNEL32(00000003,00403113,C:\Users\user\AppData\Local\Temp\nsr7B99.tmp,80000000,00000003), ref: 0040615C
                                                                                                                                                                                                                                                                                                                  • CreateFileW.KERNEL32(?,?,00000001,00000000,?,00000001,00000000), ref: 0040617E
                                                                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                                                                  • Source File: 0000000B.00000002.3116855936.0000000000401000.00000020.00000001.01000000.0000000E.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                                  • Associated: 0000000B.00000002.3116825906.0000000000400000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 0000000B.00000002.3116905887.0000000000408000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 0000000B.00000002.3116932743.000000000040A000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 0000000B.00000002.3116932743.0000000000427000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 0000000B.00000002.3116932743.000000000042B000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 0000000B.00000002.3116932743.000000000042F000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 0000000B.00000002.3116932743.0000000000433000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 0000000B.00000002.3116932743.0000000000435000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 0000000B.00000002.3116932743.0000000000454000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 0000000B.00000002.3116932743.0000000000457000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 0000000B.00000002.3117248813.000000000045D000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 0000000B.00000002.3117248813.000000000045F000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_11_2_400000_nsr7B99.jbxd
                                                                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                                                                  • API ID: File$AttributesCreate
                                                                                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                                                                                  • API String ID: 415043291-0
                                                                                                                                                                                                                                                                                                                  • Opcode ID: bc48b18717e6d0ecb647aea7fc0ab07bebcbb2e2e3a0bd9572a83b91cd6509df
                                                                                                                                                                                                                                                                                                                  • Instruction ID: 0e1b57c135d9ed337dcee0f1630d7a3ffd6699826ab823f4ff8c6da5104765b0
                                                                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: bc48b18717e6d0ecb647aea7fc0ab07bebcbb2e2e3a0bd9572a83b91cd6509df
                                                                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: DCD09E71254201AFEF0D8F20DF16F2E7AA2EB94B04F11952CB682940E1DAB15C15AB19
                                                                                                                                                                                                                                                                                                                  Function 00406133 Relevance: 3.0, APIs: 2, Instructions: 13COMMON
                                                                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                                                                  • GetFileAttributesW.KERNEL32(?,?,00405D38,?,?,00000000,00405F0E,?,?,?,?), ref: 00406138
                                                                                                                                                                                                                                                                                                                  • SetFileAttributesW.KERNEL32(?,00000000), ref: 0040614C
                                                                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                                                                  • Source File: 0000000B.00000002.3116855936.0000000000401000.00000020.00000001.01000000.0000000E.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                                  • Associated: 0000000B.00000002.3116825906.0000000000400000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 0000000B.00000002.3116905887.0000000000408000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 0000000B.00000002.3116932743.000000000040A000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 0000000B.00000002.3116932743.0000000000427000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 0000000B.00000002.3116932743.000000000042B000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 0000000B.00000002.3116932743.000000000042F000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 0000000B.00000002.3116932743.0000000000433000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 0000000B.00000002.3116932743.0000000000435000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 0000000B.00000002.3116932743.0000000000454000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 0000000B.00000002.3116932743.0000000000457000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 0000000B.00000002.3117248813.000000000045D000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 0000000B.00000002.3117248813.000000000045F000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_11_2_400000_nsr7B99.jbxd
                                                                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                                                                  • API ID: AttributesFile
                                                                                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                                                                                  • API String ID: 3188754299-0
                                                                                                                                                                                                                                                                                                                  • Opcode ID: a764032cc0ce64e7f87df91ab84dfb27e8fca44cfd77f22972d2dc2d25b91850
                                                                                                                                                                                                                                                                                                                  • Instruction ID: 3e6336b5c460747e2e1e0fbe3c4db8defb42c0044e1a92967a1d29a512d2a4bc
                                                                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: a764032cc0ce64e7f87df91ab84dfb27e8fca44cfd77f22972d2dc2d25b91850
                                                                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 73D0C972514130ABC2102728AE0889ABB56EB64271B014A35F9A5A62B0CB304C628A98
                                                                                                                                                                                                                                                                                                                  Function 00405C16 Relevance: 3.0, APIs: 2, Instructions: 9COMMON
                                                                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                                                                  • CreateDirectoryW.KERNEL32(?,00000000,00403633,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,00403923), ref: 00405C1C
                                                                                                                                                                                                                                                                                                                  • GetLastError.KERNEL32 ref: 00405C2A
                                                                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                                                                  • Source File: 0000000B.00000002.3116855936.0000000000401000.00000020.00000001.01000000.0000000E.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                                  • Associated: 0000000B.00000002.3116825906.0000000000400000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 0000000B.00000002.3116905887.0000000000408000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 0000000B.00000002.3116932743.000000000040A000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 0000000B.00000002.3116932743.0000000000427000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 0000000B.00000002.3116932743.000000000042B000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 0000000B.00000002.3116932743.000000000042F000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 0000000B.00000002.3116932743.0000000000433000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 0000000B.00000002.3116932743.0000000000435000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 0000000B.00000002.3116932743.0000000000454000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 0000000B.00000002.3116932743.0000000000457000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 0000000B.00000002.3117248813.000000000045D000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 0000000B.00000002.3117248813.000000000045F000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_11_2_400000_nsr7B99.jbxd
                                                                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                                                                  • API ID: CreateDirectoryErrorLast
                                                                                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                                                                                  • API String ID: 1375471231-0
                                                                                                                                                                                                                                                                                                                  • Opcode ID: 3d774f31bfc7c5d70b6f8c035fc875d1b29c99f0800ffc9da4ab7b914865a185
                                                                                                                                                                                                                                                                                                                  • Instruction ID: 66e62c5d6c7775ff4cea72667941029308d228c48495a605f612c1d2d9e1fc74
                                                                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 3d774f31bfc7c5d70b6f8c035fc875d1b29c99f0800ffc9da4ab7b914865a185
                                                                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: FBC04C31218605AEE7605B219F0CB177A94DB50741F114839E186F40A0DA788455D92D
                                                                                                                                                                                                                                                                                                                  Function 6EFE2B98 Relevance: 1.6, APIs: 1, Instructions: 143COMMON
                                                                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                                                                  • K32GetProcessImageFileNameW.KERNEL32(00000000), ref: 6EFE2C57
                                                                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                                                                  • Source File: 0000000B.00000002.3121354560.000000006EFE1000.00000020.00000001.01000000.0000000F.sdmp, Offset: 6EFE0000, based on PE: true
                                                                                                                                                                                                                                                                                                                  • Associated: 0000000B.00000002.3121303186.000000006EFE0000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 0000000B.00000002.3121405293.000000006EFE4000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 0000000B.00000002.3121454401.000000006EFE6000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_11_2_6efe0000_nsr7B99.jbxd
                                                                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                                                                  • API ID: FileImageNameProcess
                                                                                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                                                                                  • API String ID: 3017713154-0
                                                                                                                                                                                                                                                                                                                  • Opcode ID: 00bda9c15578835e4233737a91834eda96b62c8e2bacb8bba14b1221fa63ceb0
                                                                                                                                                                                                                                                                                                                  • Instruction ID: f1ec6947453a64d9ebc639f91ba425f7e0045324f6ac815338691e0d9ac4ce18
                                                                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 00bda9c15578835e4233737a91834eda96b62c8e2bacb8bba14b1221fa63ceb0
                                                                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 6D417172510607FFEB20DFE4D865BA937BDEB85318F208826F604D7910E736B5808B91
                                                                                                                                                                                                                                                                                                                  Function 00406503 Relevance: 1.5, APIs: 1, Instructions: 24registryCOMMON
                                                                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                                                                  • RegCreateKeyExW.KERNEL32(00000000,?,00000000,00000000,00000000,?,00000000,?,00000000,?,?,?,00402E57,00000000,?,?), ref: 0040652C
                                                                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                                                                  • Source File: 0000000B.00000002.3116855936.0000000000401000.00000020.00000001.01000000.0000000E.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                                  • Associated: 0000000B.00000002.3116825906.0000000000400000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 0000000B.00000002.3116905887.0000000000408000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 0000000B.00000002.3116932743.000000000040A000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 0000000B.00000002.3116932743.0000000000427000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 0000000B.00000002.3116932743.000000000042B000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 0000000B.00000002.3116932743.000000000042F000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 0000000B.00000002.3116932743.0000000000433000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 0000000B.00000002.3116932743.0000000000435000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 0000000B.00000002.3116932743.0000000000454000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 0000000B.00000002.3116932743.0000000000457000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 0000000B.00000002.3117248813.000000000045D000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 0000000B.00000002.3117248813.000000000045F000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_11_2_400000_nsr7B99.jbxd
                                                                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                                                                  • API ID: Create
                                                                                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                                                                                  • API String ID: 2289755597-0
                                                                                                                                                                                                                                                                                                                  • Opcode ID: f0170b29b94a961cdf0cc122a920c286c7e5b726b195fdee8f598fb45efbb6e4
                                                                                                                                                                                                                                                                                                                  • Instruction ID: 390987c888b9fe28ccc3a202ccefe0e129b8fdbaba7b34d45eb5723cdb444700
                                                                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: f0170b29b94a961cdf0cc122a920c286c7e5b726b195fdee8f598fb45efbb6e4
                                                                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: C1E0ECB2010109BEEF099F90EC0ADBB372DEB04704F41492EF907E4091E6B5AE70AA34
                                                                                                                                                                                                                                                                                                                  Function 0040620A Relevance: 1.5, APIs: 1, Instructions: 22fileCOMMON
                                                                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                                                                  • WriteFile.KERNEL32(?,00000000,00000000,00000000,00000000,00411CFE,0040CEF0,00403579,0040CEF0,00411CFE,00414EF0,00004000,?,00000000,004033A3,00000004), ref: 0040621E
                                                                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                                                                  • Source File: 0000000B.00000002.3116855936.0000000000401000.00000020.00000001.01000000.0000000E.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                                  • Associated: 0000000B.00000002.3116825906.0000000000400000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 0000000B.00000002.3116905887.0000000000408000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 0000000B.00000002.3116932743.000000000040A000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 0000000B.00000002.3116932743.0000000000427000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 0000000B.00000002.3116932743.000000000042B000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 0000000B.00000002.3116932743.000000000042F000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 0000000B.00000002.3116932743.0000000000433000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 0000000B.00000002.3116932743.0000000000435000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 0000000B.00000002.3116932743.0000000000454000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 0000000B.00000002.3116932743.0000000000457000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 0000000B.00000002.3117248813.000000000045D000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 0000000B.00000002.3117248813.000000000045F000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_11_2_400000_nsr7B99.jbxd
                                                                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                                                                  • API ID: FileWrite
                                                                                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                                                                                  • API String ID: 3934441357-0
                                                                                                                                                                                                                                                                                                                  • Opcode ID: 3dec9289c2e50997f5b7f42c7d661c3d3292bfbb80aff78175bf8fde073ef60e
                                                                                                                                                                                                                                                                                                                  • Instruction ID: 398385dbb58ca0a44fa402a726e0ab0b2131cea3ae709c8a1b666252059dd88a
                                                                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 3dec9289c2e50997f5b7f42c7d661c3d3292bfbb80aff78175bf8fde073ef60e
                                                                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: F6E08632141129EBCF10AE548C00EEB375CFB01350F014476F955E3040D330E93087A5
                                                                                                                                                                                                                                                                                                                  Function 004061DB Relevance: 1.5, APIs: 1, Instructions: 22fileCOMMON
                                                                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                                                                  • ReadFile.KERNEL32(?,00000000,00000000,00000000,00000000,00414EF0,0040CEF0,004035F5,?,?,004034F9,00414EF0,00004000,?,00000000,004033A3), ref: 004061EF
                                                                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                                                                  • Source File: 0000000B.00000002.3116855936.0000000000401000.00000020.00000001.01000000.0000000E.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                                  • Associated: 0000000B.00000002.3116825906.0000000000400000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 0000000B.00000002.3116905887.0000000000408000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 0000000B.00000002.3116932743.000000000040A000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 0000000B.00000002.3116932743.0000000000427000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 0000000B.00000002.3116932743.000000000042B000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 0000000B.00000002.3116932743.000000000042F000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 0000000B.00000002.3116932743.0000000000433000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 0000000B.00000002.3116932743.0000000000435000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 0000000B.00000002.3116932743.0000000000454000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 0000000B.00000002.3116932743.0000000000457000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 0000000B.00000002.3117248813.000000000045D000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 0000000B.00000002.3117248813.000000000045F000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_11_2_400000_nsr7B99.jbxd
                                                                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                                                                  • API ID: FileRead
                                                                                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                                                                                  • API String ID: 2738559852-0
                                                                                                                                                                                                                                                                                                                  • Opcode ID: 0024165f2f5d2011be9120f41fe866c54f7b8e58de784a1218c53157080e4b8c
                                                                                                                                                                                                                                                                                                                  • Instruction ID: 689b8facb1381159ac92aeccc4703b7db47ce2620db9a14c340ec3ef8a35c8b1
                                                                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 0024165f2f5d2011be9120f41fe866c54f7b8e58de784a1218c53157080e4b8c
                                                                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: C1E0863250021AABDF10AE518C04AEB375CEB01360F014477F922E2150D230E82187E8
                                                                                                                                                                                                                                                                                                                  Function 6EFE2A7F Relevance: 1.5, APIs: 1, Instructions: 21memoryCOMMON
                                                                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                                                                  • VirtualProtect.KERNEL32(6EFE505C,00000004,00000040,6EFE504C), ref: 6EFE2A9D
                                                                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                                                                  • Source File: 0000000B.00000002.3121354560.000000006EFE1000.00000020.00000001.01000000.0000000F.sdmp, Offset: 6EFE0000, based on PE: true
                                                                                                                                                                                                                                                                                                                  • Associated: 0000000B.00000002.3121303186.000000006EFE0000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 0000000B.00000002.3121405293.000000006EFE4000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 0000000B.00000002.3121454401.000000006EFE6000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_11_2_6efe0000_nsr7B99.jbxd
                                                                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                                                                  • API ID: ProtectVirtual
                                                                                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                                                                                  • API String ID: 544645111-0
                                                                                                                                                                                                                                                                                                                  • Opcode ID: 18ee5e39583dacc782f3e095c9bb00505cd18e4905e7681e85cd1786641185f5
                                                                                                                                                                                                                                                                                                                  • Instruction ID: 9d36d00b34e6752a163599de0bf691ca9eea6ecc994428db2c8ea6435ccea901
                                                                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 18ee5e39583dacc782f3e095c9bb00505cd18e4905e7681e85cd1786641185f5
                                                                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 22F0AEB0924A82FFCBA0CF6884547293BE0BBCA314B14452AF388DA680E3757444CB91
                                                                                                                                                                                                                                                                                                                  Function 004035F8 Relevance: 1.5, APIs: 1, Instructions: 6COMMON
                                                                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                                                                  • SetFilePointer.KERNEL32(00000000,00000000,00000000,004032F6,?), ref: 00403606
                                                                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                                                                  • Source File: 0000000B.00000002.3116855936.0000000000401000.00000020.00000001.01000000.0000000E.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                                  • Associated: 0000000B.00000002.3116825906.0000000000400000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 0000000B.00000002.3116905887.0000000000408000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 0000000B.00000002.3116932743.000000000040A000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 0000000B.00000002.3116932743.0000000000427000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 0000000B.00000002.3116932743.000000000042B000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 0000000B.00000002.3116932743.000000000042F000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 0000000B.00000002.3116932743.0000000000433000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 0000000B.00000002.3116932743.0000000000435000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 0000000B.00000002.3116932743.0000000000454000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 0000000B.00000002.3116932743.0000000000457000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 0000000B.00000002.3117248813.000000000045D000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 0000000B.00000002.3117248813.000000000045F000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_11_2_400000_nsr7B99.jbxd
                                                                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                                                                  • API ID: FilePointer
                                                                                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                                                                                  • API String ID: 973152223-0
                                                                                                                                                                                                                                                                                                                  • Opcode ID: e1e4f0b9cbde4cef3e4374ef9de0ac4f9a9ec0cef6a377cf2568efe91b529ef4
                                                                                                                                                                                                                                                                                                                  • Instruction ID: 036c8468b6dd2e012b37e6e875261c5f60c7cf4634656b07e897873a541603b6
                                                                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: e1e4f0b9cbde4cef3e4374ef9de0ac4f9a9ec0cef6a377cf2568efe91b529ef4
                                                                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 1FB01231140304BFDA214F10DF09F067B21BB94700F20C034B384380F086711435EB0D
                                                                                                                                                                                                                                                                                                                  Function 00401FA4 Relevance: 1.3, APIs: 1, Instructions: 37COMMON
                                                                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                                                                    • Part of subcall function 004056CA: lstrlenW.KERNEL32(00422728,00000000,00000000,00000000,?,?,?,?,?,?,?,?,?,004030A8,00000000,?), ref: 00405702
                                                                                                                                                                                                                                                                                                                    • Part of subcall function 004056CA: lstrlenW.KERNEL32(004030A8,00422728,00000000,00000000,00000000,?,?,?,?,?,?,?,?,?,004030A8,00000000), ref: 00405712
                                                                                                                                                                                                                                                                                                                    • Part of subcall function 004056CA: lstrcatW.KERNEL32(00422728,004030A8,004030A8,00422728,00000000,00000000,00000000), ref: 00405725
                                                                                                                                                                                                                                                                                                                    • Part of subcall function 004056CA: SetWindowTextW.USER32(00422728,00422728), ref: 00405737
                                                                                                                                                                                                                                                                                                                    • Part of subcall function 004056CA: SendMessageW.USER32(?,00001004,00000000,00000000), ref: 0040575D
                                                                                                                                                                                                                                                                                                                    • Part of subcall function 004056CA: SendMessageW.USER32(?,0000104D,00000000,00000001), ref: 00405777
                                                                                                                                                                                                                                                                                                                    • Part of subcall function 004056CA: SendMessageW.USER32(?,00001013,?,00000000), ref: 00405785
                                                                                                                                                                                                                                                                                                                    • Part of subcall function 00405C4B: CreateProcessW.KERNEL32(00000000,?,00000000,00000000,00000000,04000000,00000000,00000000,00426750,00000000,00000000), ref: 00405C74
                                                                                                                                                                                                                                                                                                                    • Part of subcall function 00405C4B: CloseHandle.KERNEL32(?), ref: 00405C81
                                                                                                                                                                                                                                                                                                                  • CloseHandle.KERNEL32(?,?,?,?,?,?), ref: 00401FEB
                                                                                                                                                                                                                                                                                                                    • Part of subcall function 00406AE0: WaitForSingleObject.KERNEL32(?,00000064), ref: 00406AF1
                                                                                                                                                                                                                                                                                                                    • Part of subcall function 00406AE0: GetExitCodeProcess.KERNEL32(?,?), ref: 00406B13
                                                                                                                                                                                                                                                                                                                    • Part of subcall function 004065AF: wsprintfW.USER32 ref: 004065BC
                                                                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                                                                  • Source File: 0000000B.00000002.3116855936.0000000000401000.00000020.00000001.01000000.0000000E.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                                  • Associated: 0000000B.00000002.3116825906.0000000000400000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 0000000B.00000002.3116905887.0000000000408000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 0000000B.00000002.3116932743.000000000040A000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 0000000B.00000002.3116932743.0000000000427000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 0000000B.00000002.3116932743.000000000042B000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 0000000B.00000002.3116932743.000000000042F000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 0000000B.00000002.3116932743.0000000000433000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 0000000B.00000002.3116932743.0000000000435000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 0000000B.00000002.3116932743.0000000000454000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 0000000B.00000002.3116932743.0000000000457000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 0000000B.00000002.3117248813.000000000045D000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 0000000B.00000002.3117248813.000000000045F000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_11_2_400000_nsr7B99.jbxd
                                                                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                                                                  • API ID: MessageSend$CloseHandleProcesslstrlen$CodeCreateExitObjectSingleTextWaitWindowlstrcatwsprintf
                                                                                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                                                                                  • API String ID: 2972824698-0
                                                                                                                                                                                                                                                                                                                  • Opcode ID: 39558c5643c496eaffaca9d6483fe6d6b72d5b00fb47a50e88cd8089dc569f6d
                                                                                                                                                                                                                                                                                                                  • Instruction ID: 7fe263eab699b123ac8c37dffe14ee58438593542e676086741668bd6549bbba
                                                                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 39558c5643c496eaffaca9d6483fe6d6b72d5b00fb47a50e88cd8089dc569f6d
                                                                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 3DF09072905112EBDF21BBA59AC4DAE76A4DF01318B25453BE102B21E0D77C4E528A6E
                                                                                                                                                                                                                                                                                                                  Function 6EFE12BB Relevance: 1.3, APIs: 1, Instructions: 6memoryCOMMON
                                                                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                                                                  • GlobalAlloc.KERNEL32(00000040,?,6EFE12DB,?,6EFE137F,00000019,6EFE11CA,-000000A0), ref: 6EFE12C5
                                                                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                                                                  • Source File: 0000000B.00000002.3121354560.000000006EFE1000.00000020.00000001.01000000.0000000F.sdmp, Offset: 6EFE0000, based on PE: true
                                                                                                                                                                                                                                                                                                                  • Associated: 0000000B.00000002.3121303186.000000006EFE0000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 0000000B.00000002.3121405293.000000006EFE4000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 0000000B.00000002.3121454401.000000006EFE6000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_11_2_6efe0000_nsr7B99.jbxd
                                                                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                                                                  • API ID: AllocGlobal
                                                                                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                                                                                  • API String ID: 3761449716-0
                                                                                                                                                                                                                                                                                                                  • Opcode ID: 0a44f506a82cf6314a0befc2dd6b43bf28fcdcb49af5871904e299400f391440
                                                                                                                                                                                                                                                                                                                  • Instruction ID: cba3fe0ee9c5c5cfb043cdca182fe464b5aaf137831e78cba6ce2770c8e551f9
                                                                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 0a44f506a82cf6314a0befc2dd6b43bf28fcdcb49af5871904e299400f391440
                                                                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 02B01270A10400FFEE808B64CC06F343654E7C1301F044010F700C0181C1606C008538

                                                                                                                                                                                                                                                                                                                  Non-executed Functions

                                                                                                                                                                                                                                                                                                                  Function 6FB5332C Relevance: 198.6, APIs: 74, Strings: 39, Instructions: 845networkstringmemoryCOMMON
                                                                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                                                                  • lstrcmpiW.KERNEL32(00000000,PreConfig,?,?,?,?,?,?,?,?,00000000,?,nsJSON NSIS plug-in/1.0.x.x,?,?), ref: 6FB533B5
                                                                                                                                                                                                                                                                                                                  • lstrcmpiW.KERNEL32(00000000,Proxy,?,?,?,?,?,?,?,?,00000000,?,nsJSON NSIS plug-in/1.0.x.x,?,?), ref: 6FB533C5
                                                                                                                                                                                                                                                                                                                  • InternetOpenW.WININET(?,00000001,00000000,00000000,00000000), ref: 6FB53421
                                                                                                                                                                                                                                                                                                                  • GlobalAlloc.KERNEL32(00000040,0000003C,?,?,?,?,?,?,?,?,00000000,?,nsJSON NSIS plug-in/1.0.x.x,?,?), ref: 6FB53436
                                                                                                                                                                                                                                                                                                                  • lstrcmpiW.KERNEL32(00000000,6FB55110,Raw,?,?,?,?,?,?,?,?,?,?,?,00000000), ref: 6FB53487
                                                                                                                                                                                                                                                                                                                  • GetLastError.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,00000000,?,nsJSON NSIS plug-in/1.0.x.x,?,?), ref: 6FB534D7
                                                                                                                                                                                                                                                                                                                  • lstrlenW.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,00000000,?,nsJSON NSIS plug-in/1.0.x.x), ref: 6FB534FD
                                                                                                                                                                                                                                                                                                                  • lstrlenW.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,00000000,?,nsJSON NSIS plug-in/1.0.x.x), ref: 6FB5351F
                                                                                                                                                                                                                                                                                                                  • GlobalAlloc.KERNEL32(00000040,?,?,?,?,?,?,?,?,?,?,?,?,00000000,?,nsJSON NSIS plug-in/1.0.x.x), ref: 6FB53531
                                                                                                                                                                                                                                                                                                                  • GlobalAlloc.KERNEL32(00000040,?,?,?,?,?,?,?,?,?,?,?,?,00000000,?,nsJSON NSIS plug-in/1.0.x.x), ref: 6FB5354A
                                                                                                                                                                                                                                                                                                                  • InternetCrackUrlW.WININET(?,00000000,00000000,00000000), ref: 6FB53561
                                                                                                                                                                                                                                                                                                                  • InternetConnectW.WININET(?,?,?,00000000,00000000,00000003,00000000,00000000), ref: 6FB53582
                                                                                                                                                                                                                                                                                                                  • lstrcpyW.KERNEL32(?,6FB552F8,?,GET,?,?,?,?,?,?,?,?,?,?,?,00000000), ref: 6FB535D4
                                                                                                                                                                                                                                                                                                                  • lstrcpyW.KERNEL32(?,?,?,GET,?,?,?,?,?,?,?,?,?,?,?,00000000), ref: 6FB535E8
                                                                                                                                                                                                                                                                                                                  • lstrlenW.KERNEL32(00000000,?,?,00000000,?,GET), ref: 6FB5361D
                                                                                                                                                                                                                                                                                                                  • InternetSetOptionW.WININET(?,0000002B,?,00000000), ref: 6FB5362C
                                                                                                                                                                                                                                                                                                                  • lstrlenW.KERNEL32(00000000,?,?,00000000,?,?,00000000,?,GET), ref: 6FB53653
                                                                                                                                                                                                                                                                                                                  • InternetSetOptionW.WININET(?,0000002C,?,00000000), ref: 6FB53662
                                                                                                                                                                                                                                                                                                                  • InternetSetOptionW.WININET(?,00000041,?,00000004), ref: 6FB5368D
                                                                                                                                                                                                                                                                                                                  • lstrlenW.KERNEL32(00000000,?,00000000,?,?,?,?,?,?,GET), ref: 6FB536B1
                                                                                                                                                                                                                                                                                                                  • InternetSetOptionW.WININET(?,0000001C,?,00000000), ref: 6FB536C0
                                                                                                                                                                                                                                                                                                                  • lstrlenW.KERNEL32(00000000,?,?,00000000,?,00000000,?,?,?,?,?,?,GET), ref: 6FB536E4
                                                                                                                                                                                                                                                                                                                  • InternetSetOptionW.WININET(?,0000001D,?,00000000), ref: 6FB536F3
                                                                                                                                                                                                                                                                                                                  • InternetSetOptionW.WININET(?,00000002,?,00000004), ref: 6FB53727
                                                                                                                                                                                                                                                                                                                  • InternetSetOptionW.WININET(?,00000005,?,00000004), ref: 6FB5375B
                                                                                                                                                                                                                                                                                                                  • InternetSetOptionW.WININET(?,00000006,?,00000004), ref: 6FB5378F
                                                                                                                                                                                                                                                                                                                  • HttpOpenRequestW.WININET(?,?,?,00000000,00000000,6FB56024,84480200,00000000), ref: 6FB537B6
                                                                                                                                                                                                                                                                                                                  • HttpAddRequestHeadersW.WININET(00000000,?,000000FF,00000000), ref: 6FB5382E
                                                                                                                                                                                                                                                                                                                  • HttpAddRequestHeadersW.WININET(00000000,Accept-Encoding: gzip,deflate,000000FF,20000000), ref: 6FB53847
                                                                                                                                                                                                                                                                                                                  • lstrcmpiW.KERNEL32(?,POST,?,?,?,?,?,?,?,?,00000000), ref: 6FB53855
                                                                                                                                                                                                                                                                                                                  • HttpAddRequestHeadersW.WININET(00000000,Content-Type: application/x-www-form-urlencoded,000000FF,20000000), ref: 6FB53879
                                                                                                                                                                                                                                                                                                                  • lstrlenW.KERNEL32(?,?,?,?,?,?,?,?,?,00000000), ref: 6FB538A2
                                                                                                                                                                                                                                                                                                                  • lstrlenW.KERNEL32(?,?,?,?,?,?,?,?,?,00000000), ref: 6FB538AD
                                                                                                                                                                                                                                                                                                                  • GlobalAlloc.KERNEL32(00000040,00000000,?,?,?,?,?,?,?,?,00000000), ref: 6FB538C5
                                                                                                                                                                                                                                                                                                                  • lstrcpyW.KERNEL32(00000000,?,?,?,?,?,?,?,?,?,00000000), ref: 6FB538D5
                                                                                                                                                                                                                                                                                                                  • lstrcatW.KERNEL32(00000000,6FB551A0,?,?,?,?,?,?,?,?,00000000), ref: 6FB538E1
                                                                                                                                                                                                                                                                                                                  • lstrcatW.KERNEL32(00000000,?,?,?,?,?,?,?,?,?,00000000), ref: 6FB538EB
                                                                                                                                                                                                                                                                                                                  • lstrcatW.KERNEL32(00000000,6FB550F8,?,?,?,?,?,?,?,?,00000000), ref: 6FB538F7
                                                                                                                                                                                                                                                                                                                  • HttpAddRequestHeadersW.WININET(?,00000000,?,A0000000), ref: 6FB53907
                                                                                                                                                                                                                                                                                                                  • GlobalFree.KERNEL32(00000000), ref: 6FB5390E
                                                                                                                                                                                                                                                                                                                  • GetLastError.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,00000000), ref: 6FB5396C
                                                                                                                                                                                                                                                                                                                  • lstrcmpiW.KERNEL32(?,Unicode,?,?,?,?,?,?,?,?,?,?,?,00000000), ref: 6FB5399B
                                                                                                                                                                                                                                                                                                                  • lstrlenW.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,00000000), ref: 6FB539A8
                                                                                                                                                                                                                                                                                                                  • HttpSendRequestW.WININET(00000000,00000000,00000000,?,00000000), ref: 6FB539B9
                                                                                                                                                                                                                                                                                                                  • GetLastError.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,00000000), ref: 6FB539C6
                                                                                                                                                                                                                                                                                                                  • lstrlenW.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,00000000), ref: 6FB539E2
                                                                                                                                                                                                                                                                                                                  • HttpSendRequestW.WININET(00000000,00000000,00000000,00000000,?), ref: 6FB53A0D
                                                                                                                                                                                                                                                                                                                  • GetLastError.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,?,?,00000000), ref: 6FB53A1A
                                                                                                                                                                                                                                                                                                                  • GlobalFree.KERNEL32(?), ref: 6FB53A34
                                                                                                                                                                                                                                                                                                                  • GlobalFree.KERNEL32(?), ref: 6FB53A3D
                                                                                                                                                                                                                                                                                                                  • HttpSendRequestW.WININET(00000000,00000000,00000000,00000000,00000000), ref: 6FB53A4A
                                                                                                                                                                                                                                                                                                                  • GetLastError.KERNEL32(?,?,?,?,?,?,?,?,00000000,?,?,?,?,?,?,00000000), ref: 6FB53A57
                                                                                                                                                                                                                                                                                                                  • InternetQueryDataAvailable.WININET(00000000,?,00000000,00000000,?,?,?,?,?,?,?,?,00000000), ref: 6FB53A81
                                                                                                                                                                                                                                                                                                                  • GlobalAlloc.KERNEL32(00000040,?,?,?,?,?,?,?,?,?,00000000), ref: 6FB53A96
                                                                                                                                                                                                                                                                                                                  • InternetReadFile.WININET(00000000,00000000,?,?), ref: 6FB53AB5
                                                                                                                                                                                                                                                                                                                  • GetLastError.KERNEL32(?,?,?,?,?,?,?,?,00000000,?,?,?,?,?,?,00000000), ref: 6FB53B14
                                                                                                                                                                                                                                                                                                                  • GlobalFree.KERNEL32(?), ref: 6FB53B2F
                                                                                                                                                                                                                                                                                                                  • GetLastError.KERNEL32(?,?,?,?,?,?,?,?,00000000,?,?,?,?,?,?,00000000), ref: 6FB53B37
                                                                                                                                                                                                                                                                                                                  • HttpQueryInfoW.WININET(00000000,00000013,00000000,?,00000000), ref: 6FB53B5C
                                                                                                                                                                                                                                                                                                                  • GetLastError.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,00000000), ref: 6FB53B66
                                                                                                                                                                                                                                                                                                                  • GlobalAlloc.KERNEL32(00000040,?,?,?,?,?,?,?,?,?,?,?,?,00000000), ref: 6FB53B7E
                                                                                                                                                                                                                                                                                                                  • HttpQueryInfoW.WININET(00000000,00000013,00000000,?,00000000), ref: 6FB53B95
                                                                                                                                                                                                                                                                                                                  • GlobalFree.KERNEL32(00000000), ref: 6FB53BB6
                                                                                                                                                                                                                                                                                                                  • InternetCloseHandle.WININET(00000000), ref: 6FB53BBD
                                                                                                                                                                                                                                                                                                                  • GetLastError.KERNEL32(?,?,00000000,?,?,00000000,?,?,00000000,?,?,00000000,?,00000000), ref: 6FB53BC5
                                                                                                                                                                                                                                                                                                                  • InternetCloseHandle.WININET(?), ref: 6FB53BDF
                                                                                                                                                                                                                                                                                                                  • GetLastError.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,00000000,?,nsJSON NSIS plug-in/1.0.x.x,?,?), ref: 6FB53BE7
                                                                                                                                                                                                                                                                                                                  • GetLastError.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,00000000,?,nsJSON NSIS plug-in/1.0.x.x,?,?), ref: 6FB53BF5
                                                                                                                                                                                                                                                                                                                  • GlobalFree.KERNEL32(?), ref: 6FB53C0F
                                                                                                                                                                                                                                                                                                                  • GlobalFree.KERNEL32(?), ref: 6FB53C18
                                                                                                                                                                                                                                                                                                                  • GlobalFree.KERNEL32(?), ref: 6FB53C32
                                                                                                                                                                                                                                                                                                                  • GlobalFree.KERNEL32(00000000), ref: 6FB53C39
                                                                                                                                                                                                                                                                                                                  • InternetCloseHandle.WININET(?), ref: 6FB53C42
                                                                                                                                                                                                                                                                                                                  • GetLastError.KERNEL32(?,?,?,?,?,?,?,?,00000000,?,nsJSON NSIS plug-in/1.0.x.x,?,?), ref: 6FB53C4A
                                                                                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                                                                  • Source File: 0000000B.00000002.3121957134.000000006FB51000.00000020.00000001.01000000.00000012.sdmp, Offset: 6FB50000, based on PE: true
                                                                                                                                                                                                                                                                                                                  • Associated: 0000000B.00000002.3121909200.000000006FB50000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 0000000B.00000002.3122021784.000000006FB55000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 0000000B.00000002.3122082427.000000006FB57000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_11_2_6fb50000_nsr7B99.jbxd
                                                                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                                                                  • API ID: Internet$Global$ErrorLast$Httplstrlen$Free$OptionRequest$Alloc$lstrcmpi$Headers$CloseHandleQuerySendlstrcatlstrcpy$InfoOpen$AvailableConnectCrackDataFileRead
                                                                                                                                                                                                                                                                                                                  • String ID: Accept-Encoding: gzip,deflate$AccessType$Agent$Bypass$ConnectTimeout$Content-Type: application/json$Content-Type: application/x-www-form-urlencoded$Data$DataEncoding$Decoding$GET$Headers$HttpOpenRequest$HttpSendRequest$InternetConnect$InternetCrackUrl$InternetOpen$InternetQueryDataAvailable$InternetReadFile$JSON_SerializeAlloc$Output$POST$Params$ParamsType$Password$PreConfig$Proxy$Raw$RawOutput$ReceiveTimeout$SendTimeout$Server$StatusCode$Unicode$UnicodeOutput$Url$Username$Verb$nsJSON NSIS plug-in/1.0.x.x
                                                                                                                                                                                                                                                                                                                  • API String ID: 1670357981-3940592491
                                                                                                                                                                                                                                                                                                                  • Opcode ID: 643f584e4be9bc7c365d3fc7ae4825ed528e652ffe0bec5dcaa8c688655bb4d0
                                                                                                                                                                                                                                                                                                                  • Instruction ID: ee00ac69534e88c81c31ee809c0791c0acf424087e00fb39cff85863a7627f9a
                                                                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 643f584e4be9bc7c365d3fc7ae4825ed528e652ffe0bec5dcaa8c688655bb4d0
                                                                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: BB4260B1900645BFEF015FB9EC45EAF7B7DEF05219B080129F905E6240EB3DE9358AA4
                                                                                                                                                                                                                                                                                                                  Function 6FB52E57 Relevance: 79.2, APIs: 34, Strings: 11, Instructions: 412memorystringfileCOMMON
                                                                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                                                                  • GlobalAlloc.KERNEL32(00000040,?,?,00000000,?,?,?,?,?,?,?,?,?,?), ref: 6FB52ECB
                                                                                                                                                                                                                                                                                                                  • CreatePipe.KERNEL32(?,?,0000000C,00000000,?,?,00000000), ref: 6FB52EFE
                                                                                                                                                                                                                                                                                                                  • SetHandleInformation.KERNEL32(?,00000001,00000000,?,?,00000000,?,?,?,?,?,?,?,?,?,?), ref: 6FB52F15
                                                                                                                                                                                                                                                                                                                  • CreatePipe.KERNEL32(?,?,0000000C,00000000,?,?,00000000), ref: 6FB52F2D
                                                                                                                                                                                                                                                                                                                  • SetHandleInformation.KERNEL32(?,00000001,00000000,?,?,00000000,?,?,?,?,?,?,?,?,?,?), ref: 6FB52F3E
                                                                                                                                                                                                                                                                                                                  • GlobalAlloc.KERNEL32(00000040,00000010,?,?,00000000,?,?,?,?,?,?,?,?,?,?), ref: 6FB52F4C
                                                                                                                                                                                                                                                                                                                  • GlobalAlloc.KERNEL32(00000040,00000044,?,?,00000000,?,?,?,?,?,?,?,?,?,?), ref: 6FB52F5F
                                                                                                                                                                                                                                                                                                                  • lstrlenW.KERNEL32(?,?,?,?,?,?,00000000), ref: 6FB52FC8
                                                                                                                                                                                                                                                                                                                  • GlobalAlloc.KERNEL32(00000040,00000000,?,?,?,?,?,00000000), ref: 6FB52FE2
                                                                                                                                                                                                                                                                                                                  • lstrcpyW.KERNEL32(00000000,?,?,?,?,?,?,00000000), ref: 6FB5300F
                                                                                                                                                                                                                                                                                                                  • lstrlenW.KERNEL32(?,?,?,?,?,?,00000000), ref: 6FB53014
                                                                                                                                                                                                                                                                                                                  • lstrcpyW.KERNEL32(00000000,6FB550EC,?,?,?,?,?,00000000), ref: 6FB53028
                                                                                                                                                                                                                                                                                                                  • CreateProcessW.KERNEL32(?,00000000,00000000,00000000,00000001,08000000,00000000,00000000,?,?,?,?,?,?,?,00000000), ref: 6FB53095
                                                                                                                                                                                                                                                                                                                  • CloseHandle.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,00000000), ref: 6FB530C4
                                                                                                                                                                                                                                                                                                                  • CloseHandle.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,00000000), ref: 6FB53132
                                                                                                                                                                                                                                                                                                                  • CloseHandle.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,00000000), ref: 6FB53140
                                                                                                                                                                                                                                                                                                                  • ReadFile.KERNEL32(?,?,?,00000000,?,?,?,?,?,?,?,?,?,?,?,00000000), ref: 6FB53160
                                                                                                                                                                                                                                                                                                                  • GlobalReAlloc.KERNEL32(00000000,00000002,00000042), ref: 6FB5317E
                                                                                                                                                                                                                                                                                                                  • GlobalAlloc.KERNEL32(00000040,?,?,?,?,?,?,?,?,?,?,?,?,00000000), ref: 6FB5318C
                                                                                                                                                                                                                                                                                                                  • ReadFile.KERNEL32(?,?,?,00000000,?,?,?,?,?,?,?,?,?,?,?,00000000), ref: 6FB531CD
                                                                                                                                                                                                                                                                                                                  • GetLastError.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,00000000), ref: 6FB531D5
                                                                                                                                                                                                                                                                                                                  • GetExitCodeProcess.KERNEL32(?,?), ref: 6FB53246
                                                                                                                                                                                                                                                                                                                  • GlobalAlloc.KERNEL32(00000040,00000016,?,?,?,?,?,?,?,?,?,?,?,00000000), ref: 6FB53254
                                                                                                                                                                                                                                                                                                                  • wsprintfW.USER32 ref: 6FB53269
                                                                                                                                                                                                                                                                                                                  • GlobalFree.KERNEL32(00000000), ref: 6FB53285
                                                                                                                                                                                                                                                                                                                  • CloseHandle.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,00000000), ref: 6FB5328D
                                                                                                                                                                                                                                                                                                                  • GlobalFree.KERNEL32(00000000), ref: 6FB532A7
                                                                                                                                                                                                                                                                                                                  • GlobalFree.KERNEL32(?), ref: 6FB532B1
                                                                                                                                                                                                                                                                                                                  • GlobalFree.KERNEL32(00000000), ref: 6FB532B8
                                                                                                                                                                                                                                                                                                                  • CloseHandle.KERNEL32(00000000,?,?,00000000,?,?,?,?,?,?,?,?,?,?), ref: 6FB532CA
                                                                                                                                                                                                                                                                                                                  • CloseHandle.KERNEL32(00000000,?,?,00000000,?,?,?,?,?,?,?,?,?,?), ref: 6FB532D9
                                                                                                                                                                                                                                                                                                                  • CloseHandle.KERNEL32(00000000,?,?,00000000,?,?,?,?,?,?,?,?,?,?), ref: 6FB532E8
                                                                                                                                                                                                                                                                                                                  • CloseHandle.KERNEL32(00000000,?,?,00000000,?,?,?,?,?,?,?,?,?,?), ref: 6FB532F7
                                                                                                                                                                                                                                                                                                                  • GlobalFree.KERNEL32(00000000), ref: 6FB532FE
                                                                                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                                                                  • Source File: 0000000B.00000002.3121957134.000000006FB51000.00000020.00000001.01000000.00000012.sdmp, Offset: 6FB50000, based on PE: true
                                                                                                                                                                                                                                                                                                                  • Associated: 0000000B.00000002.3121909200.000000006FB50000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 0000000B.00000002.3122021784.000000006FB55000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 0000000B.00000002.3122082427.000000006FB57000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_11_2_6fb50000_nsr7B99.jbxd
                                                                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                                                                  • API ID: Global$Handle$Close$Alloc$Free$Create$FileInformationPipeProcessReadlstrcpylstrlen$CodeErrorExitLastwsprintf
                                                                                                                                                                                                                                                                                                                  • String ID: %lu$Arguments$DoCreateProcess$ExitCode$Input$Output$Path$RawOutput$UnicodeInput$UnicodeOutput$WorkingDir
                                                                                                                                                                                                                                                                                                                  • API String ID: 2805452489-696223222
                                                                                                                                                                                                                                                                                                                  • Opcode ID: aa4f551cab1b2212e14281bb90b8bdf0781c1789b4d1eb65a9ce160e65b32657
                                                                                                                                                                                                                                                                                                                  • Instruction ID: e1c2bb39e7e1be2d36f5b1ce28e3035edf3cf004df97d7f3686c0b36152911dc
                                                                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: aa4f551cab1b2212e14281bb90b8bdf0781c1789b4d1eb65a9ce160e65b32657
                                                                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 18E1EF71900689EBDF119FA5EC46F9E7BBAFF04715F084015F914AB240D739A836CBA8
                                                                                                                                                                                                                                                                                                                  Function 00405809 Relevance: 66.8, APIs: 36, Strings: 2, Instructions: 284windowclipboardmemoryCOMMON
                                                                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                                                                  • GetDlgItem.USER32(?,00000403), ref: 00405867
                                                                                                                                                                                                                                                                                                                  • GetDlgItem.USER32(?,000003EE), ref: 00405876
                                                                                                                                                                                                                                                                                                                  • GetClientRect.USER32(?,?), ref: 004058B3
                                                                                                                                                                                                                                                                                                                  • GetSystemMetrics.USER32(00000002), ref: 004058BA
                                                                                                                                                                                                                                                                                                                  • SendMessageW.USER32(?,00001061,00000000,?), ref: 004058DB
                                                                                                                                                                                                                                                                                                                  • SendMessageW.USER32(?,00001036,00004000,00004000), ref: 004058EC
                                                                                                                                                                                                                                                                                                                  • SendMessageW.USER32(?,00001001,00000000,00000110), ref: 004058FF
                                                                                                                                                                                                                                                                                                                  • SendMessageW.USER32(?,00001026,00000000,00000110), ref: 0040590D
                                                                                                                                                                                                                                                                                                                  • SendMessageW.USER32(?,00001024,00000000,?), ref: 00405920
                                                                                                                                                                                                                                                                                                                  • ShowWindow.USER32(00000000,?,0000001B,000000FF), ref: 00405942
                                                                                                                                                                                                                                                                                                                  • ShowWindow.USER32(?,00000008), ref: 00405956
                                                                                                                                                                                                                                                                                                                  • GetDlgItem.USER32(?,000003EC), ref: 00405977
                                                                                                                                                                                                                                                                                                                  • SendMessageW.USER32(00000000,00000401,00000000,75300000), ref: 00405987
                                                                                                                                                                                                                                                                                                                  • SendMessageW.USER32(00000000,00000409,00000000,?), ref: 004059A0
                                                                                                                                                                                                                                                                                                                  • SendMessageW.USER32(00000000,00002001,00000000,00000110), ref: 004059AC
                                                                                                                                                                                                                                                                                                                  • GetDlgItem.USER32(?,000003F8), ref: 00405885
                                                                                                                                                                                                                                                                                                                    • Part of subcall function 004045F9: SendMessageW.USER32(00000028,?,00000001,00404424), ref: 00404607
                                                                                                                                                                                                                                                                                                                  • GetDlgItem.USER32(?,000003EC), ref: 004059C9
                                                                                                                                                                                                                                                                                                                  • CreateThread.KERNEL32(00000000,00000000,Function_0000579D,00000000), ref: 004059D7
                                                                                                                                                                                                                                                                                                                  • CloseHandle.KERNEL32(00000000), ref: 004059DE
                                                                                                                                                                                                                                                                                                                  • ShowWindow.USER32(00000000), ref: 00405A02
                                                                                                                                                                                                                                                                                                                  • ShowWindow.USER32(?,00000008), ref: 00405A07
                                                                                                                                                                                                                                                                                                                  • ShowWindow.USER32(00000008), ref: 00405A51
                                                                                                                                                                                                                                                                                                                  • SendMessageW.USER32(?,00001004,00000000,00000000), ref: 00405A85
                                                                                                                                                                                                                                                                                                                  • CreatePopupMenu.USER32 ref: 00405A96
                                                                                                                                                                                                                                                                                                                  • AppendMenuW.USER32(00000000,00000000,00000001,00000000), ref: 00405AAA
                                                                                                                                                                                                                                                                                                                  • GetWindowRect.USER32(?,?), ref: 00405ACA
                                                                                                                                                                                                                                                                                                                  • TrackPopupMenu.USER32(00000000,00000180,?,?,00000000,?,00000000), ref: 00405AE3
                                                                                                                                                                                                                                                                                                                  • SendMessageW.USER32(?,00001073,00000000,?), ref: 00405B1B
                                                                                                                                                                                                                                                                                                                  • OpenClipboard.USER32(00000000), ref: 00405B2B
                                                                                                                                                                                                                                                                                                                  • EmptyClipboard.USER32 ref: 00405B31
                                                                                                                                                                                                                                                                                                                  • GlobalAlloc.KERNEL32(00000042,00000000), ref: 00405B3D
                                                                                                                                                                                                                                                                                                                  • GlobalLock.KERNEL32(00000000), ref: 00405B47
                                                                                                                                                                                                                                                                                                                  • SendMessageW.USER32(?,00001073,00000000,?), ref: 00405B5B
                                                                                                                                                                                                                                                                                                                  • GlobalUnlock.KERNEL32(00000000), ref: 00405B7B
                                                                                                                                                                                                                                                                                                                  • SetClipboardData.USER32(0000000D,00000000), ref: 00405B86
                                                                                                                                                                                                                                                                                                                  • CloseClipboard.USER32 ref: 00405B8C
                                                                                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                                                                  • Source File: 0000000B.00000002.3116855936.0000000000401000.00000020.00000001.01000000.0000000E.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                                  • Associated: 0000000B.00000002.3116825906.0000000000400000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 0000000B.00000002.3116905887.0000000000408000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 0000000B.00000002.3116932743.000000000040A000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 0000000B.00000002.3116932743.0000000000427000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 0000000B.00000002.3116932743.000000000042B000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 0000000B.00000002.3116932743.000000000042F000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 0000000B.00000002.3116932743.0000000000433000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 0000000B.00000002.3116932743.0000000000435000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 0000000B.00000002.3116932743.0000000000454000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 0000000B.00000002.3116932743.0000000000457000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 0000000B.00000002.3117248813.000000000045D000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 0000000B.00000002.3117248813.000000000045F000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_11_2_400000_nsr7B99.jbxd
                                                                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                                                                  • API ID: MessageSend$Window$ItemShow$Clipboard$GlobalMenu$CloseCreatePopupRect$AllocAppendClientDataEmptyHandleLockMetricsOpenSystemThreadTrackUnlock
                                                                                                                                                                                                                                                                                                                  • String ID: H7B${
                                                                                                                                                                                                                                                                                                                  • API String ID: 590372296-2256286769
                                                                                                                                                                                                                                                                                                                  • Opcode ID: 0185fb71cb0ebac8bb253ddb79263eb6e3c4c27c477fa06c1930d1494c9be16a
                                                                                                                                                                                                                                                                                                                  • Instruction ID: d0bbb34d81c2c7a38b5cdb5171fa906e4f4201ee6cbe22cb0b3272b57562556b
                                                                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 0185fb71cb0ebac8bb253ddb79263eb6e3c4c27c477fa06c1930d1494c9be16a
                                                                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: D8B137B0900608FFDF119FA0DD89AAE7B79FB08354F00417AFA45A61A0CB755E52DF68
                                                                                                                                                                                                                                                                                                                  Function 00405031 Relevance: 63.5, APIs: 33, Strings: 3, Instructions: 489windowmemoryCOMMON
                                                                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                                                                  • GetDlgItem.USER32(?,000003F9), ref: 00405049
                                                                                                                                                                                                                                                                                                                  • GetDlgItem.USER32(?,00000408), ref: 00405054
                                                                                                                                                                                                                                                                                                                  • GlobalAlloc.KERNEL32(00000040,?), ref: 0040509E
                                                                                                                                                                                                                                                                                                                  • LoadImageW.USER32(0000006E,00000000,00000000,00000000,00000000), ref: 004050B5
                                                                                                                                                                                                                                                                                                                  • SetWindowLongW.USER32(?,000000FC,0040563E), ref: 004050CE
                                                                                                                                                                                                                                                                                                                  • ImageList_Create.COMCTL32(00000010,00000010,00000021,00000006,00000000), ref: 004050E2
                                                                                                                                                                                                                                                                                                                  • ImageList_AddMasked.COMCTL32(00000000,00000000,00FF00FF), ref: 004050F4
                                                                                                                                                                                                                                                                                                                  • SendMessageW.USER32(?,00001109,00000002), ref: 0040510A
                                                                                                                                                                                                                                                                                                                  • SendMessageW.USER32(?,0000111C,00000000,00000000), ref: 00405116
                                                                                                                                                                                                                                                                                                                  • SendMessageW.USER32(?,0000111B,00000010,00000000), ref: 00405128
                                                                                                                                                                                                                                                                                                                  • DeleteObject.GDI32(00000000), ref: 0040512B
                                                                                                                                                                                                                                                                                                                  • SendMessageW.USER32(?,00000143,00000000,00000000), ref: 00405156
                                                                                                                                                                                                                                                                                                                  • SendMessageW.USER32(?,00000151,00000000,00000000), ref: 00405162
                                                                                                                                                                                                                                                                                                                  • SendMessageW.USER32(?,00001132,00000000,?), ref: 004051FD
                                                                                                                                                                                                                                                                                                                  • SendMessageW.USER32(?,0000110A,00000003,00000110), ref: 0040522D
                                                                                                                                                                                                                                                                                                                    • Part of subcall function 004045F9: SendMessageW.USER32(00000028,?,00000001,00404424), ref: 00404607
                                                                                                                                                                                                                                                                                                                  • SendMessageW.USER32(?,00001132,00000000,?), ref: 00405241
                                                                                                                                                                                                                                                                                                                  • GetWindowLongW.USER32(?,000000F0), ref: 0040526F
                                                                                                                                                                                                                                                                                                                  • SetWindowLongW.USER32(?,000000F0,00000000), ref: 0040527D
                                                                                                                                                                                                                                                                                                                  • ShowWindow.USER32(?,00000005), ref: 0040528D
                                                                                                                                                                                                                                                                                                                  • SendMessageW.USER32(?,00000419,00000000,?), ref: 00405388
                                                                                                                                                                                                                                                                                                                  • SendMessageW.USER32(?,00000147,00000000,00000000), ref: 004053ED
                                                                                                                                                                                                                                                                                                                  • SendMessageW.USER32(?,00000150,00000000,00000000), ref: 00405402
                                                                                                                                                                                                                                                                                                                  • SendMessageW.USER32(?,00000420,00000000,00000020), ref: 00405426
                                                                                                                                                                                                                                                                                                                  • SendMessageW.USER32(?,00000200,00000000,00000000), ref: 00405446
                                                                                                                                                                                                                                                                                                                  • ImageList_Destroy.COMCTL32(?), ref: 0040545B
                                                                                                                                                                                                                                                                                                                  • GlobalFree.KERNEL32(?), ref: 0040546B
                                                                                                                                                                                                                                                                                                                  • SendMessageW.USER32(?,0000014E,00000000,00000000), ref: 004054E4
                                                                                                                                                                                                                                                                                                                  • SendMessageW.USER32(?,00001102,?,?), ref: 0040558D
                                                                                                                                                                                                                                                                                                                  • SendMessageW.USER32(?,0000113F,00000000,00000008), ref: 0040559C
                                                                                                                                                                                                                                                                                                                  • InvalidateRect.USER32(?,00000000,00000001), ref: 004055C7
                                                                                                                                                                                                                                                                                                                  • ShowWindow.USER32(?,00000000), ref: 00405615
                                                                                                                                                                                                                                                                                                                  • GetDlgItem.USER32(?,000003FE), ref: 00405620
                                                                                                                                                                                                                                                                                                                  • ShowWindow.USER32(00000000), ref: 00405627
                                                                                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                                                                  • Source File: 0000000B.00000002.3116855936.0000000000401000.00000020.00000001.01000000.0000000E.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                                  • Associated: 0000000B.00000002.3116825906.0000000000400000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 0000000B.00000002.3116905887.0000000000408000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 0000000B.00000002.3116932743.000000000040A000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 0000000B.00000002.3116932743.0000000000427000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 0000000B.00000002.3116932743.000000000042B000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 0000000B.00000002.3116932743.000000000042F000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 0000000B.00000002.3116932743.0000000000433000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 0000000B.00000002.3116932743.0000000000435000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 0000000B.00000002.3116932743.0000000000454000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 0000000B.00000002.3116932743.0000000000457000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 0000000B.00000002.3117248813.000000000045D000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 0000000B.00000002.3117248813.000000000045F000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_11_2_400000_nsr7B99.jbxd
                                                                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                                                                  • API ID: MessageSend$Window$Image$ItemList_LongShow$Global$AllocCreateDeleteDestroyFreeInvalidateLoadMaskedObjectRect
                                                                                                                                                                                                                                                                                                                  • String ID: $M$N
                                                                                                                                                                                                                                                                                                                  • API String ID: 2564846305-813528018
                                                                                                                                                                                                                                                                                                                  • Opcode ID: 950969970af6d10ef62121ad67a768569704eb6391eae900e1ce4f9d1827afee
                                                                                                                                                                                                                                                                                                                  • Instruction ID: a1eb65f7683e17450fca8d4cb4c1055b074660be5b1b810df034ff690b7f681c
                                                                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 950969970af6d10ef62121ad67a768569704eb6391eae900e1ce4f9d1827afee
                                                                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 2A025CB0900609EFDF20DF65CD45AAE7BB5FB44315F10817AEA10BA2E1D7798A52CF18
                                                                                                                                                                                                                                                                                                                  Function 004040C5 Relevance: 61.6, APIs: 34, Strings: 1, Instructions: 357windowstringCOMMON
                                                                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                                                                  • SetWindowPos.USER32(?,00000000,00000000,00000000,00000000,00000013), ref: 00404101
                                                                                                                                                                                                                                                                                                                  • ShowWindow.USER32(?), ref: 00404121
                                                                                                                                                                                                                                                                                                                  • GetWindowLongW.USER32(?,000000F0), ref: 00404133
                                                                                                                                                                                                                                                                                                                  • ShowWindow.USER32(?,00000004), ref: 0040414C
                                                                                                                                                                                                                                                                                                                  • DestroyWindow.USER32 ref: 00404160
                                                                                                                                                                                                                                                                                                                  • SetWindowLongW.USER32(?,00000000,00000000), ref: 00404179
                                                                                                                                                                                                                                                                                                                  • GetDlgItem.USER32(?,?), ref: 00404198
                                                                                                                                                                                                                                                                                                                  • SendMessageW.USER32(00000000,000000F3,00000000,00000000), ref: 004041AC
                                                                                                                                                                                                                                                                                                                  • IsWindowEnabled.USER32(00000000), ref: 004041B3
                                                                                                                                                                                                                                                                                                                  • GetDlgItem.USER32(?,00000001), ref: 0040425E
                                                                                                                                                                                                                                                                                                                  • GetDlgItem.USER32(?,00000002), ref: 00404268
                                                                                                                                                                                                                                                                                                                  • SetClassLongW.USER32(?,000000F2,?), ref: 00404282
                                                                                                                                                                                                                                                                                                                  • SendMessageW.USER32(0000040F,00000000,00000001,?), ref: 004042D3
                                                                                                                                                                                                                                                                                                                  • GetDlgItem.USER32(?,00000003), ref: 00404379
                                                                                                                                                                                                                                                                                                                  • ShowWindow.USER32(00000000,?), ref: 0040439A
                                                                                                                                                                                                                                                                                                                  • EnableWindow.USER32(?,?), ref: 004043AC
                                                                                                                                                                                                                                                                                                                  • EnableWindow.USER32(?,?), ref: 004043C7
                                                                                                                                                                                                                                                                                                                  • GetSystemMenu.USER32(?,00000000,0000F060,00000001), ref: 004043DD
                                                                                                                                                                                                                                                                                                                  • EnableMenuItem.USER32(00000000), ref: 004043E4
                                                                                                                                                                                                                                                                                                                  • SendMessageW.USER32(?,000000F4,00000000,00000001), ref: 004043FC
                                                                                                                                                                                                                                                                                                                  • SendMessageW.USER32(?,00000401,00000002,00000000), ref: 0040440F
                                                                                                                                                                                                                                                                                                                  • lstrlenW.KERNEL32(00423748,?,00423748,00000000), ref: 00404439
                                                                                                                                                                                                                                                                                                                  • SetWindowTextW.USER32(?,00423748), ref: 0040444D
                                                                                                                                                                                                                                                                                                                  • ShowWindow.USER32(?,0000000A), ref: 00404581
                                                                                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                                                                  • Source File: 0000000B.00000002.3116855936.0000000000401000.00000020.00000001.01000000.0000000E.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                                  • Associated: 0000000B.00000002.3116825906.0000000000400000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 0000000B.00000002.3116905887.0000000000408000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 0000000B.00000002.3116932743.000000000040A000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 0000000B.00000002.3116932743.0000000000427000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 0000000B.00000002.3116932743.000000000042B000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 0000000B.00000002.3116932743.000000000042F000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 0000000B.00000002.3116932743.0000000000433000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 0000000B.00000002.3116932743.0000000000435000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 0000000B.00000002.3116932743.0000000000454000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 0000000B.00000002.3116932743.0000000000457000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 0000000B.00000002.3117248813.000000000045D000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 0000000B.00000002.3117248813.000000000045F000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_11_2_400000_nsr7B99.jbxd
                                                                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                                                                  • API ID: Window$Item$MessageSendShow$EnableLong$Menu$ClassDestroyEnabledSystemTextlstrlen
                                                                                                                                                                                                                                                                                                                  • String ID: H7B
                                                                                                                                                                                                                                                                                                                  • API String ID: 1860320154-2300413410
                                                                                                                                                                                                                                                                                                                  • Opcode ID: 2f4dad2f818047668635e16f952da299a81014d83ff1599baf972819d0fbfd0c
                                                                                                                                                                                                                                                                                                                  • Instruction ID: 1d4a55fced449df2e2a9dfc159c1061f424388fbea236c5341ec002980a30b6c
                                                                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 2f4dad2f818047668635e16f952da299a81014d83ff1599baf972819d0fbfd0c
                                                                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: C0C1C2B1600604FBDB216F61EE85E2A3B78EB85745F40097EF781B51F0CB3958529B2E
                                                                                                                                                                                                                                                                                                                  Function 6FB53C89 Relevance: 52.8, APIs: 15, Strings: 15, Instructions: 251memorystringCOMMON
                                                                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                                                                  • GlobalAlloc.KERNEL32(00000040,00000000), ref: 6FB53CC1
                                                                                                                                                                                                                                                                                                                    • Part of subcall function 6FB5414A: lstrcmpiW.KERNEL32(?,/tree,?,00000000,00000000,00000000,?,6FB52D8C,00000000,00000000,00000000), ref: 6FB54182
                                                                                                                                                                                                                                                                                                                    • Part of subcall function 6FB54B73: lstrcpyW.KERNEL32(00000000,00000004,00000000,?,6FB54178,?,00000000,00000000,00000000,?,6FB52D8C,00000000,00000000,00000000), ref: 6FB54B94
                                                                                                                                                                                                                                                                                                                    • Part of subcall function 6FB54B73: GlobalFree.KERNEL32(00000000), ref: 6FB54BA5
                                                                                                                                                                                                                                                                                                                  • lstrcmpiW.KERNEL32(00000000,/noexpand,00000000), ref: 6FB53CF0
                                                                                                                                                                                                                                                                                                                  • GlobalFree.KERNEL32(00000000), ref: 6FB53F55
                                                                                                                                                                                                                                                                                                                    • Part of subcall function 6FB54C09: GlobalAlloc.KERNEL32(00000040,?,00000000,?,6FB541B1,?,?,6FB52D8C,00000000,00000000,00000000), ref: 6FB54C25
                                                                                                                                                                                                                                                                                                                    • Part of subcall function 6FB54C09: lstrcpynW.KERNEL32(00000004,?,?,6FB541B1,?,?,6FB52D8C,00000000,00000000,00000000), ref: 6FB54C3A
                                                                                                                                                                                                                                                                                                                  • wsprintfW.USER32 ref: 6FB53E18
                                                                                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                                                                  • Source File: 0000000B.00000002.3121957134.000000006FB51000.00000020.00000001.01000000.00000012.sdmp, Offset: 6FB50000, based on PE: true
                                                                                                                                                                                                                                                                                                                  • Associated: 0000000B.00000002.3121909200.000000006FB50000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 0000000B.00000002.3122021784.000000006FB55000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 0000000B.00000002.3122082427.000000006FB57000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_11_2_6fb50000_nsr7B99.jbxd
                                                                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                                                                  • API ID: Global$AllocFreelstrcmpi$lstrcpylstrcpynwsprintf
                                                                                                                                                                                                                                                                                                                  • String ID: /count$/end$/exists$/index$/isempty$/key$/keys$/noexpand$/type$JSON_Serialize$array$node$string$value$yes
                                                                                                                                                                                                                                                                                                                  • API String ID: 760165124-199274824
                                                                                                                                                                                                                                                                                                                  • Opcode ID: b7f5b6d22ab517c37e91ef7546d702e3b725a78c3c465807a9fde34efb8130ff
                                                                                                                                                                                                                                                                                                                  • Instruction ID: 140e69819a4bc2e3e94bbb987338309bea74ed95f6e225be171e0faae07db55e
                                                                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: b7f5b6d22ab517c37e91ef7546d702e3b725a78c3c465807a9fde34efb8130ff
                                                                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: DC71E2746447C5EADB015F6DBC86E9F37BAEF0235AB1C0116F804E6340E32DE53586AA
                                                                                                                                                                                                                                                                                                                  Function 00404783 Relevance: 37.0, APIs: 19, Strings: 2, Instructions: 204windowstringCOMMON
                                                                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                                                                  • CheckDlgButton.USER32(?,-0000040A,00000001), ref: 00404821
                                                                                                                                                                                                                                                                                                                  • GetDlgItem.USER32(?,000003E8), ref: 00404835
                                                                                                                                                                                                                                                                                                                  • SendMessageW.USER32(00000000,0000045B,00000001,00000000), ref: 00404852
                                                                                                                                                                                                                                                                                                                  • GetSysColor.USER32(?), ref: 00404863
                                                                                                                                                                                                                                                                                                                  • SendMessageW.USER32(00000000,00000443,00000000,?), ref: 00404871
                                                                                                                                                                                                                                                                                                                  • SendMessageW.USER32(00000000,00000445,00000000,04010000), ref: 0040487F
                                                                                                                                                                                                                                                                                                                  • lstrlenW.KERNEL32(?), ref: 00404884
                                                                                                                                                                                                                                                                                                                  • SendMessageW.USER32(00000000,00000435,00000000,00000000), ref: 00404891
                                                                                                                                                                                                                                                                                                                  • SendMessageW.USER32(00000000,00000449,00000110,00000110), ref: 004048A6
                                                                                                                                                                                                                                                                                                                  • GetDlgItem.USER32(?,0000040A), ref: 004048FF
                                                                                                                                                                                                                                                                                                                  • SendMessageW.USER32(00000000), ref: 00404906
                                                                                                                                                                                                                                                                                                                  • GetDlgItem.USER32(?,000003E8), ref: 00404931
                                                                                                                                                                                                                                                                                                                  • SendMessageW.USER32(00000000,0000044B,00000000,00000201), ref: 00404974
                                                                                                                                                                                                                                                                                                                  • LoadCursorW.USER32(00000000,00007F02), ref: 00404982
                                                                                                                                                                                                                                                                                                                  • SetCursor.USER32(00000000), ref: 00404985
                                                                                                                                                                                                                                                                                                                  • LoadCursorW.USER32(00000000,00007F00), ref: 0040499E
                                                                                                                                                                                                                                                                                                                  • SetCursor.USER32(00000000), ref: 004049A1
                                                                                                                                                                                                                                                                                                                  • SendMessageW.USER32(00000111,00000001,00000000), ref: 004049D0
                                                                                                                                                                                                                                                                                                                  • SendMessageW.USER32(00000010,00000000,00000000), ref: 004049E2
                                                                                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                                                                  • Source File: 0000000B.00000002.3116855936.0000000000401000.00000020.00000001.01000000.0000000E.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                                  • Associated: 0000000B.00000002.3116825906.0000000000400000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 0000000B.00000002.3116905887.0000000000408000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 0000000B.00000002.3116932743.000000000040A000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 0000000B.00000002.3116932743.0000000000427000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 0000000B.00000002.3116932743.000000000042B000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 0000000B.00000002.3116932743.000000000042F000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 0000000B.00000002.3116932743.0000000000433000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 0000000B.00000002.3116932743.0000000000435000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 0000000B.00000002.3116932743.0000000000454000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 0000000B.00000002.3116932743.0000000000457000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 0000000B.00000002.3117248813.000000000045D000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 0000000B.00000002.3117248813.000000000045F000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_11_2_400000_nsr7B99.jbxd
                                                                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                                                                  • API ID: MessageSend$Cursor$Item$Load$ButtonCheckColorlstrlen
                                                                                                                                                                                                                                                                                                                  • String ID: N$get
                                                                                                                                                                                                                                                                                                                  • API String ID: 3103080414-214687294
                                                                                                                                                                                                                                                                                                                  • Opcode ID: 7b7ce6e7f04c0852b245e81234b58653da2c4cab9b10fb98097c13f3cf17b06e
                                                                                                                                                                                                                                                                                                                  • Instruction ID: 690b4d321b533a2a97605fa3f7bb2423a24794fe1ec6c961d913f822d5f12d1b
                                                                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 7b7ce6e7f04c0852b245e81234b58653da2c4cab9b10fb98097c13f3cf17b06e
                                                                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: AB6181F1900209FFDB109F61CD85A6A7B69FB84304F00813AF705B62E0C7799951DFA9
                                                                                                                                                                                                                                                                                                                  Function 6FB52BB4 Relevance: 28.1, APIs: 13, Strings: 3, Instructions: 141windowmemorythreadCOMMON
                                                                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                                                                  • GlobalAlloc.KERNEL32(00000040,00000008,00000000,00000000,74DEF360,?,?,?,6FB545D3,6FB53C68,?,00000000,00000000), ref: 6FB52BD8
                                                                                                                                                                                                                                                                                                                    • Part of subcall function 6FB519D2: lstrcmpW.KERNEL32(00000000,6FB550D0,00000000,?,6FB52C02,00000000,00000000,Async,00000000,?,?,?,6FB545D3,6FB53C68,?,00000000), ref: 6FB519EB
                                                                                                                                                                                                                                                                                                                    • Part of subcall function 6FB519D2: lstrcmpiW.KERNEL32(00000000,false,?,6FB52C02,00000000,00000000,Async,00000000,?,?,?,6FB545D3,6FB53C68,?,00000000,00000000), ref: 6FB519FD
                                                                                                                                                                                                                                                                                                                  • CreateThread.KERNEL32(00000000,00000000,00000000,00000000,00000000,00000000), ref: 6FB52C11
                                                                                                                                                                                                                                                                                                                  • GlobalAlloc.KERNEL32(00000040,?,?,?,?,?,?,?,?,6FB545D3,6FB53C68,?,00000000,00000000), ref: 6FB52C29
                                                                                                                                                                                                                                                                                                                  • wsprintfW.USER32 ref: 6FB52C42
                                                                                                                                                                                                                                                                                                                  • GlobalFree.KERNEL32(00000000), ref: 6FB52C5B
                                                                                                                                                                                                                                                                                                                  • GlobalFree.KERNEL32(00000000), ref: 6FB52C67
                                                                                                                                                                                                                                                                                                                  • CreateThread.KERNEL32(00000000,00000000,00000000,00000000,00000000,00000000), ref: 6FB52C96
                                                                                                                                                                                                                                                                                                                  • MsgWaitForMultipleObjectsEx.USER32(00000001,00000000,000000FF,00001DFF,00000000), ref: 6FB52CB5
                                                                                                                                                                                                                                                                                                                  • PeekMessageW.USER32(?,00000000,00000000,00000000,00000001), ref: 6FB52CCB
                                                                                                                                                                                                                                                                                                                  • TranslateMessage.USER32(?), ref: 6FB52CDF
                                                                                                                                                                                                                                                                                                                  • DispatchMessageW.USER32(?), ref: 6FB52CE9
                                                                                                                                                                                                                                                                                                                  • PostMessageW.USER32(?,00000012,?,6FB545D3), ref: 6FB52CFC
                                                                                                                                                                                                                                                                                                                  • CloseHandle.KERNEL32(00000000,?,?,?,?,?,?,?,?,?,?,?,6FB545D3,6FB53C68,?,00000000), ref: 6FB52D0B
                                                                                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                                                                  • Source File: 0000000B.00000002.3121957134.000000006FB51000.00000020.00000001.01000000.00000012.sdmp, Offset: 6FB50000, based on PE: true
                                                                                                                                                                                                                                                                                                                  • Associated: 0000000B.00000002.3121909200.000000006FB50000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 0000000B.00000002.3122021784.000000006FB55000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 0000000B.00000002.3122082427.000000006FB57000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_11_2_6fb50000_nsr7B99.jbxd
                                                                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                                                                  • API ID: GlobalMessage$AllocCreateFreeThread$CloseDispatchHandleMultipleObjectsPeekPostTranslateWaitlstrcmplstrcmpiwsprintf
                                                                                                                                                                                                                                                                                                                  • String ID: Async$Handle$UIAsync
                                                                                                                                                                                                                                                                                                                  • API String ID: 783503903-2230738133
                                                                                                                                                                                                                                                                                                                  • Opcode ID: 3fb61660462836a3cea1a6011c81c73d0cb05e284adf685e30e65053dcfbe216
                                                                                                                                                                                                                                                                                                                  • Instruction ID: 5095e3d268ae307970f46529bcaed213065161804d67f1d9442ac631fd88e06d
                                                                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 3fb61660462836a3cea1a6011c81c73d0cb05e284adf685e30e65053dcfbe216
                                                                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: E441F371602659BBDF105FAA9D48DEF7E3CEF46266B140019F905A2181DB3CD532C6B4
                                                                                                                                                                                                                                                                                                                  Function 6FB5465D Relevance: 28.1, APIs: 12, Strings: 4, Instructions: 120stringmemorywindowCOMMON
                                                                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                                                                  • GlobalAlloc.KERNEL32(00000040,00000020,00000000,00000000,?,?,?,6FB53C5E,?,InternetOpen,00000000), ref: 6FB54670
                                                                                                                                                                                                                                                                                                                  • wsprintfW.USER32 ref: 6FB54685
                                                                                                                                                                                                                                                                                                                  • GlobalFree.KERNEL32(00000000), ref: 6FB546A3
                                                                                                                                                                                                                                                                                                                  • GetModuleHandleA.KERNEL32(wininet.dll,6FB53C5E,00000400,00000000,00000000,00000000,?,?,6FB53C5E,?,InternetOpen,00000000), ref: 6FB546C7
                                                                                                                                                                                                                                                                                                                  • FormatMessageW.KERNEL32(00001300,00000000,6FB53C5E,00000400,00000000,00000000,00000000,?,?,6FB53C5E,?,InternetOpen,00000000), ref: 6FB546DB
                                                                                                                                                                                                                                                                                                                  • lstrlenW.KERNEL32(?,?,?,6FB53C5E,?,InternetOpen,00000000,?,?,?,?,?,?,?,?,00000000), ref: 6FB546EE
                                                                                                                                                                                                                                                                                                                  • GlobalAlloc.KERNEL32(00000040,?,?,?,6FB53C5E,?,InternetOpen,00000000), ref: 6FB54704
                                                                                                                                                                                                                                                                                                                  • lstrcpyW.KERNEL32(00000000,?,?,?,?,6FB53C5E,?,InternetOpen,00000000), ref: 6FB5471A
                                                                                                                                                                                                                                                                                                                  • lstrcpyW.KERNEL32(6FB53C5E,6FB551A0,?,?,?,6FB53C5E,?,InternetOpen,00000000), ref: 6FB54728
                                                                                                                                                                                                                                                                                                                  • lstrcpyW.KERNEL32(6FB53C5C,00000000,?,?,?,6FB53C5E,?,InternetOpen,00000000), ref: 6FB54775
                                                                                                                                                                                                                                                                                                                  • GlobalFree.KERNEL32(00000000), ref: 6FB5478D
                                                                                                                                                                                                                                                                                                                  • LocalFree.KERNEL32(00000000,?,InternetOpen), ref: 6FB5479F
                                                                                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                                                                  • Source File: 0000000B.00000002.3121957134.000000006FB51000.00000020.00000001.01000000.00000012.sdmp, Offset: 6FB50000, based on PE: true
                                                                                                                                                                                                                                                                                                                  • Associated: 0000000B.00000002.3121909200.000000006FB50000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 0000000B.00000002.3122021784.000000006FB55000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 0000000B.00000002.3122082427.000000006FB57000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_11_2_6fb50000_nsr7B99.jbxd
                                                                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                                                                  • API ID: Global$Freelstrcpy$Alloc$FormatHandleLocalMessageModulelstrlenwsprintf
                                                                                                                                                                                                                                                                                                                  • String ID: %lu$ErrorCode$ErrorMessage$wininet.dll
                                                                                                                                                                                                                                                                                                                  • API String ID: 3175574836-3164087201
                                                                                                                                                                                                                                                                                                                  • Opcode ID: b42b560642245101b2473d33c79f1309e56057f3e1510ee2de81d15da29f0192
                                                                                                                                                                                                                                                                                                                  • Instruction ID: 4b7a3bb4581d3b5057db41f073b2ded71d733dd61f39322077727edcc62d5f19
                                                                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: b42b560642245101b2473d33c79f1309e56057f3e1510ee2de81d15da29f0192
                                                                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 5D31EC75400248FFEF118FA9EC94FAE7B78FF06759F500416FA10EB050D639A9358AA8
                                                                                                                                                                                                                                                                                                                  Function 00404AB5 Relevance: 26.5, APIs: 10, Strings: 5, Instructions: 275stringCOMMON
                                                                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                                                                  • GetDlgItem.USER32(?,000003FB), ref: 00404B04
                                                                                                                                                                                                                                                                                                                  • SetWindowTextW.USER32(00000000,?), ref: 00404B2E
                                                                                                                                                                                                                                                                                                                  • SHBrowseForFolderW.SHELL32(?), ref: 00404BDF
                                                                                                                                                                                                                                                                                                                  • CoTaskMemFree.OLE32(00000000), ref: 00404BEA
                                                                                                                                                                                                                                                                                                                  • lstrcmpiW.KERNEL32(get,00423748,00000000,?,?), ref: 00404C1C
                                                                                                                                                                                                                                                                                                                  • lstrcatW.KERNEL32(?,get), ref: 00404C28
                                                                                                                                                                                                                                                                                                                  • SetDlgItemTextW.USER32(?,000003FB,?), ref: 00404C3A
                                                                                                                                                                                                                                                                                                                    • Part of subcall function 00405CAC: GetDlgItemTextW.USER32(?,?,00000400,00404C71), ref: 00405CBF
                                                                                                                                                                                                                                                                                                                    • Part of subcall function 004068EF: CharNextW.USER32(?,*?|<>/":,00000000,00000000,74DF3420,C:\Users\user\AppData\Local\Temp\,?,0040361B,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,00403923), ref: 00406952
                                                                                                                                                                                                                                                                                                                    • Part of subcall function 004068EF: CharNextW.USER32(?,?,?,00000000,?,0040361B,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,00403923), ref: 00406961
                                                                                                                                                                                                                                                                                                                    • Part of subcall function 004068EF: CharNextW.USER32(?,00000000,74DF3420,C:\Users\user\AppData\Local\Temp\,?,0040361B,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,00403923), ref: 00406966
                                                                                                                                                                                                                                                                                                                    • Part of subcall function 004068EF: CharPrevW.USER32(?,?,74DF3420,C:\Users\user\AppData\Local\Temp\,?,0040361B,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,00403923), ref: 00406979
                                                                                                                                                                                                                                                                                                                  • GetDiskFreeSpaceW.KERNEL32(00421718,?,?,0000040F,?,00421718,00421718,?,00000001,00421718,?,?,000003FB,?), ref: 00404CFD
                                                                                                                                                                                                                                                                                                                  • MulDiv.KERNEL32(?,0000040F,00000400), ref: 00404D18
                                                                                                                                                                                                                                                                                                                    • Part of subcall function 00404E71: lstrlenW.KERNEL32(00423748,00423748,?,%u.%u%s%s,00000005,00000000,00000000,?,000000DC,00000000,?,000000DF,00000000,00000400,?), ref: 00404F12
                                                                                                                                                                                                                                                                                                                    • Part of subcall function 00404E71: wsprintfW.USER32 ref: 00404F1B
                                                                                                                                                                                                                                                                                                                    • Part of subcall function 00404E71: SetDlgItemTextW.USER32(?,00423748), ref: 00404F2E
                                                                                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                                                                  • Source File: 0000000B.00000002.3116855936.0000000000401000.00000020.00000001.01000000.0000000E.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                                  • Associated: 0000000B.00000002.3116825906.0000000000400000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 0000000B.00000002.3116905887.0000000000408000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 0000000B.00000002.3116932743.000000000040A000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 0000000B.00000002.3116932743.0000000000427000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 0000000B.00000002.3116932743.000000000042B000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 0000000B.00000002.3116932743.000000000042F000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 0000000B.00000002.3116932743.0000000000433000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 0000000B.00000002.3116932743.0000000000435000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 0000000B.00000002.3116932743.0000000000454000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 0000000B.00000002.3116932743.0000000000457000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 0000000B.00000002.3117248813.000000000045D000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 0000000B.00000002.3117248813.000000000045F000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_11_2_400000_nsr7B99.jbxd
                                                                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                                                                  • API ID: CharItemText$Next$Free$BrowseDiskFolderPrevSpaceTaskWindowlstrcatlstrcmpilstrlenwsprintf
                                                                                                                                                                                                                                                                                                                  • String ID: 5974062$A$C:\Users\user\PCAppStore$H7B$get
                                                                                                                                                                                                                                                                                                                  • API String ID: 2624150263-4150973191
                                                                                                                                                                                                                                                                                                                  • Opcode ID: 667bbe0a30595837a03e9c6ce466c2f6c83f7bc5ead90454ae6c6de6e9a81711
                                                                                                                                                                                                                                                                                                                  • Instruction ID: 9155a42c54a3203d4d9709c494e168d8d926bd307d67cbb08bf4d9f42020e7e3
                                                                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 667bbe0a30595837a03e9c6ce466c2f6c83f7bc5ead90454ae6c6de6e9a81711
                                                                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 94A171F1900219ABDB11EFA5CD41AAFB7B8EF84315F11843BF601B62D1D77C8A418B69
                                                                                                                                                                                                                                                                                                                  Function 004062AE Relevance: 26.4, APIs: 10, Strings: 5, Instructions: 130memorystringCOMMON
                                                                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                                                                  • CloseHandle.KERNEL32(00000000,?,00000000,00000001,?,00000000,?,?,00406449,?,?), ref: 004062E9
                                                                                                                                                                                                                                                                                                                  • GetShortPathNameW.KERNEL32(?,00426DE8,00000400), ref: 004062F2
                                                                                                                                                                                                                                                                                                                    • Part of subcall function 004060BD: lstrlenA.KERNEL32(00000000,00000000,00000000,00000000,?,00000000,004063A2,00000000,[Rename],00000000,00000000,00000000,?,?,?,?), ref: 004060CD
                                                                                                                                                                                                                                                                                                                    • Part of subcall function 004060BD: lstrlenA.KERNEL32(00000000,?,00000000,004063A2,00000000,[Rename],00000000,00000000,00000000,?,?,?,?), ref: 004060FF
                                                                                                                                                                                                                                                                                                                  • GetShortPathNameW.KERNEL32(?,004275E8,00000400), ref: 0040630F
                                                                                                                                                                                                                                                                                                                  • wsprintfA.USER32 ref: 0040632D
                                                                                                                                                                                                                                                                                                                  • GetFileSize.KERNEL32(00000000,00000000,004275E8,C0000000,00000004,004275E8,?,?,?,?,?), ref: 00406368
                                                                                                                                                                                                                                                                                                                  • GlobalAlloc.KERNEL32(00000040,0000000A,?,?,?,?), ref: 00406377
                                                                                                                                                                                                                                                                                                                  • lstrcpyA.KERNEL32(00000000,[Rename],00000000,[Rename],00000000,00000000,00000000,?,?,?,?), ref: 004063AF
                                                                                                                                                                                                                                                                                                                  • SetFilePointer.KERNEL32(0040A5B0,00000000,00000000,00000000,00000000,004269E8,00000000,-0000000A,0040A5B0,00000000,[Rename],00000000,00000000,00000000), ref: 00406405
                                                                                                                                                                                                                                                                                                                  • GlobalFree.KERNEL32(00000000), ref: 00406416
                                                                                                                                                                                                                                                                                                                  • CloseHandle.KERNEL32(00000000,?,?,?,?), ref: 0040641D
                                                                                                                                                                                                                                                                                                                    • Part of subcall function 00406158: GetFileAttributesW.KERNEL32(00000003,00403113,C:\Users\user\AppData\Local\Temp\nsr7B99.tmp,80000000,00000003), ref: 0040615C
                                                                                                                                                                                                                                                                                                                    • Part of subcall function 00406158: CreateFileW.KERNEL32(?,?,00000001,00000000,?,00000001,00000000), ref: 0040617E
                                                                                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                                                                  • Source File: 0000000B.00000002.3116855936.0000000000401000.00000020.00000001.01000000.0000000E.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                                  • Associated: 0000000B.00000002.3116825906.0000000000400000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 0000000B.00000002.3116905887.0000000000408000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 0000000B.00000002.3116932743.000000000040A000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 0000000B.00000002.3116932743.0000000000427000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 0000000B.00000002.3116932743.000000000042B000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 0000000B.00000002.3116932743.000000000042F000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 0000000B.00000002.3116932743.0000000000433000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 0000000B.00000002.3116932743.0000000000435000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 0000000B.00000002.3116932743.0000000000454000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 0000000B.00000002.3116932743.0000000000457000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 0000000B.00000002.3117248813.000000000045D000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 0000000B.00000002.3117248813.000000000045F000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_11_2_400000_nsr7B99.jbxd
                                                                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                                                                  • API ID: File$CloseGlobalHandleNamePathShortlstrlen$AllocAttributesCreateFreePointerSizelstrcpywsprintf
                                                                                                                                                                                                                                                                                                                  • String ID: %ls=%ls$[Rename]$mB$uB$uB
                                                                                                                                                                                                                                                                                                                  • API String ID: 2171350718-2295842750
                                                                                                                                                                                                                                                                                                                  • Opcode ID: 07ea5d3dd502240bf86d0c298f94c43ad2335bec49c481c59c36197298e6ebad
                                                                                                                                                                                                                                                                                                                  • Instruction ID: df9b4e9fb9d32bd4c250032a1d399944af7a2e4c2f0bdec2b7d3959d12e60cc8
                                                                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 07ea5d3dd502240bf86d0c298f94c43ad2335bec49c481c59c36197298e6ebad
                                                                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: B8314331200315BBD2206B619D49F5B3AACEF85704F16003BFD02FA2C2EA7DD82186BD
                                                                                                                                                                                                                                                                                                                  Function 00401000 Relevance: 26.4, APIs: 14, Strings: 1, Instructions: 125COMMON
                                                                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                                                                  • DefWindowProcW.USER32(?,00000046,?,?), ref: 0040102C
                                                                                                                                                                                                                                                                                                                  • BeginPaint.USER32(?,?), ref: 00401047
                                                                                                                                                                                                                                                                                                                  • GetClientRect.USER32(?,?), ref: 0040105B
                                                                                                                                                                                                                                                                                                                  • CreateBrushIndirect.GDI32(00000000), ref: 004010CF
                                                                                                                                                                                                                                                                                                                  • FillRect.USER32(00000000,?,00000000), ref: 004010E4
                                                                                                                                                                                                                                                                                                                  • DeleteObject.GDI32(?), ref: 004010ED
                                                                                                                                                                                                                                                                                                                  • CreateFontIndirectW.GDI32(?), ref: 00401105
                                                                                                                                                                                                                                                                                                                  • SetBkMode.GDI32(00000000,00000001), ref: 00401126
                                                                                                                                                                                                                                                                                                                  • SetTextColor.GDI32(00000000,000000FF), ref: 00401130
                                                                                                                                                                                                                                                                                                                  • SelectObject.GDI32(00000000,?), ref: 00401140
                                                                                                                                                                                                                                                                                                                  • DrawTextW.USER32(00000000,00429260,000000FF,00000010,00000820), ref: 00401156
                                                                                                                                                                                                                                                                                                                  • SelectObject.GDI32(00000000,00000000), ref: 00401160
                                                                                                                                                                                                                                                                                                                  • DeleteObject.GDI32(?), ref: 00401165
                                                                                                                                                                                                                                                                                                                  • EndPaint.USER32(?,?), ref: 0040116E
                                                                                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                                                                  • Source File: 0000000B.00000002.3116855936.0000000000401000.00000020.00000001.01000000.0000000E.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                                  • Associated: 0000000B.00000002.3116825906.0000000000400000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 0000000B.00000002.3116905887.0000000000408000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 0000000B.00000002.3116932743.000000000040A000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 0000000B.00000002.3116932743.0000000000427000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 0000000B.00000002.3116932743.000000000042B000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 0000000B.00000002.3116932743.000000000042F000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 0000000B.00000002.3116932743.0000000000433000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 0000000B.00000002.3116932743.0000000000435000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 0000000B.00000002.3116932743.0000000000454000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 0000000B.00000002.3116932743.0000000000457000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 0000000B.00000002.3117248813.000000000045D000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 0000000B.00000002.3117248813.000000000045F000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_11_2_400000_nsr7B99.jbxd
                                                                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                                                                  • API ID: Object$CreateDeleteIndirectPaintRectSelectText$BeginBrushClientColorDrawFillFontModeProcWindow
                                                                                                                                                                                                                                                                                                                  • String ID: F
                                                                                                                                                                                                                                                                                                                  • API String ID: 941294808-1304234792
                                                                                                                                                                                                                                                                                                                  • Opcode ID: 8da9fae8b34351ceae2931000ebd9f39a308799c7d87b7a6dbcfe72b45b7384c
                                                                                                                                                                                                                                                                                                                  • Instruction ID: e2f9fea5dfd6f059ba8eeb08e8d10ac227d01a2162b8a260283931f50cd0bfbf
                                                                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 8da9fae8b34351ceae2931000ebd9f39a308799c7d87b7a6dbcfe72b45b7384c
                                                                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 33418B71800209EFCF058FA5DE459AF7BB9FF45315F00802AF991AA2A0C7349A55DFA4
                                                                                                                                                                                                                                                                                                                  Function 6FB51CED Relevance: 18.3, APIs: 10, Strings: 2, Instructions: 290stringmemoryCOMMON
                                                                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                                                                  • GlobalAlloc.KERNEL32(00000040,00001000,00000000), ref: 6FB51D07
                                                                                                                                                                                                                                                                                                                  • GlobalAlloc.KERNEL32(00000040,00001000,00000000,?), ref: 6FB51D65
                                                                                                                                                                                                                                                                                                                  • lstrlenW.KERNEL32(?,00000001,00000000), ref: 6FB51D96
                                                                                                                                                                                                                                                                                                                  • lstrcmpiW.KERNEL32(00000004,true), ref: 6FB51DC1
                                                                                                                                                                                                                                                                                                                  • lstrlenW.KERNEL32(00000004,00000001,00000000), ref: 6FB51E1D
                                                                                                                                                                                                                                                                                                                  • lstrlenW.KERNEL32(?,00000001,00000000), ref: 6FB51EB9
                                                                                                                                                                                                                                                                                                                  • lstrlenW.KERNEL32(?,00000001,00000000), ref: 6FB51F19
                                                                                                                                                                                                                                                                                                                  • GlobalFree.KERNEL32(00000004), ref: 6FB51FA7
                                                                                                                                                                                                                                                                                                                  • GlobalFree.KERNEL32(00000000), ref: 6FB51FDB
                                                                                                                                                                                                                                                                                                                    • Part of subcall function 6FB52536: lstrlenW.KERNEL32(00000000,6FB53F05,?,6FB53F05,?,00000000,?,00000000,00000000,00000000), ref: 6FB52578
                                                                                                                                                                                                                                                                                                                    • Part of subcall function 6FB52536: lstrlenW.KERNEL32(?,6FB53F05,?,6FB53F05,?,00000000,?,00000000,00000000,00000000), ref: 6FB52607
                                                                                                                                                                                                                                                                                                                  • SetLastError.KERNEL32(00000000), ref: 6FB51FE6
                                                                                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                                                                  • Source File: 0000000B.00000002.3121957134.000000006FB51000.00000020.00000001.01000000.00000012.sdmp, Offset: 6FB50000, based on PE: true
                                                                                                                                                                                                                                                                                                                  • Associated: 0000000B.00000002.3121909200.000000006FB50000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 0000000B.00000002.3122021784.000000006FB55000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 0000000B.00000002.3122082427.000000006FB57000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_11_2_6fb50000_nsr7B99.jbxd
                                                                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                                                                  • API ID: lstrlen$Global$AllocFree$ErrorLastlstrcmpi
                                                                                                                                                                                                                                                                                                                  • String ID: []=$true
                                                                                                                                                                                                                                                                                                                  • API String ID: 462359672-2138158760
                                                                                                                                                                                                                                                                                                                  • Opcode ID: ef19a6451cd5c416b35e0bae080af36f524bdac5f06f0c02307f77d06bd12046
                                                                                                                                                                                                                                                                                                                  • Instruction ID: 381bee71a069e988a333d4cbccc7ee06814defc69412f1a0de399b12fa0c0457
                                                                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: ef19a6451cd5c416b35e0bae080af36f524bdac5f06f0c02307f77d06bd12046
                                                                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: F1A1F9B6D0024DBBDF01DED4DC85EEFB7BCEB04305F044566A611E6140E779EA698BA0
                                                                                                                                                                                                                                                                                                                  Function 6FB53FC3 Relevance: 17.6, APIs: 8, Strings: 2, Instructions: 94stringwindowCOMMON
                                                                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                                                                  • GetModuleHandleA.KERNEL32(wininet.dll,6FB53F22,00000400,6FB53F22,00000000,00000000,00000000,00000000,?,?,?,6FB53F22,00000000,JSON_Serialize,00000000), ref: 6FB53FED
                                                                                                                                                                                                                                                                                                                  • FormatMessageW.KERNEL32(00001300,00000000,6FB53F22,00000400,6FB53F22,00000000,00000000,00000000,00000000,?,?,?,6FB53F22,00000000,JSON_Serialize,00000000), ref: 6FB5400F
                                                                                                                                                                                                                                                                                                                  • lstrlenW.KERNEL32(00000000,00000000,?,?,?,6FB53F22,00000000,JSON_Serialize,00000000), ref: 6FB54023
                                                                                                                                                                                                                                                                                                                  • lstrcpyW.KERNEL32(?,00000000,?,?,?,6FB53F22,00000000,JSON_Serialize,00000000), ref: 6FB54033
                                                                                                                                                                                                                                                                                                                  • lstrcpyW.KERNEL32(00000000,6FB551A0,?,?,?,6FB53F22,00000000,JSON_Serialize,00000000), ref: 6FB54048
                                                                                                                                                                                                                                                                                                                  • lstrcpyW.KERNEL32(?,6FB53F22,?,?,?,6FB53F22,00000000,JSON_Serialize,00000000), ref: 6FB5408D
                                                                                                                                                                                                                                                                                                                  • wsprintfW.USER32 ref: 6FB540A5
                                                                                                                                                                                                                                                                                                                  • LocalFree.KERNEL32(00000000), ref: 6FB540BA
                                                                                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                                                                  • Source File: 0000000B.00000002.3121957134.000000006FB51000.00000020.00000001.01000000.00000012.sdmp, Offset: 6FB50000, based on PE: true
                                                                                                                                                                                                                                                                                                                  • Associated: 0000000B.00000002.3121909200.000000006FB50000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 0000000B.00000002.3122021784.000000006FB55000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 0000000B.00000002.3122082427.000000006FB57000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_11_2_6fb50000_nsr7B99.jbxd
                                                                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                                                                  • API ID: lstrcpy$FormatFreeHandleLocalMessageModulelstrlenwsprintf
                                                                                                                                                                                                                                                                                                                  • String ID: (%lu)$wininet.dll
                                                                                                                                                                                                                                                                                                                  • API String ID: 2657572252-1965091036
                                                                                                                                                                                                                                                                                                                  • Opcode ID: 8ee7cf6de54ff6363e55d85d894be03ae04a9d6f0d5fddc300ee2c8986b04c3b
                                                                                                                                                                                                                                                                                                                  • Instruction ID: 0ab68b79647df1ea956a2b76c5ee54673678a24cd66f2b444170b60822f820ec
                                                                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 8ee7cf6de54ff6363e55d85d894be03ae04a9d6f0d5fddc300ee2c8986b04c3b
                                                                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 4C31AC75400284EBDF118F69ECA8AAF3B6CFB0536AF680512F900D7110D778E979CBA5
                                                                                                                                                                                                                                                                                                                  Function 6FB5489D Relevance: 15.9, APIs: 6, Strings: 3, Instructions: 114synchronizationmemorystringCOMMON
                                                                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                                                                  • GlobalAlloc.KERNEL32(00000040,00000000), ref: 6FB548D5
                                                                                                                                                                                                                                                                                                                    • Part of subcall function 6FB54B73: lstrcpyW.KERNEL32(00000000,00000004,00000000,?,6FB54178,?,00000000,00000000,00000000,?,6FB52D8C,00000000,00000000,00000000), ref: 6FB54B94
                                                                                                                                                                                                                                                                                                                    • Part of subcall function 6FB54B73: GlobalFree.KERNEL32(00000000), ref: 6FB54BA5
                                                                                                                                                                                                                                                                                                                  • GlobalFree.KERNEL32(00000000), ref: 6FB549D1
                                                                                                                                                                                                                                                                                                                    • Part of subcall function 6FB51A11: GlobalAlloc.KERNEL32(00000040,00000010,?,?,6FB52DE0), ref: 6FB51B26
                                                                                                                                                                                                                                                                                                                    • Part of subcall function 6FB51A11: GlobalAlloc.KERNEL32(00000040,00000010,?,?,6FB52DE0), ref: 6FB51B4B
                                                                                                                                                                                                                                                                                                                    • Part of subcall function 6FB51A11: lstrlenW.KERNEL32(00000000,?,?,6FB52DE0), ref: 6FB51B63
                                                                                                                                                                                                                                                                                                                    • Part of subcall function 6FB51A11: GlobalAlloc.KERNEL32(00000040,00000000,?,?,6FB52DE0), ref: 6FB51B73
                                                                                                                                                                                                                                                                                                                    • Part of subcall function 6FB51A11: lstrcpyW.KERNEL32(?,00000000,?,?,6FB52DE0), ref: 6FB51B8D
                                                                                                                                                                                                                                                                                                                  • lstrcmpiW.KERNEL32(00000000,/timeout,00000000,?), ref: 6FB54954
                                                                                                                                                                                                                                                                                                                  • WaitForSingleObject.KERNEL32(00000000,00000000,00000000), ref: 6FB54987
                                                                                                                                                                                                                                                                                                                  • WaitForSingleObject.KERNEL32(00000000,000000FF,00000000,?), ref: 6FB549AF
                                                                                                                                                                                                                                                                                                                  • CloseHandle.KERNEL32(00000000), ref: 6FB549B6
                                                                                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                                                                  • Source File: 0000000B.00000002.3121957134.000000006FB51000.00000020.00000001.01000000.00000012.sdmp, Offset: 6FB50000, based on PE: true
                                                                                                                                                                                                                                                                                                                  • Associated: 0000000B.00000002.3121909200.000000006FB50000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 0000000B.00000002.3122021784.000000006FB55000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 0000000B.00000002.3122082427.000000006FB57000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_11_2_6fb50000_nsr7B99.jbxd
                                                                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                                                                  • API ID: Global$Alloc$FreeObjectSingleWaitlstrcpy$CloseHandlelstrcmpilstrlen
                                                                                                                                                                                                                                                                                                                  • String ID: /timeout$Handle$wait
                                                                                                                                                                                                                                                                                                                  • API String ID: 371915083-854704214
                                                                                                                                                                                                                                                                                                                  • Opcode ID: c62e5822d177e90427540b9a91e324fc20908488646801b42ab9ec531915f808
                                                                                                                                                                                                                                                                                                                  • Instruction ID: 7ecd8ef1f28590c254118f138b5999c0b488c6fbe541d4e651ffbe7afb9737bd
                                                                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: c62e5822d177e90427540b9a91e324fc20908488646801b42ab9ec531915f808
                                                                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 0F318D72104685EE9B019FAAFC65E8F37ACFF46229B140116F9149B180EB3CE43586A9
                                                                                                                                                                                                                                                                                                                  Function 6FB51A11 Relevance: 15.2, APIs: 12, Instructions: 199stringmemoryCOMMON
                                                                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                                                                  • lstrcmpW.KERNEL32(00000000,00000000,00000000,00000000,00000000,?,?,6FB52DE0,00000000), ref: 6FB51AB1
                                                                                                                                                                                                                                                                                                                  • lstrcmpW.KERNEL32(?,00000000,00000000,00000000,00000000,?,?,6FB52DE0), ref: 6FB51AFA
                                                                                                                                                                                                                                                                                                                  • GlobalAlloc.KERNEL32(00000040,00000010,?,?,6FB52DE0), ref: 6FB51B26
                                                                                                                                                                                                                                                                                                                  • GlobalAlloc.KERNEL32(00000040,00000010,?,?,6FB52DE0), ref: 6FB51B4B
                                                                                                                                                                                                                                                                                                                  • lstrlenW.KERNEL32(00000000,?,?,6FB52DE0), ref: 6FB51B63
                                                                                                                                                                                                                                                                                                                  • GlobalAlloc.KERNEL32(00000040,00000000,?,?,6FB52DE0), ref: 6FB51B73
                                                                                                                                                                                                                                                                                                                  • lstrcpyW.KERNEL32(?,00000000,?,?,6FB52DE0), ref: 6FB51B8D
                                                                                                                                                                                                                                                                                                                  • lstrlenW.KERNEL32(00000000,?,?,6FB52DE0), ref: 6FB51BC3
                                                                                                                                                                                                                                                                                                                  • GlobalAlloc.KERNEL32(00000040,00000000,?,?,6FB52DE0), ref: 6FB51BD3
                                                                                                                                                                                                                                                                                                                  • lstrcpyW.KERNEL32(00000000,00000000,?,?,6FB52DE0), ref: 6FB51BE2
                                                                                                                                                                                                                                                                                                                  • GlobalAlloc.KERNEL32(00000040,00000002,?,?,6FB52DE0), ref: 6FB51BEE
                                                                                                                                                                                                                                                                                                                  • GlobalFree.KERNEL32(00000000), ref: 6FB51C09
                                                                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                                                                  • Source File: 0000000B.00000002.3121957134.000000006FB51000.00000020.00000001.01000000.00000012.sdmp, Offset: 6FB50000, based on PE: true
                                                                                                                                                                                                                                                                                                                  • Associated: 0000000B.00000002.3121909200.000000006FB50000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 0000000B.00000002.3122021784.000000006FB55000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 0000000B.00000002.3122082427.000000006FB57000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_11_2_6fb50000_nsr7B99.jbxd
                                                                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                                                                  • API ID: Global$Alloc$lstrcmplstrcpylstrlen$Free
                                                                                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                                                                                  • API String ID: 2483198964-0
                                                                                                                                                                                                                                                                                                                  • Opcode ID: e1940ef8b665985550c874a7ea7b9e7b2aa20290f4197359602644986f4e5263
                                                                                                                                                                                                                                                                                                                  • Instruction ID: 233e7efb24e37aa3c76b6e28d104aae49ad55cce059e222933eaf4579869071b
                                                                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: e1940ef8b665985550c874a7ea7b9e7b2aa20290f4197359602644986f4e5263
                                                                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 6271DF74A00796DFDB11CF28E444B9A77B8FF05752F09856AE8599B250E738E8B0CBD0
                                                                                                                                                                                                                                                                                                                  Function 004056CA Relevance: 14.1, APIs: 7, Strings: 1, Instructions: 72stringwindowCOMMON
                                                                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                                                                  • lstrlenW.KERNEL32(00422728,00000000,00000000,00000000,?,?,?,?,?,?,?,?,?,004030A8,00000000,?), ref: 00405702
                                                                                                                                                                                                                                                                                                                  • lstrlenW.KERNEL32(004030A8,00422728,00000000,00000000,00000000,?,?,?,?,?,?,?,?,?,004030A8,00000000), ref: 00405712
                                                                                                                                                                                                                                                                                                                  • lstrcatW.KERNEL32(00422728,004030A8,004030A8,00422728,00000000,00000000,00000000), ref: 00405725
                                                                                                                                                                                                                                                                                                                  • SetWindowTextW.USER32(00422728,00422728), ref: 00405737
                                                                                                                                                                                                                                                                                                                  • SendMessageW.USER32(?,00001004,00000000,00000000), ref: 0040575D
                                                                                                                                                                                                                                                                                                                  • SendMessageW.USER32(?,0000104D,00000000,00000001), ref: 00405777
                                                                                                                                                                                                                                                                                                                  • SendMessageW.USER32(?,00001013,?,00000000), ref: 00405785
                                                                                                                                                                                                                                                                                                                    • Part of subcall function 004066A5: lstrcatW.KERNEL32(get,\Microsoft\Internet Explorer\Quick Launch), ref: 0040684A
                                                                                                                                                                                                                                                                                                                    • Part of subcall function 004066A5: lstrlenW.KERNEL32(get,00000000,00422728,?,00405701,00422728,00000000), ref: 004068A4
                                                                                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                                                                  • Source File: 0000000B.00000002.3116855936.0000000000401000.00000020.00000001.01000000.0000000E.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                                  • Associated: 0000000B.00000002.3116825906.0000000000400000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 0000000B.00000002.3116905887.0000000000408000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 0000000B.00000002.3116932743.000000000040A000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 0000000B.00000002.3116932743.0000000000427000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 0000000B.00000002.3116932743.000000000042B000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 0000000B.00000002.3116932743.000000000042F000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 0000000B.00000002.3116932743.0000000000433000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 0000000B.00000002.3116932743.0000000000435000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 0000000B.00000002.3116932743.0000000000454000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 0000000B.00000002.3116932743.0000000000457000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 0000000B.00000002.3117248813.000000000045D000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 0000000B.00000002.3117248813.000000000045F000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_11_2_400000_nsr7B99.jbxd
                                                                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                                                                  • API ID: MessageSendlstrlen$lstrcat$TextWindow
                                                                                                                                                                                                                                                                                                                  • String ID: ('B
                                                                                                                                                                                                                                                                                                                  • API String ID: 1495540970-2332581011
                                                                                                                                                                                                                                                                                                                  • Opcode ID: da0887550f177a20a5adca650a80eb3065253b4758cf57a6ba66e38fd01475e6
                                                                                                                                                                                                                                                                                                                  • Instruction ID: 7f52a71d89202be05388d2ae90ba5930d13dcc1e6093ad3ff4eaa481a322a782
                                                                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: da0887550f177a20a5adca650a80eb3065253b4758cf57a6ba66e38fd01475e6
                                                                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: C6217A71900518FACB119FA5DD84A8EBFB8EB45360F10857AF904B62A0D67A4A509F68
                                                                                                                                                                                                                                                                                                                  Function 6EFFB095 Relevance: 14.0, APIs: 4, Strings: 4, Instructions: 50libraryloaderCOMMON
                                                                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                                                                  • LoadLibraryA.KERNEL32(user32.dll,?,00000000,?,6EFF8306,?,Microsoft Visual C++ Runtime Library,00012010,?,6EFFD834,?,6EFFD884,?,?,?,Runtime Error!Program: ), ref: 6EFFB0A7
                                                                                                                                                                                                                                                                                                                  • GetProcAddress.KERNEL32(00000000,MessageBoxA), ref: 6EFFB0BF
                                                                                                                                                                                                                                                                                                                  • GetProcAddress.KERNEL32(00000000,GetActiveWindow), ref: 6EFFB0D0
                                                                                                                                                                                                                                                                                                                  • GetProcAddress.KERNEL32(00000000,GetLastActivePopup), ref: 6EFFB0DD
                                                                                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                                                                  • Source File: 0000000B.00000002.3121529695.000000006EFF1000.00000020.00000001.01000000.00000011.sdmp, Offset: 6EFF0000, based on PE: true
                                                                                                                                                                                                                                                                                                                  • Associated: 0000000B.00000002.3121482743.000000006EFF0000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 0000000B.00000002.3121589070.000000006EFFD000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 0000000B.00000002.3121640141.000000006EFFE000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 0000000B.00000002.3121681624.000000006F000000.00000008.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 0000000B.00000002.3121752033.000000006F001000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 0000000B.00000002.3121797437.000000006F009000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 0000000B.00000002.3121844914.000000006F00C000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_11_2_6eff0000_nsr7B99.jbxd
                                                                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                                                                  • API ID: AddressProc$LibraryLoad
                                                                                                                                                                                                                                                                                                                  • String ID: GetActiveWindow$GetLastActivePopup$MessageBoxA$user32.dll
                                                                                                                                                                                                                                                                                                                  • API String ID: 2238633743-4044615076
                                                                                                                                                                                                                                                                                                                  • Opcode ID: 5f4ad14269a4438edd207b06ff156d36b130a3f9a499bebe0a4b886e4186e252
                                                                                                                                                                                                                                                                                                                  • Instruction ID: 6292d38b49ea80af6f3b9228e06354bfbc9ae7dfb1ea9db303fe69e048636d7d
                                                                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 5f4ad14269a4438edd207b06ff156d36b130a3f9a499bebe0a4b886e4186e252
                                                                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: EC014431700602EF9B509FF59CA4B6A7BEC9ADA1A1700482EE611D232AE73284139F60
                                                                                                                                                                                                                                                                                                                  Function 6EFFB367 Relevance: 13.7, APIs: 9, Instructions: 177COMMON
                                                                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                                                                  • LCMapStringW.KERNEL32(00000000,00000100,6EFFD974,00000001,00000000,00000000,00000103,00000001,?,?,6EFF9751,00200020,00000000,?,?,00000000), ref: 6EFFB3A9
                                                                                                                                                                                                                                                                                                                  • LCMapStringA.KERNEL32(00000000,00000100,6EFFD970,00000001,00000000,00000000,?,6EFF9751,00200020,00000000,?,?,00000000,00000001), ref: 6EFFB3C5
                                                                                                                                                                                                                                                                                                                  • LCMapStringA.KERNEL32(?,?,00000000,00200020,6EFF9751,?,00000103,00000001,?,?,6EFF9751,00200020,00000000,?,?,00000000), ref: 6EFFB40E
                                                                                                                                                                                                                                                                                                                  • MultiByteToWideChar.KERNEL32(?,00000002,00000000,00200020,00000000,00000000,00000103,00000001,?,?,6EFF9751,00200020,00000000,?,?,00000000), ref: 6EFFB446
                                                                                                                                                                                                                                                                                                                  • MultiByteToWideChar.KERNEL32(00000000,00000001,00000000,00200020,?,00000000,?,6EFF9751,00200020,00000000,?,?), ref: 6EFFB49E
                                                                                                                                                                                                                                                                                                                  • LCMapStringW.KERNEL32(?,?,00000000,00000000,00000000,00000000,?,6EFF9751,00200020,00000000,?,?), ref: 6EFFB4B4
                                                                                                                                                                                                                                                                                                                  • LCMapStringW.KERNEL32(?,?,6EFF9751,00000000,6EFF9751,?,?,6EFF9751,00200020,00000000,?,?), ref: 6EFFB4E7
                                                                                                                                                                                                                                                                                                                  • LCMapStringW.KERNEL32(?,?,?,?,?,00000000,?,6EFF9751,00200020,00000000,?,?), ref: 6EFFB54F
                                                                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                                                                  • Source File: 0000000B.00000002.3121529695.000000006EFF1000.00000020.00000001.01000000.00000011.sdmp, Offset: 6EFF0000, based on PE: true
                                                                                                                                                                                                                                                                                                                  • Associated: 0000000B.00000002.3121482743.000000006EFF0000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 0000000B.00000002.3121589070.000000006EFFD000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 0000000B.00000002.3121640141.000000006EFFE000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 0000000B.00000002.3121681624.000000006F000000.00000008.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 0000000B.00000002.3121752033.000000006F001000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 0000000B.00000002.3121797437.000000006F009000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 0000000B.00000002.3121844914.000000006F00C000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_11_2_6eff0000_nsr7B99.jbxd
                                                                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                                                                  • API ID: String$ByteCharMultiWide
                                                                                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                                                                                  • API String ID: 352835431-0
                                                                                                                                                                                                                                                                                                                  • Opcode ID: d7c442d65989841ba3c5dc97f539e8bbcfd632b5d62288db9efbb3d873966026
                                                                                                                                                                                                                                                                                                                  • Instruction ID: f87f0a607161638dbb0b27f43ef809eee66f7954eacbfca8e812cc35f98c3141
                                                                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: d7c442d65989841ba3c5dc97f539e8bbcfd632b5d62288db9efbb3d873966026
                                                                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: C0519C3250060AEFCF128FD5CD54ADE7FB9FB49751F108919F825A2168D7368922DFA0
                                                                                                                                                                                                                                                                                                                  Function 6FB515F7 Relevance: 12.4, APIs: 4, Strings: 3, Instructions: 192stringmemoryCOMMON
                                                                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                                                                  • lstrlenW.KERNEL32(?,00000002,00000000,74DEFFC0), ref: 6FB51604
                                                                                                                                                                                                                                                                                                                  • GlobalAlloc.KERNEL32(00000040,00000000), ref: 6FB516BB
                                                                                                                                                                                                                                                                                                                  • wsprintfW.USER32 ref: 6FB51756
                                                                                                                                                                                                                                                                                                                  • lstrcpyW.KERNEL32(00000000,?), ref: 6FB517C9
                                                                                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                                                                  • Source File: 0000000B.00000002.3121957134.000000006FB51000.00000020.00000001.01000000.00000012.sdmp, Offset: 6FB50000, based on PE: true
                                                                                                                                                                                                                                                                                                                  • Associated: 0000000B.00000002.3121909200.000000006FB50000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 0000000B.00000002.3122021784.000000006FB55000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 0000000B.00000002.3122082427.000000006FB57000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_11_2_6fb50000_nsr7B99.jbxd
                                                                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                                                                  • API ID: AllocGloballstrcpylstrlenwsprintf
                                                                                                                                                                                                                                                                                                                  • String ID: $\u%04x$~
                                                                                                                                                                                                                                                                                                                  • API String ID: 1920656451-1521313420
                                                                                                                                                                                                                                                                                                                  • Opcode ID: 75a2c72025a9378751fdf8254c6c8ee2182628b2d350efbf27610a7af036951a
                                                                                                                                                                                                                                                                                                                  • Instruction ID: 642406aa9e68a1cd8021b3998211a8694e5c3507d701610658160f471fee4a43
                                                                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 75a2c72025a9378751fdf8254c6c8ee2182628b2d350efbf27610a7af036951a
                                                                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 26510175940385EADB004FACA9A4BBD77B0EF05700F5C421BE915DB291E3BDA6B1CB90
                                                                                                                                                                                                                                                                                                                  Function 6EFF81E2 Relevance: 12.4, APIs: 3, Strings: 4, Instructions: 100fileCOMMON
                                                                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                                                                  • GetModuleFileNameA.KERNEL32(00000000,?,00000104,00000000), ref: 6EFF824F
                                                                                                                                                                                                                                                                                                                  • GetStdHandle.KERNEL32(000000F4,6EFFD834,00000000,?,00000000,00000000), ref: 6EFF8325
                                                                                                                                                                                                                                                                                                                  • WriteFile.KERNEL32(00000000), ref: 6EFF832C
                                                                                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                                                                  • Source File: 0000000B.00000002.3121529695.000000006EFF1000.00000020.00000001.01000000.00000011.sdmp, Offset: 6EFF0000, based on PE: true
                                                                                                                                                                                                                                                                                                                  • Associated: 0000000B.00000002.3121482743.000000006EFF0000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 0000000B.00000002.3121589070.000000006EFFD000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 0000000B.00000002.3121640141.000000006EFFE000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 0000000B.00000002.3121681624.000000006F000000.00000008.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 0000000B.00000002.3121752033.000000006F001000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 0000000B.00000002.3121797437.000000006F009000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 0000000B.00000002.3121844914.000000006F00C000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_11_2_6eff0000_nsr7B99.jbxd
                                                                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                                                                  • API ID: File$HandleModuleNameWrite
                                                                                                                                                                                                                                                                                                                  • String ID: ...$<program name unknown>$Microsoft Visual C++ Runtime Library$Runtime Error!Program:
                                                                                                                                                                                                                                                                                                                  • API String ID: 3784150691-4022980321
                                                                                                                                                                                                                                                                                                                  • Opcode ID: 95ea443ebf7cd04ab6919cf58186bb90547f4d0bb2c9b1d0758f83a683fd1f26
                                                                                                                                                                                                                                                                                                                  • Instruction ID: bea530a1cca3beae86eaaca867c3041ba053026267bc55728000d07e6ca91545
                                                                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 95ea443ebf7cd04ab6919cf58186bb90547f4d0bb2c9b1d0758f83a683fd1f26
                                                                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: BE318F72A00158EFDF209AE1CCA4FDA33ADAF85714F100866F585EB164EA71A6478B52
                                                                                                                                                                                                                                                                                                                  Function 6EFF8077 Relevance: 12.1, APIs: 8, Instructions: 132COMMON
                                                                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                                                                  • GetEnvironmentStringsW.KERNEL32(?,?,?,?,?,?,6EFF46F3), ref: 6EFF8092
                                                                                                                                                                                                                                                                                                                  • GetEnvironmentStrings.KERNEL32(?,?,?,?,6EFF46F3), ref: 6EFF80A6
                                                                                                                                                                                                                                                                                                                  • GetEnvironmentStringsW.KERNEL32(?,?,?,?,?,?,6EFF46F3), ref: 6EFF80D2
                                                                                                                                                                                                                                                                                                                  • WideCharToMultiByte.KERNEL32(00000000,00000000,00000000,00000001,00000000,00000000,00000000,00000000,?,?,?,?,?,?,6EFF46F3), ref: 6EFF810A
                                                                                                                                                                                                                                                                                                                  • WideCharToMultiByte.KERNEL32(00000000,00000000,00000000,?,00000000,00000000,00000000,00000000,?,?,?,?,6EFF46F3), ref: 6EFF812C
                                                                                                                                                                                                                                                                                                                  • FreeEnvironmentStringsW.KERNEL32(00000000,?,?,?,?,6EFF46F3), ref: 6EFF8145
                                                                                                                                                                                                                                                                                                                  • GetEnvironmentStrings.KERNEL32(?,?,?,?,?,?,6EFF46F3), ref: 6EFF8158
                                                                                                                                                                                                                                                                                                                  • FreeEnvironmentStringsA.KERNEL32(00000000), ref: 6EFF8196
                                                                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                                                                  • Source File: 0000000B.00000002.3121529695.000000006EFF1000.00000020.00000001.01000000.00000011.sdmp, Offset: 6EFF0000, based on PE: true
                                                                                                                                                                                                                                                                                                                  • Associated: 0000000B.00000002.3121482743.000000006EFF0000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 0000000B.00000002.3121589070.000000006EFFD000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 0000000B.00000002.3121640141.000000006EFFE000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 0000000B.00000002.3121681624.000000006F000000.00000008.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 0000000B.00000002.3121752033.000000006F001000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 0000000B.00000002.3121797437.000000006F009000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 0000000B.00000002.3121844914.000000006F00C000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_11_2_6eff0000_nsr7B99.jbxd
                                                                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                                                                  • API ID: EnvironmentStrings$ByteCharFreeMultiWide
                                                                                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                                                                                  • API String ID: 1823725401-0
                                                                                                                                                                                                                                                                                                                  • Opcode ID: a053deff0e92895a76d48e10892c19c4a0d93752925297ad2d260f322a3bf1a0
                                                                                                                                                                                                                                                                                                                  • Instruction ID: b1afea303c5149ebc06c81e03d946663e5a3f83ca71d201dff8e0a6f6d108f96
                                                                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: a053deff0e92895a76d48e10892c19c4a0d93752925297ad2d260f322a3bf1a0
                                                                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 653108B35182D6EFEB503FFB9CE492B76EDEA863547010B29F552C3224E6618C438761
                                                                                                                                                                                                                                                                                                                  Function 6FB52D25 Relevance: 12.1, APIs: 6, Strings: 2, Instructions: 109memorystringCOMMON
                                                                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                                                                  • GlobalAlloc.KERNEL32(00000040), ref: 6FB52D5E
                                                                                                                                                                                                                                                                                                                  • GlobalAlloc.KERNEL32(00000040), ref: 6FB52D71
                                                                                                                                                                                                                                                                                                                  • GlobalFree.KERNEL32(00000000), ref: 6FB52E28
                                                                                                                                                                                                                                                                                                                    • Part of subcall function 6FB5414A: lstrcmpiW.KERNEL32(?,/tree,?,00000000,00000000,00000000,?,6FB52D8C,00000000,00000000,00000000), ref: 6FB54182
                                                                                                                                                                                                                                                                                                                    • Part of subcall function 6FB54B73: lstrcpyW.KERNEL32(00000000,00000004,00000000,?,6FB54178,?,00000000,00000000,00000000,?,6FB52D8C,00000000,00000000,00000000), ref: 6FB54B94
                                                                                                                                                                                                                                                                                                                    • Part of subcall function 6FB54B73: GlobalFree.KERNEL32(00000000), ref: 6FB54BA5
                                                                                                                                                                                                                                                                                                                  • lstrcmpiW.KERNEL32(00000000,/end,00000000), ref: 6FB52DAA
                                                                                                                                                                                                                                                                                                                  • lstrcmpiW.KERNEL32(00000000,/index), ref: 6FB52DBA
                                                                                                                                                                                                                                                                                                                  • GlobalFree.KERNEL32(00000000), ref: 6FB52E21
                                                                                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                                                                  • Source File: 0000000B.00000002.3121957134.000000006FB51000.00000020.00000001.01000000.00000012.sdmp, Offset: 6FB50000, based on PE: true
                                                                                                                                                                                                                                                                                                                  • Associated: 0000000B.00000002.3121909200.000000006FB50000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 0000000B.00000002.3122021784.000000006FB55000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 0000000B.00000002.3122082427.000000006FB57000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_11_2_6fb50000_nsr7B99.jbxd
                                                                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                                                                  • API ID: Global$Freelstrcmpi$Alloc$lstrcpy
                                                                                                                                                                                                                                                                                                                  • String ID: /end$/index
                                                                                                                                                                                                                                                                                                                  • API String ID: 3216674501-41208782
                                                                                                                                                                                                                                                                                                                  • Opcode ID: b0fbc0da65b40cae4af9bdeab03c47b56253a41c99f200c19e075d2e6da4e9cf
                                                                                                                                                                                                                                                                                                                  • Instruction ID: 4bc7250848397f2299fad2fb8e1f86160e3b0ce09769053b390f68ae9957c4da
                                                                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: b0fbc0da65b40cae4af9bdeab03c47b56253a41c99f200c19e075d2e6da4e9cf
                                                                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 74315271601689AFDB01DF6AE884E9F3BB8EF4A365B044019F919D7240D738E935CBA4
                                                                                                                                                                                                                                                                                                                  Function 6FB547A9 Relevance: 12.1, APIs: 5, Strings: 3, Instructions: 89stringmemoryCOMMON
                                                                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                                                                  • GlobalAlloc.KERNEL32(00000040,00000000), ref: 6FB547E0
                                                                                                                                                                                                                                                                                                                    • Part of subcall function 6FB5414A: lstrcmpiW.KERNEL32(?,/tree,?,00000000,00000000,00000000,?,6FB52D8C,00000000,00000000,00000000), ref: 6FB54182
                                                                                                                                                                                                                                                                                                                    • Part of subcall function 6FB54B73: lstrcpyW.KERNEL32(00000000,00000004,00000000,?,6FB54178,?,00000000,00000000,00000000,?,6FB52D8C,00000000,00000000,00000000), ref: 6FB54B94
                                                                                                                                                                                                                                                                                                                    • Part of subcall function 6FB54B73: GlobalFree.KERNEL32(00000000), ref: 6FB54BA5
                                                                                                                                                                                                                                                                                                                  • lstrcmpiW.KERNEL32(00000000,/end,00000000), ref: 6FB5480A
                                                                                                                                                                                                                                                                                                                  • lstrcmpiW.KERNEL32(00000000,/index), ref: 6FB5481A
                                                                                                                                                                                                                                                                                                                  • GlobalFree.KERNEL32(00000000), ref: 6FB54882
                                                                                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                                                                  • Source File: 0000000B.00000002.3121957134.000000006FB51000.00000020.00000001.01000000.00000012.sdmp, Offset: 6FB50000, based on PE: true
                                                                                                                                                                                                                                                                                                                  • Associated: 0000000B.00000002.3121909200.000000006FB50000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 0000000B.00000002.3122021784.000000006FB55000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 0000000B.00000002.3122082427.000000006FB57000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_11_2_6fb50000_nsr7B99.jbxd
                                                                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                                                                  • API ID: Globallstrcmpi$Free$Alloclstrcpy
                                                                                                                                                                                                                                                                                                                  • String ID: /end$/index$/options
                                                                                                                                                                                                                                                                                                                  • API String ID: 2166273740-1446855818
                                                                                                                                                                                                                                                                                                                  • Opcode ID: 68404d1f0375e4b278193262cfc78292f61aa157d7c3c1f80091727c6bbaf2de
                                                                                                                                                                                                                                                                                                                  • Instruction ID: bf62b6225f6c75cd758c3f4c21d7f9f48e365a85b7a9a3a13f75a659fa13aa82
                                                                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 68404d1f0375e4b278193262cfc78292f61aa157d7c3c1f80091727c6bbaf2de
                                                                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: A22171715016C5EBDB009F6AA894E8B3BACFF96369B04402AFD149B200D73CD5368BA5
                                                                                                                                                                                                                                                                                                                  Function 0040462B Relevance: 12.1, APIs: 8, Instructions: 68COMMON
                                                                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                                                                  • GetWindowLongW.USER32(?,000000EB), ref: 00404648
                                                                                                                                                                                                                                                                                                                  • GetSysColor.USER32(00000000), ref: 00404686
                                                                                                                                                                                                                                                                                                                  • SetTextColor.GDI32(?,00000000), ref: 00404692
                                                                                                                                                                                                                                                                                                                  • SetBkMode.GDI32(?,?), ref: 0040469E
                                                                                                                                                                                                                                                                                                                  • GetSysColor.USER32(?), ref: 004046B1
                                                                                                                                                                                                                                                                                                                  • SetBkColor.GDI32(?,?), ref: 004046C1
                                                                                                                                                                                                                                                                                                                  • DeleteObject.GDI32(?), ref: 004046DB
                                                                                                                                                                                                                                                                                                                  • CreateBrushIndirect.GDI32(?), ref: 004046E5
                                                                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                                                                  • Source File: 0000000B.00000002.3116855936.0000000000401000.00000020.00000001.01000000.0000000E.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                                  • Associated: 0000000B.00000002.3116825906.0000000000400000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 0000000B.00000002.3116905887.0000000000408000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 0000000B.00000002.3116932743.000000000040A000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 0000000B.00000002.3116932743.0000000000427000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 0000000B.00000002.3116932743.000000000042B000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 0000000B.00000002.3116932743.000000000042F000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 0000000B.00000002.3116932743.0000000000433000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 0000000B.00000002.3116932743.0000000000435000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 0000000B.00000002.3116932743.0000000000454000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 0000000B.00000002.3116932743.0000000000457000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 0000000B.00000002.3117248813.000000000045D000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 0000000B.00000002.3117248813.000000000045F000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_11_2_400000_nsr7B99.jbxd
                                                                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                                                                  • API ID: Color$BrushCreateDeleteIndirectLongModeObjectTextWindow
                                                                                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                                                                                  • API String ID: 2320649405-0
                                                                                                                                                                                                                                                                                                                  • Opcode ID: f4fe220c79686689299554ac50abea47664d32920eac269e7a43003585d3568b
                                                                                                                                                                                                                                                                                                                  • Instruction ID: e78b8cc9c8042372c9a7340b9b8aa9b23ded286a9f8ddc7240a2e2d8bd1f46c0
                                                                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: f4fe220c79686689299554ac50abea47664d32920eac269e7a43003585d3568b
                                                                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: DE2197715007049FC7309F28D908B5BBBF8AF42714F008D2EE992A22E1D739D944DB58
                                                                                                                                                                                                                                                                                                                  Function 004026EC Relevance: 10.7, APIs: 5, Strings: 1, Instructions: 153fileCOMMON
                                                                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                                                                  • ReadFile.KERNEL32(?,?,?,?), ref: 00402758
                                                                                                                                                                                                                                                                                                                  • MultiByteToWideChar.KERNEL32(?,00000008,?,?,?,00000001), ref: 00402793
                                                                                                                                                                                                                                                                                                                  • SetFilePointer.KERNEL32(?,?,?,00000001,?,00000008,?,?,?,00000001), ref: 004027B6
                                                                                                                                                                                                                                                                                                                  • MultiByteToWideChar.KERNEL32(?,00000008,?,00000000,?,00000001,?,00000001,?,00000008,?,?,?,00000001), ref: 004027CC
                                                                                                                                                                                                                                                                                                                    • Part of subcall function 00406239: SetFilePointer.KERNEL32(?,00000000,00000000,00000001), ref: 0040624F
                                                                                                                                                                                                                                                                                                                  • SetFilePointer.KERNEL32(?,?,?,00000001,?,?,00000002), ref: 00402878
                                                                                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                                                                  • Source File: 0000000B.00000002.3116855936.0000000000401000.00000020.00000001.01000000.0000000E.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                                  • Associated: 0000000B.00000002.3116825906.0000000000400000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 0000000B.00000002.3116905887.0000000000408000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 0000000B.00000002.3116932743.000000000040A000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 0000000B.00000002.3116932743.0000000000427000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 0000000B.00000002.3116932743.000000000042B000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 0000000B.00000002.3116932743.000000000042F000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 0000000B.00000002.3116932743.0000000000433000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 0000000B.00000002.3116932743.0000000000435000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 0000000B.00000002.3116932743.0000000000454000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 0000000B.00000002.3116932743.0000000000457000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 0000000B.00000002.3117248813.000000000045D000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 0000000B.00000002.3117248813.000000000045F000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_11_2_400000_nsr7B99.jbxd
                                                                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                                                                  • API ID: File$Pointer$ByteCharMultiWide$Read
                                                                                                                                                                                                                                                                                                                  • String ID: 9
                                                                                                                                                                                                                                                                                                                  • API String ID: 163830602-2366072709
                                                                                                                                                                                                                                                                                                                  • Opcode ID: c494a9c5f1831dca55446a6dfc25bb45b63b896379fbbdb0ec38153142a3ac1c
                                                                                                                                                                                                                                                                                                                  • Instruction ID: 581cf2785626502de532f206a1de9da9d9b8d20bcd24121b7f7bd1133decb9a2
                                                                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: c494a9c5f1831dca55446a6dfc25bb45b63b896379fbbdb0ec38153142a3ac1c
                                                                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: CE51FB75D00219AADF20EF95CA88AAEBB75FF04304F50417BE541B62D4D7B49D82CB58
                                                                                                                                                                                                                                                                                                                  Function 6EFE2480 Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 135memoryCOMMON
                                                                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                                                                  • GlobalFree.KERNEL32(00000000), ref: 6EFE25C2
                                                                                                                                                                                                                                                                                                                    • Part of subcall function 6EFE12CC: lstrcpynW.KERNEL32(00000000,?,6EFE137F,00000019,6EFE11CA,-000000A0), ref: 6EFE12DC
                                                                                                                                                                                                                                                                                                                  • GlobalAlloc.KERNEL32(00000040), ref: 6EFE2548
                                                                                                                                                                                                                                                                                                                  • WideCharToMultiByte.KERNEL32(00000000,00000000,?,?,00000000,?,00000000,00000000), ref: 6EFE2563
                                                                                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                                                                  • Source File: 0000000B.00000002.3121354560.000000006EFE1000.00000020.00000001.01000000.0000000F.sdmp, Offset: 6EFE0000, based on PE: true
                                                                                                                                                                                                                                                                                                                  • Associated: 0000000B.00000002.3121303186.000000006EFE0000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 0000000B.00000002.3121405293.000000006EFE4000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 0000000B.00000002.3121454401.000000006EFE6000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_11_2_6efe0000_nsr7B99.jbxd
                                                                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                                                                  • API ID: Global$AllocByteCharFreeMultiWidelstrcpyn
                                                                                                                                                                                                                                                                                                                  • String ID: @Hmu
                                                                                                                                                                                                                                                                                                                  • API String ID: 4216380887-887474944
                                                                                                                                                                                                                                                                                                                  • Opcode ID: 616151044ec3e77e37108721fb3627b2fbd2a746b3f45f630a48b8ec4b498d53
                                                                                                                                                                                                                                                                                                                  • Instruction ID: e82b4472ee056bb40002620f87e3632f2e02d354270ca591dfb28cb81cff4a46
                                                                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 616151044ec3e77e37108721fb3627b2fbd2a746b3f45f630a48b8ec4b498d53
                                                                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 5B4193B2108707FFE714EFA9D860A6677B8FB85310F00892EE54987941FB72B545CB62
                                                                                                                                                                                                                                                                                                                  Function 6FB54231 Relevance: 10.6, APIs: 5, Strings: 2, Instructions: 89stringmemoryCOMMON
                                                                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                                                                  • GlobalAlloc.KERNEL32(00000040,00000000), ref: 6FB54269
                                                                                                                                                                                                                                                                                                                    • Part of subcall function 6FB54B73: lstrcpyW.KERNEL32(00000000,00000004,00000000,?,6FB54178,?,00000000,00000000,00000000,?,6FB52D8C,00000000,00000000,00000000), ref: 6FB54B94
                                                                                                                                                                                                                                                                                                                    • Part of subcall function 6FB54B73: GlobalFree.KERNEL32(00000000), ref: 6FB54BA5
                                                                                                                                                                                                                                                                                                                  • lstrcmpiW.KERNEL32(00000000,/unicode,00000000), ref: 6FB54291
                                                                                                                                                                                                                                                                                                                  • lstrcmpiW.KERNEL32(00000000,/always), ref: 6FB542A6
                                                                                                                                                                                                                                                                                                                    • Part of subcall function 6FB54C09: GlobalAlloc.KERNEL32(00000040,?,00000000,?,6FB541B1,?,?,6FB52D8C,00000000,00000000,00000000), ref: 6FB54C25
                                                                                                                                                                                                                                                                                                                    • Part of subcall function 6FB54C09: lstrcpynW.KERNEL32(00000004,?,?,6FB541B1,?,?,6FB52D8C,00000000,00000000,00000000), ref: 6FB54C3A
                                                                                                                                                                                                                                                                                                                  • GlobalFree.KERNEL32(00000000), ref: 6FB542FA
                                                                                                                                                                                                                                                                                                                  • GlobalFree.KERNEL32(00000000), ref: 6FB54304
                                                                                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                                                                  • Source File: 0000000B.00000002.3121957134.000000006FB51000.00000020.00000001.01000000.00000012.sdmp, Offset: 6FB50000, based on PE: true
                                                                                                                                                                                                                                                                                                                  • Associated: 0000000B.00000002.3121909200.000000006FB50000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 0000000B.00000002.3122021784.000000006FB55000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 0000000B.00000002.3122082427.000000006FB57000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_11_2_6fb50000_nsr7B99.jbxd
                                                                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                                                                  • API ID: Global$Free$Alloclstrcmpi$lstrcpylstrcpyn
                                                                                                                                                                                                                                                                                                                  • String ID: /always$/unicode
                                                                                                                                                                                                                                                                                                                  • API String ID: 3554853735-1970542336
                                                                                                                                                                                                                                                                                                                  • Opcode ID: 916d9af1cdf75bdb3c1e12b52ba2f30a10422aef6d130ae365fe1968a73b1040
                                                                                                                                                                                                                                                                                                                  • Instruction ID: 158037bb9c8b70b7b63db40faacee34d33e9091ff6099f0123afbd9702ed6a31
                                                                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 916d9af1cdf75bdb3c1e12b52ba2f30a10422aef6d130ae365fe1968a73b1040
                                                                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 5821D371201794EBD7019F2AE894F9F37A8FF46369F044016F9049B240D77DE9368BA9
                                                                                                                                                                                                                                                                                                                  Function 004068EF Relevance: 10.6, APIs: 4, Strings: 2, Instructions: 69COMMON
                                                                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                                                                  • CharNextW.USER32(?,*?|<>/":,00000000,00000000,74DF3420,C:\Users\user\AppData\Local\Temp\,?,0040361B,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,00403923), ref: 00406952
                                                                                                                                                                                                                                                                                                                  • CharNextW.USER32(?,?,?,00000000,?,0040361B,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,00403923), ref: 00406961
                                                                                                                                                                                                                                                                                                                  • CharNextW.USER32(?,00000000,74DF3420,C:\Users\user\AppData\Local\Temp\,?,0040361B,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,00403923), ref: 00406966
                                                                                                                                                                                                                                                                                                                  • CharPrevW.USER32(?,?,74DF3420,C:\Users\user\AppData\Local\Temp\,?,0040361B,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,00403923), ref: 00406979
                                                                                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                                                                  • Source File: 0000000B.00000002.3116855936.0000000000401000.00000020.00000001.01000000.0000000E.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                                  • Associated: 0000000B.00000002.3116825906.0000000000400000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 0000000B.00000002.3116905887.0000000000408000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 0000000B.00000002.3116932743.000000000040A000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 0000000B.00000002.3116932743.0000000000427000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 0000000B.00000002.3116932743.000000000042B000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 0000000B.00000002.3116932743.000000000042F000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 0000000B.00000002.3116932743.0000000000433000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 0000000B.00000002.3116932743.0000000000435000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 0000000B.00000002.3116932743.0000000000454000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 0000000B.00000002.3116932743.0000000000457000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 0000000B.00000002.3117248813.000000000045D000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 0000000B.00000002.3117248813.000000000045F000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_11_2_400000_nsr7B99.jbxd
                                                                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                                                                  • API ID: Char$Next$Prev
                                                                                                                                                                                                                                                                                                                  • String ID: *?|<>/":$C:\Users\user\AppData\Local\Temp\
                                                                                                                                                                                                                                                                                                                  • API String ID: 589700163-4010320282
                                                                                                                                                                                                                                                                                                                  • Opcode ID: 4a25a2118415850d7bb15acf585ec7f7b5de772317bec8c7d00468289de3f440
                                                                                                                                                                                                                                                                                                                  • Instruction ID: d28fb8c2eefe6f61a155ceb01790bbf8b21f4710aa7989e54d8eeb8481a577c9
                                                                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 4a25a2118415850d7bb15acf585ec7f7b5de772317bec8c7d00468289de3f440
                                                                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 2611089580061295DB303B18CC40BB762F8AF99B50F12403FE98A776C1E77C4C9286BD
                                                                                                                                                                                                                                                                                                                  Function 6EFF3193 Relevance: 10.6, APIs: 1, Strings: 6, Instructions: 56stringCOMMON
                                                                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                                                                  • lstrcpyW.KERNEL32(?,-#INF,?), ref: 6EFF31DB
                                                                                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                                                                  • Source File: 0000000B.00000002.3121529695.000000006EFF1000.00000020.00000001.01000000.00000011.sdmp, Offset: 6EFF0000, based on PE: true
                                                                                                                                                                                                                                                                                                                  • Associated: 0000000B.00000002.3121482743.000000006EFF0000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 0000000B.00000002.3121589070.000000006EFFD000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 0000000B.00000002.3121640141.000000006EFFE000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 0000000B.00000002.3121681624.000000006F000000.00000008.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 0000000B.00000002.3121752033.000000006F001000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 0000000B.00000002.3121797437.000000006F009000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 0000000B.00000002.3121844914.000000006F00C000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_11_2_6eff0000_nsr7B99.jbxd
                                                                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                                                                  • API ID: lstrcpy
                                                                                                                                                                                                                                                                                                                  • String ID: #INF$%%.%dE$%%.%de$%%.%df$%%.%dg$-#INF
                                                                                                                                                                                                                                                                                                                  • API String ID: 3722407311-405108197
                                                                                                                                                                                                                                                                                                                  • Opcode ID: 7c15b7bd8cb4d25334bd27a8b574b16cd54263e231d1dd02c2ad0c49718ea98e
                                                                                                                                                                                                                                                                                                                  • Instruction ID: 9854acd1ee13d7564364e6760c3ad67775cd1e0d243d3926751d7684385f9b49
                                                                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 7c15b7bd8cb4d25334bd27a8b574b16cd54263e231d1dd02c2ad0c49718ea98e
                                                                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 090145B2402109FBDF002BC0E97DFDA372DBF46320F004985AE912A2B0CB36525B825B
                                                                                                                                                                                                                                                                                                                  Function 0040302E Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 51COMMON
                                                                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                                                                  • DestroyWindow.USER32(00000000,00000000), ref: 00403049
                                                                                                                                                                                                                                                                                                                  • GetTickCount.KERNEL32 ref: 00403067
                                                                                                                                                                                                                                                                                                                  • wsprintfW.USER32 ref: 00403095
                                                                                                                                                                                                                                                                                                                    • Part of subcall function 004056CA: lstrlenW.KERNEL32(00422728,00000000,00000000,00000000,?,?,?,?,?,?,?,?,?,004030A8,00000000,?), ref: 00405702
                                                                                                                                                                                                                                                                                                                    • Part of subcall function 004056CA: lstrlenW.KERNEL32(004030A8,00422728,00000000,00000000,00000000,?,?,?,?,?,?,?,?,?,004030A8,00000000), ref: 00405712
                                                                                                                                                                                                                                                                                                                    • Part of subcall function 004056CA: lstrcatW.KERNEL32(00422728,004030A8,004030A8,00422728,00000000,00000000,00000000), ref: 00405725
                                                                                                                                                                                                                                                                                                                    • Part of subcall function 004056CA: SetWindowTextW.USER32(00422728,00422728), ref: 00405737
                                                                                                                                                                                                                                                                                                                    • Part of subcall function 004056CA: SendMessageW.USER32(?,00001004,00000000,00000000), ref: 0040575D
                                                                                                                                                                                                                                                                                                                    • Part of subcall function 004056CA: SendMessageW.USER32(?,0000104D,00000000,00000001), ref: 00405777
                                                                                                                                                                                                                                                                                                                    • Part of subcall function 004056CA: SendMessageW.USER32(?,00001013,?,00000000), ref: 00405785
                                                                                                                                                                                                                                                                                                                  • CreateDialogParamW.USER32(0000006F,00000000,00402F93,00000000), ref: 004030B9
                                                                                                                                                                                                                                                                                                                  • ShowWindow.USER32(00000000,00000005), ref: 004030C7
                                                                                                                                                                                                                                                                                                                    • Part of subcall function 00403012: MulDiv.KERNEL32(00000000,00000064,00014669), ref: 00403027
                                                                                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                                                                  • Source File: 0000000B.00000002.3116855936.0000000000401000.00000020.00000001.01000000.0000000E.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                                  • Associated: 0000000B.00000002.3116825906.0000000000400000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 0000000B.00000002.3116905887.0000000000408000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 0000000B.00000002.3116932743.000000000040A000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 0000000B.00000002.3116932743.0000000000427000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 0000000B.00000002.3116932743.000000000042B000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 0000000B.00000002.3116932743.000000000042F000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 0000000B.00000002.3116932743.0000000000433000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 0000000B.00000002.3116932743.0000000000435000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 0000000B.00000002.3116932743.0000000000454000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 0000000B.00000002.3116932743.0000000000457000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 0000000B.00000002.3117248813.000000000045D000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 0000000B.00000002.3117248813.000000000045F000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_11_2_400000_nsr7B99.jbxd
                                                                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                                                                  • API ID: MessageSendWindow$lstrlen$CountCreateDestroyDialogParamShowTextTicklstrcatwsprintf
                                                                                                                                                                                                                                                                                                                  • String ID: ... %d%%
                                                                                                                                                                                                                                                                                                                  • API String ID: 722711167-2449383134
                                                                                                                                                                                                                                                                                                                  • Opcode ID: a65563718f57099a27635650194dd277da09fbe66beefc8d93bb4be83c5e7891
                                                                                                                                                                                                                                                                                                                  • Instruction ID: 5af6bf9b0b70cf9307c1258d0e5a667b07be53d22b58a3258066d7aee54b172b
                                                                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: a65563718f57099a27635650194dd277da09fbe66beefc8d93bb4be83c5e7891
                                                                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: E8018E70553614DBC7317F60AE08A5A3EACAB00F06F54457AF841B21E9DAB84645CBAE
                                                                                                                                                                                                                                                                                                                  Function 00404F7F Relevance: 10.5, APIs: 5, Strings: 1, Instructions: 48windowCOMMON
                                                                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                                                                  • SendMessageW.USER32(?,0000110A,00000009,00000000), ref: 00404F9A
                                                                                                                                                                                                                                                                                                                  • GetMessagePos.USER32 ref: 00404FA2
                                                                                                                                                                                                                                                                                                                  • ScreenToClient.USER32(?,?), ref: 00404FBC
                                                                                                                                                                                                                                                                                                                  • SendMessageW.USER32(?,00001111,00000000,?), ref: 00404FCE
                                                                                                                                                                                                                                                                                                                  • SendMessageW.USER32(?,0000113E,00000000,?), ref: 00404FF4
                                                                                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                                                                  • Source File: 0000000B.00000002.3116855936.0000000000401000.00000020.00000001.01000000.0000000E.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                                  • Associated: 0000000B.00000002.3116825906.0000000000400000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 0000000B.00000002.3116905887.0000000000408000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 0000000B.00000002.3116932743.000000000040A000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 0000000B.00000002.3116932743.0000000000427000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 0000000B.00000002.3116932743.000000000042B000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 0000000B.00000002.3116932743.000000000042F000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 0000000B.00000002.3116932743.0000000000433000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 0000000B.00000002.3116932743.0000000000435000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 0000000B.00000002.3116932743.0000000000454000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 0000000B.00000002.3116932743.0000000000457000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 0000000B.00000002.3117248813.000000000045D000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 0000000B.00000002.3117248813.000000000045F000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_11_2_400000_nsr7B99.jbxd
                                                                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                                                                  • API ID: Message$Send$ClientScreen
                                                                                                                                                                                                                                                                                                                  • String ID: f
                                                                                                                                                                                                                                                                                                                  • API String ID: 41195575-1993550816
                                                                                                                                                                                                                                                                                                                  • Opcode ID: b2affdf3b53bee8738e3b61904ea6c87bda347b462d3853a737802ef9deed65a
                                                                                                                                                                                                                                                                                                                  • Instruction ID: ce4c7d6d39dceca23aa6ebdb29af7737867007859e7bede0b388bd4d525dd41f
                                                                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: b2affdf3b53bee8738e3b61904ea6c87bda347b462d3853a737802ef9deed65a
                                                                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 3C014C71940219BADB00DBA4DD85BFEBBB8AF54711F10012BBB50B61C0D6B49A058BA5
                                                                                                                                                                                                                                                                                                                  Function 00402F93 Relevance: 10.5, APIs: 4, Strings: 2, Instructions: 36timeCOMMON
                                                                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                                                                  • SetTimer.USER32(?,00000001,000000FA,00000000), ref: 00402FB1
                                                                                                                                                                                                                                                                                                                  • wsprintfW.USER32 ref: 00402FE5
                                                                                                                                                                                                                                                                                                                  • SetWindowTextW.USER32(?,?), ref: 00402FF5
                                                                                                                                                                                                                                                                                                                  • SetDlgItemTextW.USER32(?,00000406,?), ref: 00403007
                                                                                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                                                                  • Source File: 0000000B.00000002.3116855936.0000000000401000.00000020.00000001.01000000.0000000E.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                                  • Associated: 0000000B.00000002.3116825906.0000000000400000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 0000000B.00000002.3116905887.0000000000408000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 0000000B.00000002.3116932743.000000000040A000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 0000000B.00000002.3116932743.0000000000427000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 0000000B.00000002.3116932743.000000000042B000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 0000000B.00000002.3116932743.000000000042F000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 0000000B.00000002.3116932743.0000000000433000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 0000000B.00000002.3116932743.0000000000435000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 0000000B.00000002.3116932743.0000000000454000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 0000000B.00000002.3116932743.0000000000457000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 0000000B.00000002.3117248813.000000000045D000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 0000000B.00000002.3117248813.000000000045F000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_11_2_400000_nsr7B99.jbxd
                                                                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                                                                  • API ID: Text$ItemTimerWindowwsprintf
                                                                                                                                                                                                                                                                                                                  • String ID: unpacking data: %d%%$verifying installer: %d%%
                                                                                                                                                                                                                                                                                                                  • API String ID: 1451636040-1158693248
                                                                                                                                                                                                                                                                                                                  • Opcode ID: b65fa6b26e28fa793ab4966251e07a6fe500b79f9b1e2f9c66e5bc42e84335f7
                                                                                                                                                                                                                                                                                                                  • Instruction ID: 34ad84b97f90b05cf42cbebec4ee1aaae98efe268bf46a139428006d78f28757
                                                                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: b65fa6b26e28fa793ab4966251e07a6fe500b79f9b1e2f9c66e5bc42e84335f7
                                                                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 25F0497050020DABEF246F60DD49BEA3B69FB00309F00803AFA05B51D0DFBD9A559F59
                                                                                                                                                                                                                                                                                                                  Function 6EFFB21E Relevance: 9.1, APIs: 6, Instructions: 117COMMON
                                                                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                                                                  • GetStringTypeW.KERNEL32(00000001,6EFFD974,00000001,?,00000103,00000001,?,6EFF9751,00200020,00000000,?,?,00000000,00000001), ref: 6EFFB25D
                                                                                                                                                                                                                                                                                                                  • GetStringTypeA.KERNEL32(00000000,00000001,6EFFD970,00000001,?), ref: 6EFFB277
                                                                                                                                                                                                                                                                                                                  • GetStringTypeA.KERNEL32(?,?,?,00000000,00200020,00000103,00000001,?,6EFF9751,00200020,00000000,?,?,00000000,00000001), ref: 6EFFB2AB
                                                                                                                                                                                                                                                                                                                  • MultiByteToWideChar.KERNEL32(6EFF9751,00000002,?,00000000,00000000,00000000,00000103,00000001,?,6EFF9751,00200020,00000000,?,?,00000000,00000001), ref: 6EFFB2E3
                                                                                                                                                                                                                                                                                                                  • MultiByteToWideChar.KERNEL32(?,00000001,?,?,?,?), ref: 6EFFB339
                                                                                                                                                                                                                                                                                                                  • GetStringTypeW.KERNEL32(?,?,00000000,?,?,?), ref: 6EFFB34B
                                                                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                                                                  • Source File: 0000000B.00000002.3121529695.000000006EFF1000.00000020.00000001.01000000.00000011.sdmp, Offset: 6EFF0000, based on PE: true
                                                                                                                                                                                                                                                                                                                  • Associated: 0000000B.00000002.3121482743.000000006EFF0000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 0000000B.00000002.3121589070.000000006EFFD000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 0000000B.00000002.3121640141.000000006EFFE000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 0000000B.00000002.3121681624.000000006F000000.00000008.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 0000000B.00000002.3121752033.000000006F001000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 0000000B.00000002.3121797437.000000006F009000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 0000000B.00000002.3121844914.000000006F00C000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_11_2_6eff0000_nsr7B99.jbxd
                                                                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                                                                  • API ID: StringType$ByteCharMultiWide
                                                                                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                                                                                  • API String ID: 3852931651-0
                                                                                                                                                                                                                                                                                                                  • Opcode ID: e3fa4b7ffec513a982838e5f2bbfab9f0a83b9a8aaf7ecf51faa3578303ab85b
                                                                                                                                                                                                                                                                                                                  • Instruction ID: 4ccfb6ed40111bc7dcd18f8e571aaec294c03d53c8f38452ee5d04d2280f19dc
                                                                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: e3fa4b7ffec513a982838e5f2bbfab9f0a83b9a8aaf7ecf51faa3578303ab85b
                                                                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 32419C72A1420AEFCF119FD4CC95BAE3F79FB09754F004829FA16D6268D7318952DB90
                                                                                                                                                                                                                                                                                                                  Function 6EFE2655 Relevance: 9.1, APIs: 6, Instructions: 109COMMON
                                                                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                                                                    • Part of subcall function 6EFE12BB: GlobalAlloc.KERNEL32(00000040,?,6EFE12DB,?,6EFE137F,00000019,6EFE11CA,-000000A0), ref: 6EFE12C5
                                                                                                                                                                                                                                                                                                                  • GlobalFree.KERNEL32(?), ref: 6EFE2743
                                                                                                                                                                                                                                                                                                                  • GlobalFree.KERNEL32(00000000), ref: 6EFE2778
                                                                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                                                                  • Source File: 0000000B.00000002.3121354560.000000006EFE1000.00000020.00000001.01000000.0000000F.sdmp, Offset: 6EFE0000, based on PE: true
                                                                                                                                                                                                                                                                                                                  • Associated: 0000000B.00000002.3121303186.000000006EFE0000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 0000000B.00000002.3121405293.000000006EFE4000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 0000000B.00000002.3121454401.000000006EFE6000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_11_2_6efe0000_nsr7B99.jbxd
                                                                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                                                                  • API ID: Global$Free$Alloc
                                                                                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                                                                                  • API String ID: 1780285237-0
                                                                                                                                                                                                                                                                                                                  • Opcode ID: a5e57c2e2b7e3aaba877f405d4e104d58fab9b25af3fa18b852d1fc48a9fadc7
                                                                                                                                                                                                                                                                                                                  • Instruction ID: b89c4c52e496fd4d01be861db2909e3cc94f65b277c7f1deb58546e2ad72edcc
                                                                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: a5e57c2e2b7e3aaba877f405d4e104d58fab9b25af3fa18b852d1fc48a9fadc7
                                                                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 5F319E72614503FFEB259F95CCA4D7A7BBAFBC6344354492DF24183A60E732B8068B61
                                                                                                                                                                                                                                                                                                                  Function 6EFF7AFB Relevance: 9.1, APIs: 6, Instructions: 56memoryCOMMON
                                                                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                                                                  • VirtualFree.KERNEL32(0000000C,00100000,00004000,?,?,?,?,6EFF4745,6EFF478B,?,?,?), ref: 6EFF7B33
                                                                                                                                                                                                                                                                                                                  • VirtualFree.KERNEL32(0000000C,00000000,00008000,?,?,?,?,6EFF4745,6EFF478B,?,?,?), ref: 6EFF7B3E
                                                                                                                                                                                                                                                                                                                  • HeapFree.KERNEL32(00000000,?,?,?,?,?,6EFF4745,6EFF478B,?,?,?), ref: 6EFF7B4B
                                                                                                                                                                                                                                                                                                                  • HeapFree.KERNEL32(00000000,?,?,?,?,6EFF4745,6EFF478B,?,?,?), ref: 6EFF7B67
                                                                                                                                                                                                                                                                                                                  • VirtualFree.KERNEL32(FFFFFFFF,00000000,00008000,?,?,6EFF4745,6EFF478B,?,?,?), ref: 6EFF7B88
                                                                                                                                                                                                                                                                                                                  • HeapDestroy.KERNEL32(?,?,6EFF4745,6EFF478B,?,?,?), ref: 6EFF7B9A
                                                                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                                                                  • Source File: 0000000B.00000002.3121529695.000000006EFF1000.00000020.00000001.01000000.00000011.sdmp, Offset: 6EFF0000, based on PE: true
                                                                                                                                                                                                                                                                                                                  • Associated: 0000000B.00000002.3121482743.000000006EFF0000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 0000000B.00000002.3121589070.000000006EFFD000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 0000000B.00000002.3121640141.000000006EFFE000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 0000000B.00000002.3121681624.000000006F000000.00000008.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 0000000B.00000002.3121752033.000000006F001000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 0000000B.00000002.3121797437.000000006F009000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 0000000B.00000002.3121844914.000000006F00C000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_11_2_6eff0000_nsr7B99.jbxd
                                                                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                                                                  • API ID: Free$HeapVirtual$Destroy
                                                                                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                                                                                  • API String ID: 716807051-0
                                                                                                                                                                                                                                                                                                                  • Opcode ID: 7ddc4110273d6e171531f7ae36cbe8440c0ac3edcbf860fbb37e5dca37aeca8f
                                                                                                                                                                                                                                                                                                                  • Instruction ID: 7105bfd8a458b95adc06b86db2929d912c1f551e762be49504f2a67c9961d544
                                                                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 7ddc4110273d6e171531f7ae36cbe8440c0ac3edcbf860fbb37e5dca37aeca8f
                                                                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: C011AC31250A06EBDB219B60DC55F4AB775EB47720F210468E751A31E8C622A852EF58
                                                                                                                                                                                                                                                                                                                  Function 6FB517D8 Relevance: 8.9, APIs: 3, Strings: 2, Instructions: 128memorystringCOMMON
                                                                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                                                                  • lstrlenW.KERNEL32(15FF5700,00000000,?,?,?,?,?,?,?,?,6FB53ED9,00000000), ref: 6FB517E5
                                                                                                                                                                                                                                                                                                                  • GlobalAlloc.KERNEL32(00000040,?,?,?,?,?,?,?,?,?,6FB53ED9,00000000), ref: 6FB517FA
                                                                                                                                                                                                                                                                                                                  • wsprintfW.USER32 ref: 6FB518CD
                                                                                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                                                                  • Source File: 0000000B.00000002.3121957134.000000006FB51000.00000020.00000001.01000000.00000012.sdmp, Offset: 6FB50000, based on PE: true
                                                                                                                                                                                                                                                                                                                  • Associated: 0000000B.00000002.3121909200.000000006FB50000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 0000000B.00000002.3122021784.000000006FB55000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 0000000B.00000002.3122082427.000000006FB57000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_11_2_6fb50000_nsr7B99.jbxd
                                                                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                                                                  • API ID: AllocGloballstrlenwsprintf
                                                                                                                                                                                                                                                                                                                  • String ID: 0x%c%c%c%c$\
                                                                                                                                                                                                                                                                                                                  • API String ID: 983123113-737428342
                                                                                                                                                                                                                                                                                                                  • Opcode ID: 6ecba01fa60a0e61d7c484a60f4a99957409f756158ebacb19a15ea7f659ede8
                                                                                                                                                                                                                                                                                                                  • Instruction ID: 62f4d7e7292d491253aba2cfa1c68ee237f643ebfbd515c86931cbd648f10401
                                                                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 6ecba01fa60a0e61d7c484a60f4a99957409f756158ebacb19a15ea7f659ede8
                                                                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 8941C471A40249ABDB20CFA8E981BEEB7B4FB45315F184156E905EF240E278D9A1C7A0
                                                                                                                                                                                                                                                                                                                  Function 6EFF7956 Relevance: 8.9, APIs: 3, Strings: 2, Instructions: 115COMMON
                                                                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                                                                  • GetVersionExA.KERNEL32 ref: 6EFF7975
                                                                                                                                                                                                                                                                                                                  • GetEnvironmentVariableA.KERNEL32(__MSVCRT_HEAP_SELECT,?,00001090), ref: 6EFF79AA
                                                                                                                                                                                                                                                                                                                  • GetModuleFileNameA.KERNEL32(00000000,?,00000104), ref: 6EFF7A0A
                                                                                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                                                                  • Source File: 0000000B.00000002.3121529695.000000006EFF1000.00000020.00000001.01000000.00000011.sdmp, Offset: 6EFF0000, based on PE: true
                                                                                                                                                                                                                                                                                                                  • Associated: 0000000B.00000002.3121482743.000000006EFF0000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 0000000B.00000002.3121589070.000000006EFFD000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 0000000B.00000002.3121640141.000000006EFFE000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 0000000B.00000002.3121681624.000000006F000000.00000008.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 0000000B.00000002.3121752033.000000006F001000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 0000000B.00000002.3121797437.000000006F009000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 0000000B.00000002.3121844914.000000006F00C000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_11_2_6eff0000_nsr7B99.jbxd
                                                                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                                                                  • API ID: EnvironmentFileModuleNameVariableVersion
                                                                                                                                                                                                                                                                                                                  • String ID: __GLOBAL_HEAP_SELECTED$__MSVCRT_HEAP_SELECT
                                                                                                                                                                                                                                                                                                                  • API String ID: 1385375860-4131005785
                                                                                                                                                                                                                                                                                                                  • Opcode ID: a2e7941758054040ae73910b3b9e2eda0ed7e61fd6eb5d4c04b657c7a78b89e4
                                                                                                                                                                                                                                                                                                                  • Instruction ID: d8cedb716e1f150553731b93666758562f8dd8eda4b891cea9d5ec17e64f7955
                                                                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: a2e7941758054040ae73910b3b9e2eda0ed7e61fd6eb5d4c04b657c7a78b89e4
                                                                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 6E31D171875249EBEB618AF05CB0BDDB76C9F06708F5008DAE184D61F1E6218B97CB10
                                                                                                                                                                                                                                                                                                                  Function 00404E71 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 84stringCOMMON
                                                                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                                                                  • lstrlenW.KERNEL32(00423748,00423748,?,%u.%u%s%s,00000005,00000000,00000000,?,000000DC,00000000,?,000000DF,00000000,00000400,?), ref: 00404F12
                                                                                                                                                                                                                                                                                                                  • wsprintfW.USER32 ref: 00404F1B
                                                                                                                                                                                                                                                                                                                  • SetDlgItemTextW.USER32(?,00423748), ref: 00404F2E
                                                                                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                                                                  • Source File: 0000000B.00000002.3116855936.0000000000401000.00000020.00000001.01000000.0000000E.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                                  • Associated: 0000000B.00000002.3116825906.0000000000400000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 0000000B.00000002.3116905887.0000000000408000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 0000000B.00000002.3116932743.000000000040A000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 0000000B.00000002.3116932743.0000000000427000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 0000000B.00000002.3116932743.000000000042B000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 0000000B.00000002.3116932743.000000000042F000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 0000000B.00000002.3116932743.0000000000433000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 0000000B.00000002.3116932743.0000000000435000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 0000000B.00000002.3116932743.0000000000454000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 0000000B.00000002.3116932743.0000000000457000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 0000000B.00000002.3117248813.000000000045D000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 0000000B.00000002.3117248813.000000000045F000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_11_2_400000_nsr7B99.jbxd
                                                                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                                                                  • API ID: ItemTextlstrlenwsprintf
                                                                                                                                                                                                                                                                                                                  • String ID: %u.%u%s%s$H7B
                                                                                                                                                                                                                                                                                                                  • API String ID: 3540041739-107966168
                                                                                                                                                                                                                                                                                                                  • Opcode ID: 2edccdcb36c72f9bdce7a586f7ca7ee262dfb9f9a49697097ea36a1117f17e36
                                                                                                                                                                                                                                                                                                                  • Instruction ID: 20619224473e8c08b4fba53027c62ddcf1c3fef784a2ba69f514aa474de30786
                                                                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 2edccdcb36c72f9bdce7a586f7ca7ee262dfb9f9a49697097ea36a1117f17e36
                                                                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 1A11D8736041283BDB00A5ADDC45E9F3298AB81338F150637FA26F61D1EA79882182E8
                                                                                                                                                                                                                                                                                                                  Function 6EFE1979 Relevance: 7.7, APIs: 5, Instructions: 194COMMON
                                                                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                                                                  • Source File: 0000000B.00000002.3121354560.000000006EFE1000.00000020.00000001.01000000.0000000F.sdmp, Offset: 6EFE0000, based on PE: true
                                                                                                                                                                                                                                                                                                                  • Associated: 0000000B.00000002.3121303186.000000006EFE0000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 0000000B.00000002.3121405293.000000006EFE4000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 0000000B.00000002.3121454401.000000006EFE6000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_11_2_6efe0000_nsr7B99.jbxd
                                                                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                                                                  • API ID: FreeGlobal
                                                                                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                                                                                  • API String ID: 2979337801-0
                                                                                                                                                                                                                                                                                                                  • Opcode ID: 7f7849e96f0c91982cbe0269aa13d4418413215b4162c855e4d99be2208df065
                                                                                                                                                                                                                                                                                                                  • Instruction ID: 11a19ad5d0e69a463359d71214abdd0d884ac998679bdf34b375999e46d27e38
                                                                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 7f7849e96f0c91982cbe0269aa13d4418413215b4162c855e4d99be2208df065
                                                                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 3151D432D14119BF8B50AFEB88705EE76BAEB85314F00855AD410B3E15F771BE8D8791
                                                                                                                                                                                                                                                                                                                  Function 6EFF7BA3 Relevance: 7.6, APIs: 5, Instructions: 143COMMON
                                                                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                                                                  • GetStartupInfoA.KERNEL32(?), ref: 6EFF7BFC
                                                                                                                                                                                                                                                                                                                  • GetFileType.KERNEL32(00000800), ref: 6EFF7CA2
                                                                                                                                                                                                                                                                                                                  • GetStdHandle.KERNEL32(-000000F6), ref: 6EFF7CFB
                                                                                                                                                                                                                                                                                                                  • GetFileType.KERNEL32(00000000), ref: 6EFF7D09
                                                                                                                                                                                                                                                                                                                  • SetHandleCount.KERNEL32 ref: 6EFF7D40
                                                                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                                                                  • Source File: 0000000B.00000002.3121529695.000000006EFF1000.00000020.00000001.01000000.00000011.sdmp, Offset: 6EFF0000, based on PE: true
                                                                                                                                                                                                                                                                                                                  • Associated: 0000000B.00000002.3121482743.000000006EFF0000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 0000000B.00000002.3121589070.000000006EFFD000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 0000000B.00000002.3121640141.000000006EFFE000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 0000000B.00000002.3121681624.000000006F000000.00000008.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 0000000B.00000002.3121752033.000000006F001000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 0000000B.00000002.3121797437.000000006F009000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 0000000B.00000002.3121844914.000000006F00C000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_11_2_6eff0000_nsr7B99.jbxd
                                                                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                                                                  • API ID: FileHandleType$CountInfoStartup
                                                                                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                                                                                  • API String ID: 1710529072-0
                                                                                                                                                                                                                                                                                                                  • Opcode ID: 09c9391e89a6341b7266ebfa53a4beee2e8d3095ed431d45161ed1d7d1f8b7f8
                                                                                                                                                                                                                                                                                                                  • Instruction ID: 06281494bc5e7e214c3824d77b6f41a47f9ec45841910d58b1d0c06f66790de1
                                                                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 09c9391e89a6341b7266ebfa53a4beee2e8d3095ed431d45161ed1d7d1f8b7f8
                                                                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: F85124B1528A46CBE7108BA8C864B9AFBA4FF06334F454B6DD4A2CB2E0E7749447C751
                                                                                                                                                                                                                                                                                                                  Function 6FB512FF Relevance: 7.6, APIs: 5, Instructions: 96stringmemoryCOMMON
                                                                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                                                                  • lstrlenW.KERNEL32(00000800,?,00000004,?,?,?,6FB51E4C,00000004,00000800,00000000), ref: 6FB5131D
                                                                                                                                                                                                                                                                                                                  • GlobalAlloc.KERNEL32(00000040,-00000002,?,?,?,6FB51E4C,00000004,00000800,00000000), ref: 6FB5132C
                                                                                                                                                                                                                                                                                                                  • IsCharAlphaNumericW.USER32(?,00000000,?,?,?,6FB51E4C,00000004,00000800,00000000), ref: 6FB51351
                                                                                                                                                                                                                                                                                                                  • lstrlenW.KERNEL32(00000000,00000000,?,?,?,6FB51E4C,00000004,00000800,00000000), ref: 6FB513C0
                                                                                                                                                                                                                                                                                                                  • GlobalFree.KERNEL32(00000000), ref: 6FB513E9
                                                                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                                                                  • Source File: 0000000B.00000002.3121957134.000000006FB51000.00000020.00000001.01000000.00000012.sdmp, Offset: 6FB50000, based on PE: true
                                                                                                                                                                                                                                                                                                                  • Associated: 0000000B.00000002.3121909200.000000006FB50000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 0000000B.00000002.3122021784.000000006FB55000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 0000000B.00000002.3122082427.000000006FB57000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_11_2_6fb50000_nsr7B99.jbxd
                                                                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                                                                  • API ID: Globallstrlen$AllocAlphaCharFreeNumeric
                                                                                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                                                                                  • API String ID: 2254421552-0
                                                                                                                                                                                                                                                                                                                  • Opcode ID: f0dcfb41bc9be7e630c4afefc64d197df9d7f638a643a9c60bfa88a6b462b88c
                                                                                                                                                                                                                                                                                                                  • Instruction ID: 5065a05958c8fb7727b71813af2823aa7087a2de4ce05efd7b86a794526fbd22
                                                                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: f0dcfb41bc9be7e630c4afefc64d197df9d7f638a643a9c60bfa88a6b462b88c
                                                                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 7C31F036900266F7DB101F59D894BAA37B8EF0AB61B180042F900DA610E37CE9B2C7A1
                                                                                                                                                                                                                                                                                                                  Function 00402EA9 Relevance: 7.6, APIs: 5, Instructions: 84registryCOMMON
                                                                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                                                                  • RegEnumValueW.ADVAPI32(?,00000000,?,?,00000000,00000000,00000000,00000000,?,?,00100020,?,?,?), ref: 00402EFD
                                                                                                                                                                                                                                                                                                                  • RegEnumKeyW.ADVAPI32(?,00000000,?,00000105), ref: 00402F49
                                                                                                                                                                                                                                                                                                                  • RegCloseKey.ADVAPI32(?,?,?), ref: 00402F52
                                                                                                                                                                                                                                                                                                                  • RegDeleteKeyW.ADVAPI32(?,?), ref: 00402F69
                                                                                                                                                                                                                                                                                                                  • RegCloseKey.ADVAPI32(?,?,?), ref: 00402F74
                                                                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                                                                  • Source File: 0000000B.00000002.3116855936.0000000000401000.00000020.00000001.01000000.0000000E.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                                  • Associated: 0000000B.00000002.3116825906.0000000000400000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 0000000B.00000002.3116905887.0000000000408000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 0000000B.00000002.3116932743.000000000040A000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 0000000B.00000002.3116932743.0000000000427000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 0000000B.00000002.3116932743.000000000042B000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 0000000B.00000002.3116932743.000000000042F000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 0000000B.00000002.3116932743.0000000000433000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 0000000B.00000002.3116932743.0000000000435000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 0000000B.00000002.3116932743.0000000000454000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 0000000B.00000002.3116932743.0000000000457000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 0000000B.00000002.3117248813.000000000045D000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 0000000B.00000002.3117248813.000000000045F000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_11_2_400000_nsr7B99.jbxd
                                                                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                                                                  • API ID: CloseEnum$DeleteValue
                                                                                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                                                                                  • API String ID: 1354259210-0
                                                                                                                                                                                                                                                                                                                  • Opcode ID: 953796069c20d6fa7490a0bfa1861ca0c616837e62ffc418281f2642f3cef6d6
                                                                                                                                                                                                                                                                                                                  • Instruction ID: 37c7ba0f9c491dd7f389852fcb35a119484072d927876f68e32cbd91f0a54eef
                                                                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 953796069c20d6fa7490a0bfa1861ca0c616837e62ffc418281f2642f3cef6d6
                                                                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 6D216B7150010ABBDF11AF94CE89EEF7B7DEB50384F110076F909B21E0D7B49E54AA68
                                                                                                                                                                                                                                                                                                                  Function 00401D81 Relevance: 7.6, APIs: 5, Instructions: 75windowCOMMON
                                                                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                                                                  • GetDlgItem.USER32(?,?), ref: 00401D9A
                                                                                                                                                                                                                                                                                                                  • GetClientRect.USER32(?,?), ref: 00401DE5
                                                                                                                                                                                                                                                                                                                  • LoadImageW.USER32(?,?,?,?,?,?), ref: 00401E15
                                                                                                                                                                                                                                                                                                                  • SendMessageW.USER32(?,00000172,?,00000000), ref: 00401E29
                                                                                                                                                                                                                                                                                                                  • DeleteObject.GDI32(00000000), ref: 00401E39
                                                                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                                                                  • Source File: 0000000B.00000002.3116855936.0000000000401000.00000020.00000001.01000000.0000000E.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                                  • Associated: 0000000B.00000002.3116825906.0000000000400000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 0000000B.00000002.3116905887.0000000000408000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 0000000B.00000002.3116932743.000000000040A000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 0000000B.00000002.3116932743.0000000000427000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 0000000B.00000002.3116932743.000000000042B000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 0000000B.00000002.3116932743.000000000042F000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 0000000B.00000002.3116932743.0000000000433000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 0000000B.00000002.3116932743.0000000000435000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 0000000B.00000002.3116932743.0000000000454000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 0000000B.00000002.3116932743.0000000000457000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 0000000B.00000002.3117248813.000000000045D000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 0000000B.00000002.3117248813.000000000045F000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_11_2_400000_nsr7B99.jbxd
                                                                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                                                                  • API ID: ClientDeleteImageItemLoadMessageObjectRectSend
                                                                                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                                                                                  • API String ID: 1849352358-0
                                                                                                                                                                                                                                                                                                                  • Opcode ID: 100b3177012869429c2005611ce111630833f28d1ab152a2d5a2575cfc39775b
                                                                                                                                                                                                                                                                                                                  • Instruction ID: 4d725fdcf847a80329c23b38d7164c003567f542edd6fcacfb34c9ebeef40da9
                                                                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 100b3177012869429c2005611ce111630833f28d1ab152a2d5a2575cfc39775b
                                                                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 67212672904119AFCB05CBA4DE45AEEBBB5EF08304F14003AF945F62A0CB389951DB98
                                                                                                                                                                                                                                                                                                                  Function 6FB549E9 Relevance: 7.5, APIs: 5, Instructions: 45filestringCOMMON
                                                                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                                                                  • lstrlenW.KERNEL32(?,00000000,00000000,00000000), ref: 6FB54A00
                                                                                                                                                                                                                                                                                                                  • WriteFile.KERNEL32(00000000,?,00000000), ref: 6FB54A0F
                                                                                                                                                                                                                                                                                                                  • lstrlenW.KERNEL32(?,00000000), ref: 6FB54A1A
                                                                                                                                                                                                                                                                                                                  • WriteFile.KERNEL32(00000000,00000000,?,00000000,00000000,?,00000000,00000000), ref: 6FB54A4A
                                                                                                                                                                                                                                                                                                                  • GlobalFree.KERNEL32(00000000), ref: 6FB54A51
                                                                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                                                                  • Source File: 0000000B.00000002.3121957134.000000006FB51000.00000020.00000001.01000000.00000012.sdmp, Offset: 6FB50000, based on PE: true
                                                                                                                                                                                                                                                                                                                  • Associated: 0000000B.00000002.3121909200.000000006FB50000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 0000000B.00000002.3122021784.000000006FB55000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 0000000B.00000002.3122082427.000000006FB57000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_11_2_6fb50000_nsr7B99.jbxd
                                                                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                                                                  • API ID: FileWritelstrlen$FreeGlobal
                                                                                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                                                                                  • API String ID: 3525607692-0
                                                                                                                                                                                                                                                                                                                  • Opcode ID: d9ce685f0c07d51bd6501bf21b3a7b4a1b24a529ba0d2db07c0d67e3bb990e3b
                                                                                                                                                                                                                                                                                                                  • Instruction ID: 1db407906382571f771a6f06aedc34549add9edc52d34d1461f1e7407f437c5f
                                                                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: d9ce685f0c07d51bd6501bf21b3a7b4a1b24a529ba0d2db07c0d67e3bb990e3b
                                                                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 1D014431400608EFDF118F94DC09FEA3BA8FF01325F184125B92AA6110D7B9AA368BD8
                                                                                                                                                                                                                                                                                                                  Function 00401E4E Relevance: 7.5, APIs: 5, Instructions: 43COMMON
                                                                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                                                                  • GetDC.USER32(?), ref: 00401E51
                                                                                                                                                                                                                                                                                                                  • GetDeviceCaps.GDI32(00000000,0000005A), ref: 00401E6B
                                                                                                                                                                                                                                                                                                                  • MulDiv.KERNEL32(00000000,00000000), ref: 00401E73
                                                                                                                                                                                                                                                                                                                  • ReleaseDC.USER32(?,00000000), ref: 00401E84
                                                                                                                                                                                                                                                                                                                    • Part of subcall function 004066A5: lstrcatW.KERNEL32(get,\Microsoft\Internet Explorer\Quick Launch), ref: 0040684A
                                                                                                                                                                                                                                                                                                                    • Part of subcall function 004066A5: lstrlenW.KERNEL32(get,00000000,00422728,?,00405701,00422728,00000000), ref: 004068A4
                                                                                                                                                                                                                                                                                                                  • CreateFontIndirectW.GDI32(0040CDF8), ref: 00401ED3
                                                                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                                                                  • Source File: 0000000B.00000002.3116855936.0000000000401000.00000020.00000001.01000000.0000000E.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                                  • Associated: 0000000B.00000002.3116825906.0000000000400000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 0000000B.00000002.3116905887.0000000000408000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 0000000B.00000002.3116932743.000000000040A000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 0000000B.00000002.3116932743.0000000000427000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 0000000B.00000002.3116932743.000000000042B000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 0000000B.00000002.3116932743.000000000042F000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 0000000B.00000002.3116932743.0000000000433000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 0000000B.00000002.3116932743.0000000000435000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 0000000B.00000002.3116932743.0000000000454000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 0000000B.00000002.3116932743.0000000000457000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 0000000B.00000002.3117248813.000000000045D000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 0000000B.00000002.3117248813.000000000045F000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_11_2_400000_nsr7B99.jbxd
                                                                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                                                                  • API ID: CapsCreateDeviceFontIndirectReleaselstrcatlstrlen
                                                                                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                                                                                  • API String ID: 2584051700-0
                                                                                                                                                                                                                                                                                                                  • Opcode ID: e128970cf71a0b284ce18b21917758e509e5717976d06807f88455f58f814df6
                                                                                                                                                                                                                                                                                                                  • Instruction ID: b9cc094806d22c325402cb6ccb5f5134c2025175c414775df3ff87de861ccae2
                                                                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: e128970cf71a0b284ce18b21917758e509e5717976d06807f88455f58f814df6
                                                                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 8401B571900241EFEB005BB4EE89A9A3FB0AB15301F208939F541B71D2C6B904459BED
                                                                                                                                                                                                                                                                                                                  Function 6EFE16BD Relevance: 7.5, APIs: 5, Instructions: 41memorylibraryloaderCOMMON
                                                                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                                                                  • WideCharToMultiByte.KERNEL32(00000000,00000000,00000000,000000FF,00000000,00000000,00000000,00000000,00000808,00000000,?,00000000,6EFE22D8,?,00000808), ref: 6EFE16D5
                                                                                                                                                                                                                                                                                                                  • GlobalAlloc.KERNEL32(00000040,00000000,?,00000000,6EFE22D8,?,00000808), ref: 6EFE16DC
                                                                                                                                                                                                                                                                                                                  • WideCharToMultiByte.KERNEL32(00000000,00000000,00000000,000000FF,00000000,00000000,00000000,00000000,?,00000000,6EFE22D8,?,00000808), ref: 6EFE16F0
                                                                                                                                                                                                                                                                                                                  • GetProcAddress.KERNEL32(6EFE22D8,00000000), ref: 6EFE16F7
                                                                                                                                                                                                                                                                                                                  • GlobalFree.KERNEL32(00000000), ref: 6EFE1700
                                                                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                                                                  • Source File: 0000000B.00000002.3121354560.000000006EFE1000.00000020.00000001.01000000.0000000F.sdmp, Offset: 6EFE0000, based on PE: true
                                                                                                                                                                                                                                                                                                                  • Associated: 0000000B.00000002.3121303186.000000006EFE0000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 0000000B.00000002.3121405293.000000006EFE4000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 0000000B.00000002.3121454401.000000006EFE6000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_11_2_6efe0000_nsr7B99.jbxd
                                                                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                                                                  • API ID: ByteCharGlobalMultiWide$AddressAllocFreeProc
                                                                                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                                                                                  • API String ID: 1148316912-0
                                                                                                                                                                                                                                                                                                                  • Opcode ID: ed443fb8b3afb51adb98a1d65913b6e6c32f4c1dc02447bd3bd8b60c72e7feca
                                                                                                                                                                                                                                                                                                                  • Instruction ID: 0d024c2db4b499a6dbd8ee46e081ff404b8e213a082bb547a3eb47b22dd2a640
                                                                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: ed443fb8b3afb51adb98a1d65913b6e6c32f4c1dc02447bd3bd8b60c72e7feca
                                                                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 6CF01C722165387BDA2016A78C4CDABBE9CDFCB2F5B110225F7289229086615C02DBF1
                                                                                                                                                                                                                                                                                                                  Function 6FB53F72 Relevance: 7.5, APIs: 2, Strings: 3, Instructions: 31stringCOMMON
                                                                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                                                                  • lstrcmpiW.KERNEL32(00000000,JSON,?,00000000,?,?,00000000,?,?,?,?,?,?,00000000), ref: 6FB53F9D
                                                                                                                                                                                                                                                                                                                  • lstrcmpiW.KERNEL32(00000000,Raw,?,?,00000000,?,?,?,?,?,?,00000000,?,?,00000000), ref: 6FB53FB0
                                                                                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                                                                  • Source File: 0000000B.00000002.3121957134.000000006FB51000.00000020.00000001.01000000.00000012.sdmp, Offset: 6FB50000, based on PE: true
                                                                                                                                                                                                                                                                                                                  • Associated: 0000000B.00000002.3121909200.000000006FB50000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 0000000B.00000002.3122021784.000000006FB55000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 0000000B.00000002.3122082427.000000006FB57000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_11_2_6fb50000_nsr7B99.jbxd
                                                                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                                                                  • API ID: lstrcmpi
                                                                                                                                                                                                                                                                                                                  • String ID: DataType$JSON$Raw
                                                                                                                                                                                                                                                                                                                  • API String ID: 1586166983-3390691770
                                                                                                                                                                                                                                                                                                                  • Opcode ID: da27e854feaa4fadac0f2cf5056a3f1a6bb5b527f583f3bfdd66cbd947ff91a0
                                                                                                                                                                                                                                                                                                                  • Instruction ID: 154fce3918dd09fac4f769a50ad9a7053c4f0b649cdacf93d653e140eea9ae13
                                                                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: da27e854feaa4fadac0f2cf5056a3f1a6bb5b527f583f3bfdd66cbd947ff91a0
                                                                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 63E01A725596953ACA102E7DBC06F9B3F588F0256EB2C0210F91AEA285E62DA476049D
                                                                                                                                                                                                                                                                                                                  Function 00401C43 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 84windowtimeCOMMON
                                                                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                                                                  • SendMessageTimeoutW.USER32(00000000,00000000,?,?,?,00000002,?), ref: 00401CB3
                                                                                                                                                                                                                                                                                                                  • SendMessageW.USER32(00000000,00000000,?,?), ref: 00401CCB
                                                                                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                                                                  • Source File: 0000000B.00000002.3116855936.0000000000401000.00000020.00000001.01000000.0000000E.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                                  • Associated: 0000000B.00000002.3116825906.0000000000400000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 0000000B.00000002.3116905887.0000000000408000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 0000000B.00000002.3116932743.000000000040A000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 0000000B.00000002.3116932743.0000000000427000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 0000000B.00000002.3116932743.000000000042B000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 0000000B.00000002.3116932743.000000000042F000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 0000000B.00000002.3116932743.0000000000433000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 0000000B.00000002.3116932743.0000000000435000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 0000000B.00000002.3116932743.0000000000454000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 0000000B.00000002.3116932743.0000000000457000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 0000000B.00000002.3117248813.000000000045D000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 0000000B.00000002.3117248813.000000000045F000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_11_2_400000_nsr7B99.jbxd
                                                                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                                                                  • API ID: MessageSend$Timeout
                                                                                                                                                                                                                                                                                                                  • String ID: !
                                                                                                                                                                                                                                                                                                                  • API String ID: 1777923405-2657877971
                                                                                                                                                                                                                                                                                                                  • Opcode ID: b183ccb6ab3284ced798d12f720e161a9248df31e23c89b80f307d5b894ef539
                                                                                                                                                                                                                                                                                                                  • Instruction ID: e1c20d37316975b9b94706f7b3abd8da4b7b3b5136eece5bd2aa3cbae88a6c19
                                                                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: b183ccb6ab3284ced798d12f720e161a9248df31e23c89b80f307d5b894ef539
                                                                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 28219E7190420AEFEF05AFA4D94AAAE7BB4FF44304F14453EF601B61D0D7B88941CB98
                                                                                                                                                                                                                                                                                                                  Function 00406536 Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 44registryCOMMON
                                                                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                                                                  • RegQueryValueExW.ADVAPI32(?,?,00000000,?,?,0040A230,00000000,('B,00000000,?,?,get,?,?,0040679D,80000002), ref: 0040657C
                                                                                                                                                                                                                                                                                                                  • RegCloseKey.ADVAPI32(?,?,0040679D,80000002,Software\Microsoft\Windows\CurrentVersion,get,get,get,00000000,00422728), ref: 00406587
                                                                                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                                                                  • Source File: 0000000B.00000002.3116855936.0000000000401000.00000020.00000001.01000000.0000000E.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                                  • Associated: 0000000B.00000002.3116825906.0000000000400000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 0000000B.00000002.3116905887.0000000000408000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 0000000B.00000002.3116932743.000000000040A000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 0000000B.00000002.3116932743.0000000000427000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 0000000B.00000002.3116932743.000000000042B000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 0000000B.00000002.3116932743.000000000042F000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 0000000B.00000002.3116932743.0000000000433000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 0000000B.00000002.3116932743.0000000000435000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 0000000B.00000002.3116932743.0000000000454000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 0000000B.00000002.3116932743.0000000000457000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 0000000B.00000002.3117248813.000000000045D000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 0000000B.00000002.3117248813.000000000045F000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_11_2_400000_nsr7B99.jbxd
                                                                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                                                                  • API ID: CloseQueryValue
                                                                                                                                                                                                                                                                                                                  • String ID: ('B$get
                                                                                                                                                                                                                                                                                                                  • API String ID: 3356406503-1955485993
                                                                                                                                                                                                                                                                                                                  • Opcode ID: abb8e2472c70d4d58aecb7d0dfcf889930bd109b5a1b9baac0574de2233c5019
                                                                                                                                                                                                                                                                                                                  • Instruction ID: 52dd0fe420a7c1e2827d1a164217834099ee72e945ce70567094b216899e5676
                                                                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: abb8e2472c70d4d58aecb7d0dfcf889930bd109b5a1b9baac0574de2233c5019
                                                                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: C4017C72500209FADF21CF51DD09EDB3BA8EF54364F01803AFD1AA2190D738D964DBA4
                                                                                                                                                                                                                                                                                                                  Function 00405F37 Relevance: 7.0, APIs: 3, Strings: 1, Instructions: 16stringCOMMON
                                                                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                                                                  • lstrlenW.KERNEL32(?,C:\Users\user\AppData\Local\Temp\,0040362D,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,00403923), ref: 00405F3D
                                                                                                                                                                                                                                                                                                                  • CharPrevW.USER32(?,00000000,?,C:\Users\user\AppData\Local\Temp\,0040362D,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,00403923), ref: 00405F47
                                                                                                                                                                                                                                                                                                                  • lstrcatW.KERNEL32(?,0040A014), ref: 00405F59
                                                                                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                                                                                  • C:\Users\user\AppData\Local\Temp\, xrefs: 00405F37
                                                                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                                                                  • Source File: 0000000B.00000002.3116855936.0000000000401000.00000020.00000001.01000000.0000000E.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                                  • Associated: 0000000B.00000002.3116825906.0000000000400000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 0000000B.00000002.3116905887.0000000000408000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 0000000B.00000002.3116932743.000000000040A000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 0000000B.00000002.3116932743.0000000000427000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 0000000B.00000002.3116932743.000000000042B000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 0000000B.00000002.3116932743.000000000042F000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 0000000B.00000002.3116932743.0000000000433000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 0000000B.00000002.3116932743.0000000000435000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 0000000B.00000002.3116932743.0000000000454000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 0000000B.00000002.3116932743.0000000000457000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 0000000B.00000002.3117248813.000000000045D000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 0000000B.00000002.3117248813.000000000045F000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_11_2_400000_nsr7B99.jbxd
                                                                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                                                                  • API ID: CharPrevlstrcatlstrlen
                                                                                                                                                                                                                                                                                                                  • String ID: C:\Users\user\AppData\Local\Temp\
                                                                                                                                                                                                                                                                                                                  • API String ID: 2659869361-3081826266
                                                                                                                                                                                                                                                                                                                  • Opcode ID: 7317fb0b60a0da6156192e69c80d181f5022b3d5f83b8f009beaa75eacd33bdb
                                                                                                                                                                                                                                                                                                                  • Instruction ID: 9007417a49851ea4d61da9c71e51c63d156abd36d345156a737e00ee84923012
                                                                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 7317fb0b60a0da6156192e69c80d181f5022b3d5f83b8f009beaa75eacd33bdb
                                                                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 59D05E611019246AC111AB548D04DDB63ACAE85304742046AF601B60A0CB7E196287ED
                                                                                                                                                                                                                                                                                                                  Function 6EFF6ABC Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 13libraryloaderCOMMON
                                                                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                                                                  • GetModuleHandleA.KERNEL32(KERNEL32,6EFF4228), ref: 6EFF6AC1
                                                                                                                                                                                                                                                                                                                  • GetProcAddress.KERNEL32(00000000,IsProcessorFeaturePresent), ref: 6EFF6AD1
                                                                                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                                                                  • Source File: 0000000B.00000002.3121529695.000000006EFF1000.00000020.00000001.01000000.00000011.sdmp, Offset: 6EFF0000, based on PE: true
                                                                                                                                                                                                                                                                                                                  • Associated: 0000000B.00000002.3121482743.000000006EFF0000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 0000000B.00000002.3121589070.000000006EFFD000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 0000000B.00000002.3121640141.000000006EFFE000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 0000000B.00000002.3121681624.000000006F000000.00000008.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 0000000B.00000002.3121752033.000000006F001000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 0000000B.00000002.3121797437.000000006F009000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 0000000B.00000002.3121844914.000000006F00C000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_11_2_6eff0000_nsr7B99.jbxd
                                                                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                                                                  • API ID: AddressHandleModuleProc
                                                                                                                                                                                                                                                                                                                  • String ID: IsProcessorFeaturePresent$KERNEL32
                                                                                                                                                                                                                                                                                                                  • API String ID: 1646373207-3105848591
                                                                                                                                                                                                                                                                                                                  • Opcode ID: 442b14f8706aa6a4c2b4a36645491d2426b5c007e3f2f917d184f16bb68b2e1a
                                                                                                                                                                                                                                                                                                                  • Instruction ID: 7437765844ce81c80adb29f055ae1162b05c53864796690a9fb6e34acdf71a34
                                                                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 442b14f8706aa6a4c2b4a36645491d2426b5c007e3f2f917d184f16bb68b2e1a
                                                                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 20C012B0220202E7EE402BF20C39B1A26682F81682F058820B01AE41A4DE13D0239E68
                                                                                                                                                                                                                                                                                                                  Function 6EFFA240 Relevance: 6.4, APIs: 5, Instructions: 102memoryCOMMON
                                                                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                                                                  • HeapAlloc.KERNEL32(00000000,00002020,6EFFEBB0,6EFFEBB0,?,?,6EFFA70C,00000020,00000010,00000000,00000000,00000000,?,6EFFA8F1,00000010,?), ref: 6EFFA261
                                                                                                                                                                                                                                                                                                                  • VirtualAlloc.KERNEL32(00000000,00400000,00002000,00000004,?,?,6EFFA70C,00000020,00000010,00000000,00000000,00000000,?,6EFFA8F1,00000010,?), ref: 6EFFA285
                                                                                                                                                                                                                                                                                                                  • VirtualAlloc.KERNEL32(00000000,00010000,00001000,00000004,?,?,6EFFA70C,00000020,00000010,00000000,00000000,00000000,?,6EFFA8F1,00000010,?), ref: 6EFFA29F
                                                                                                                                                                                                                                                                                                                  • VirtualFree.KERNEL32(00000000,00000000,00008000,?,?,6EFFA70C,00000020,00000010,00000000,00000000,00000000,?,6EFFA8F1,00000010,?,6EFFA886), ref: 6EFFA360
                                                                                                                                                                                                                                                                                                                  • HeapFree.KERNEL32(00000000,00000000,?,?,6EFFA70C,00000020,00000010,00000000,00000000,00000000,?,6EFFA8F1,00000010,?,6EFFA886,000000E0), ref: 6EFFA377
                                                                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                                                                  • Source File: 0000000B.00000002.3121529695.000000006EFF1000.00000020.00000001.01000000.00000011.sdmp, Offset: 6EFF0000, based on PE: true
                                                                                                                                                                                                                                                                                                                  • Associated: 0000000B.00000002.3121482743.000000006EFF0000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 0000000B.00000002.3121589070.000000006EFFD000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 0000000B.00000002.3121640141.000000006EFFE000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 0000000B.00000002.3121681624.000000006F000000.00000008.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 0000000B.00000002.3121752033.000000006F001000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 0000000B.00000002.3121797437.000000006F009000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 0000000B.00000002.3121844914.000000006F00C000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_11_2_6eff0000_nsr7B99.jbxd
                                                                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                                                                  • API ID: AllocVirtual$FreeHeap
                                                                                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                                                                                  • API String ID: 714016831-0
                                                                                                                                                                                                                                                                                                                  • Opcode ID: fd83dd411cbcf46fab2a69b4a83a6d5d531d2fa8a95bd37c57a64e8d48fcabc7
                                                                                                                                                                                                                                                                                                                  • Instruction ID: e378eea0a3d7c37ca011cf4f2867e588d976c90a53df49380e2f5f03bf99daf3
                                                                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: fd83dd411cbcf46fab2a69b4a83a6d5d531d2fa8a95bd37c57a64e8d48fcabc7
                                                                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 42310671654F02DFD7208F68DC60B5577E8FB46B64F00452AE267973E0EB71A442CB54
                                                                                                                                                                                                                                                                                                                  Function 6FB52B39 Relevance: 6.3, APIs: 5, Instructions: 52stringmemoryCOMMON
                                                                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                                                                  • lstrcmpiW.KERNEL32(00000000,00000000,00000000,?,?,6FB541D0,00000000,?,?,00000000,00000000,00000000,?,6FB52D8C,00000000,00000000), ref: 6FB52B59
                                                                                                                                                                                                                                                                                                                  • GlobalAlloc.KERNEL32(00000040,0000000C,00000000,?,6FB541D0,00000000,?,?,00000000,00000000,00000000,?,6FB52D8C,00000000,00000000,00000000), ref: 6FB52B7A
                                                                                                                                                                                                                                                                                                                  • lstrlenW.KERNEL32(00000000,?,6FB541D0,00000000,?,?,00000000,00000000,00000000,?,6FB52D8C,00000000,00000000,00000000), ref: 6FB52B7F
                                                                                                                                                                                                                                                                                                                  • GlobalAlloc.KERNEL32(00000040,00000000,?,6FB541D0,00000000,?,?,00000000,00000000,00000000,?,6FB52D8C,00000000,00000000,00000000), ref: 6FB52B8F
                                                                                                                                                                                                                                                                                                                  • lstrcpyW.KERNEL32(00000000,00000000,?,6FB541D0,00000000,?,?,00000000,00000000,00000000,?,6FB52D8C,00000000,00000000,00000000), ref: 6FB52B95
                                                                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                                                                  • Source File: 0000000B.00000002.3121957134.000000006FB51000.00000020.00000001.01000000.00000012.sdmp, Offset: 6FB50000, based on PE: true
                                                                                                                                                                                                                                                                                                                  • Associated: 0000000B.00000002.3121909200.000000006FB50000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 0000000B.00000002.3122021784.000000006FB55000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 0000000B.00000002.3122082427.000000006FB57000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_11_2_6fb50000_nsr7B99.jbxd
                                                                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                                                                  • API ID: AllocGlobal$lstrcmpilstrcpylstrlen
                                                                                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                                                                                  • API String ID: 3653182775-0
                                                                                                                                                                                                                                                                                                                  • Opcode ID: e7a32aa63cbb8fc20615f8c163fee5f4c72cd0641295d13f6c325d20faca8f5d
                                                                                                                                                                                                                                                                                                                  • Instruction ID: 23b5791835e4176c67dca66201a817730819bb6171ba6bc667fc2d775ccd2fa0
                                                                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: e7a32aa63cbb8fc20615f8c163fee5f4c72cd0641295d13f6c325d20faca8f5d
                                                                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 8E018079641258EFEB108F69DC44F9A7BA8EF457A5F044425FA089B210D739EC21CBE0
                                                                                                                                                                                                                                                                                                                  Function 6EFF908E Relevance: 6.1, APIs: 4, Instructions: 139fileCOMMON
                                                                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                                                                  • WriteFile.KERNEL32(?,?,?,?,00000000,00000002,?,?), ref: 6EFF9166
                                                                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                                                                  • Source File: 0000000B.00000002.3121529695.000000006EFF1000.00000020.00000001.01000000.00000011.sdmp, Offset: 6EFF0000, based on PE: true
                                                                                                                                                                                                                                                                                                                  • Associated: 0000000B.00000002.3121482743.000000006EFF0000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 0000000B.00000002.3121589070.000000006EFFD000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 0000000B.00000002.3121640141.000000006EFFE000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 0000000B.00000002.3121681624.000000006F000000.00000008.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 0000000B.00000002.3121752033.000000006F001000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 0000000B.00000002.3121797437.000000006F009000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 0000000B.00000002.3121844914.000000006F00C000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_11_2_6eff0000_nsr7B99.jbxd
                                                                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                                                                  • API ID: FileWrite
                                                                                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                                                                                  • API String ID: 3934441357-0
                                                                                                                                                                                                                                                                                                                  • Opcode ID: 156c30a574514514a9b391fb94097c2df03e04b53e4936d562f3a5ed62fd3177
                                                                                                                                                                                                                                                                                                                  • Instruction ID: e4f2afe27a661f2558384e83e3fdf18108b86512c1d6890a3fb4fe3c9c13332b
                                                                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 156c30a574514514a9b391fb94097c2df03e04b53e4936d562f3a5ed62fd3177
                                                                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 4B51C231904609EFDB01CFE9C8A4B9D7BB5FF82350F1085AAE815DB264DB30DA42DB50
                                                                                                                                                                                                                                                                                                                  Function 6EFF195B Relevance: 6.1, APIs: 4, Instructions: 122stringCOMMON
                                                                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                                                                  • lstrlenW.KERNEL32(00000000,00000000,?,00001000,00001000), ref: 6EFF19DF
                                                                                                                                                                                                                                                                                                                  • lstrlenW.KERNEL32(00000000), ref: 6EFF19E5
                                                                                                                                                                                                                                                                                                                    • Part of subcall function 6EFF32B1: GlobalAlloc.KERNEL32(00000040,00000010,?,?,?,00000002,6EFF1806,00000400,?,00000000), ref: 6EFF32CE
                                                                                                                                                                                                                                                                                                                    • Part of subcall function 6EFF32B1: GlobalAlloc.KERNEL32(00000040,00000010,?,00000002,6EFF1806,00000400,?,00000000), ref: 6EFF32DC
                                                                                                                                                                                                                                                                                                                    • Part of subcall function 6EFF32B1: GlobalAlloc.KERNEL32(00000040,00000400,?,00000002,6EFF1806,00000400,?,00000000), ref: 6EFF32EB
                                                                                                                                                                                                                                                                                                                    • Part of subcall function 6EFF3295: GlobalAlloc.KERNEL32(00000040,00000010,6EFF1084,?,?,?,00000000,6EFF114D,?,?,?,00000000,6EFF1010,00000000,?,?), ref: 6EFF3299
                                                                                                                                                                                                                                                                                                                  • __ftol.LIBCMT ref: 6EFF1A4A
                                                                                                                                                                                                                                                                                                                  • GlobalFree.KERNEL32(00000000), ref: 6EFF1A6E
                                                                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                                                                  • Source File: 0000000B.00000002.3121529695.000000006EFF1000.00000020.00000001.01000000.00000011.sdmp, Offset: 6EFF0000, based on PE: true
                                                                                                                                                                                                                                                                                                                  • Associated: 0000000B.00000002.3121482743.000000006EFF0000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 0000000B.00000002.3121589070.000000006EFFD000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 0000000B.00000002.3121640141.000000006EFFE000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 0000000B.00000002.3121681624.000000006F000000.00000008.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 0000000B.00000002.3121752033.000000006F001000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 0000000B.00000002.3121797437.000000006F009000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 0000000B.00000002.3121844914.000000006F00C000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_11_2_6eff0000_nsr7B99.jbxd
                                                                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                                                                  • API ID: Global$Alloc$lstrlen$Free__ftol
                                                                                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                                                                                  • API String ID: 971515049-0
                                                                                                                                                                                                                                                                                                                  • Opcode ID: 91e95bb4d61bf8f7a405d01cb4a9cfbdd26832ea4000c306461eebc0cf315131
                                                                                                                                                                                                                                                                                                                  • Instruction ID: c3a661470960918eb2d49165698a343d464adb538552749d6a5b2428b0405b38
                                                                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 91e95bb4d61bf8f7a405d01cb4a9cfbdd26832ea4000c306461eebc0cf315131
                                                                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 0F418EB1904205DFDB14DFD9C4A0AAAB7F8EF49314F20846EE55997322DB31A946CF90
                                                                                                                                                                                                                                                                                                                  Function 0040263E Relevance: 6.1, APIs: 2, Strings: 2, Instructions: 65stringCOMMON
                                                                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                                                                  • lstrlenA.KERNEL32(C:\Users\user\AppData\Local\Temp\nsr9111.tmp\inetc.dll), ref: 00402695
                                                                                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                                                                  • Source File: 0000000B.00000002.3116855936.0000000000401000.00000020.00000001.01000000.0000000E.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                                  • Associated: 0000000B.00000002.3116825906.0000000000400000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 0000000B.00000002.3116905887.0000000000408000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 0000000B.00000002.3116932743.000000000040A000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 0000000B.00000002.3116932743.0000000000427000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 0000000B.00000002.3116932743.000000000042B000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 0000000B.00000002.3116932743.000000000042F000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 0000000B.00000002.3116932743.0000000000433000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 0000000B.00000002.3116932743.0000000000435000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 0000000B.00000002.3116932743.0000000000454000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 0000000B.00000002.3116932743.0000000000457000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 0000000B.00000002.3117248813.000000000045D000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 0000000B.00000002.3117248813.000000000045F000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_11_2_400000_nsr7B99.jbxd
                                                                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                                                                  • API ID: lstrlen
                                                                                                                                                                                                                                                                                                                  • String ID: C:\Users\user\AppData\Local\Temp\nsr9111.tmp$C:\Users\user\AppData\Local\Temp\nsr9111.tmp\inetc.dll
                                                                                                                                                                                                                                                                                                                  • API String ID: 1659193697-3660361044
                                                                                                                                                                                                                                                                                                                  • Opcode ID: 9a86cc41fb3ba1d07c106fca7ec167276fc7dee72b5d11bed2732143b2a4cd05
                                                                                                                                                                                                                                                                                                                  • Instruction ID: f1e3379d491753f9d96dc3c217618d2e64da59e9cc8309568291ba5d2d488428
                                                                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 9a86cc41fb3ba1d07c106fca7ec167276fc7dee72b5d11bed2732143b2a4cd05
                                                                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: D511C472A00205EBCB10BBB18E4AA9E76619F44758F21483FE402B61C1DAFD8891965F
                                                                                                                                                                                                                                                                                                                  Function 6FB51933 Relevance: 6.0, APIs: 4, Instructions: 48memoryCOMMON
                                                                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                                                                  • WideCharToMultiByte.KERNEL32(?,00000200,00000000,00000000,00000000,00000000,00000000,00000000,00000000,00000000,?,?,6FB523BE,00000000,?,00000000), ref: 6FB5194F
                                                                                                                                                                                                                                                                                                                  • GlobalAlloc.KERNEL32(00000040,00000001,?,6FB523BE,00000000,?,00000000,00000000,?,6FB5294A,00000000,6FB5510C,00000001,00000000,00000000,00000000), ref: 6FB51961
                                                                                                                                                                                                                                                                                                                  • WideCharToMultiByte.KERNEL32(?,00000200,00000000,00000000,00000000,00000000,00000000,00000000,?,6FB523BE,00000000,?,00000000,00000000,?,6FB5294A), ref: 6FB51980
                                                                                                                                                                                                                                                                                                                  • GlobalFree.KERNEL32(00000000), ref: 6FB51991
                                                                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                                                                  • Source File: 0000000B.00000002.3121957134.000000006FB51000.00000020.00000001.01000000.00000012.sdmp, Offset: 6FB50000, based on PE: true
                                                                                                                                                                                                                                                                                                                  • Associated: 0000000B.00000002.3121909200.000000006FB50000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 0000000B.00000002.3122021784.000000006FB55000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 0000000B.00000002.3122082427.000000006FB57000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_11_2_6fb50000_nsr7B99.jbxd
                                                                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                                                                  • API ID: ByteCharGlobalMultiWide$AllocFree
                                                                                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                                                                                  • API String ID: 2244543456-0
                                                                                                                                                                                                                                                                                                                  • Opcode ID: 46d33cf9d2ba3954c8c06801fbc16a5e674f0676f32209979a5a522de7615819
                                                                                                                                                                                                                                                                                                                  • Instruction ID: 268699c385619766184798c11607757e993a27471415d9253306a06ad65f54c3
                                                                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 46d33cf9d2ba3954c8c06801fbc16a5e674f0676f32209979a5a522de7615819
                                                                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: CA01AD35200B15BBEB010F5ACC48FAB7F6DFF4A765F040020FA08CA190C635E8318AA4
                                                                                                                                                                                                                                                                                                                  Function 00403C25 Relevance: 6.0, APIs: 2, Strings: 2, Instructions: 20COMMON
                                                                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                                                                  • CloseHandle.KERNEL32(FFFFFFFF,C:\Users\user\AppData\Local\Temp\,00403B71,?), ref: 00403C37
                                                                                                                                                                                                                                                                                                                  • CloseHandle.KERNEL32(000002E8,C:\Users\user\AppData\Local\Temp\,00403B71,?), ref: 00403C4B
                                                                                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                                                                                  • C:\Users\user\AppData\Local\Temp\nsr9111.tmp, xrefs: 00403C5B
                                                                                                                                                                                                                                                                                                                  • C:\Users\user\AppData\Local\Temp\, xrefs: 00403C2A
                                                                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                                                                  • Source File: 0000000B.00000002.3116855936.0000000000401000.00000020.00000001.01000000.0000000E.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                                  • Associated: 0000000B.00000002.3116825906.0000000000400000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 0000000B.00000002.3116905887.0000000000408000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 0000000B.00000002.3116932743.000000000040A000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 0000000B.00000002.3116932743.0000000000427000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 0000000B.00000002.3116932743.000000000042B000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 0000000B.00000002.3116932743.000000000042F000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 0000000B.00000002.3116932743.0000000000433000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 0000000B.00000002.3116932743.0000000000435000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 0000000B.00000002.3116932743.0000000000454000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 0000000B.00000002.3116932743.0000000000457000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 0000000B.00000002.3117248813.000000000045D000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 0000000B.00000002.3117248813.000000000045F000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_11_2_400000_nsr7B99.jbxd
                                                                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                                                                  • API ID: CloseHandle
                                                                                                                                                                                                                                                                                                                  • String ID: C:\Users\user\AppData\Local\Temp\$C:\Users\user\AppData\Local\Temp\nsr9111.tmp
                                                                                                                                                                                                                                                                                                                  • API String ID: 2962429428-2017108948
                                                                                                                                                                                                                                                                                                                  • Opcode ID: 3450910aa3eb4a83e9339ad550daa728f038e8843dee50fd20da138f79135bda
                                                                                                                                                                                                                                                                                                                  • Instruction ID: ab9e488bef71b432d29da19662b82269d7b8f1628316f3e3d8f7e3aa77a32ace
                                                                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 3450910aa3eb4a83e9339ad550daa728f038e8843dee50fd20da138f79135bda
                                                                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 3BE0863244471496E5246F7DAF4D9853B285F413357248726F178F60F0C7389A9B4A9D
                                                                                                                                                                                                                                                                                                                  Function 6EFF3692 Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 189COMMON
                                                                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                                                                  • __startOneArgErrorHandling.LIBCMT ref: 6EFF3722
                                                                                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                                                                  • Source File: 0000000B.00000002.3121529695.000000006EFF1000.00000020.00000001.01000000.00000011.sdmp, Offset: 6EFF0000, based on PE: true
                                                                                                                                                                                                                                                                                                                  • Associated: 0000000B.00000002.3121482743.000000006EFF0000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 0000000B.00000002.3121589070.000000006EFFD000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 0000000B.00000002.3121640141.000000006EFFE000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 0000000B.00000002.3121681624.000000006F000000.00000008.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 0000000B.00000002.3121752033.000000006F001000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 0000000B.00000002.3121797437.000000006F009000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 0000000B.00000002.3121844914.000000006F00C000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_11_2_6eff0000_nsr7B99.jbxd
                                                                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                                                                  • API ID: ErrorHandling__start
                                                                                                                                                                                                                                                                                                                  • String ID: pow
                                                                                                                                                                                                                                                                                                                  • API String ID: 3213639722-2276729525
                                                                                                                                                                                                                                                                                                                  • Opcode ID: b387e908960558455f336ec90fc9a57bb30b46b68ca1339870e185ccbb368ab9
                                                                                                                                                                                                                                                                                                                  • Instruction ID: 4c7589b1babddfa56d01b660ec21078908a811826145af1ae88ee429dbe1be4b
                                                                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: b387e908960558455f336ec90fc9a57bb30b46b68ca1339870e185ccbb368ab9
                                                                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 21515AE2D3D102CBCB417798C93439D3BA89B41715F518D69F499862BCEF35C4978A83
                                                                                                                                                                                                                                                                                                                  Function 6EFFABBE Relevance: 5.4, APIs: 1, Strings: 2, Instructions: 124COMMON
                                                                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                                                                  • GetCPInfo.KERNEL32(?,00000000), ref: 6EFFABD2
                                                                                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                                                                  • Source File: 0000000B.00000002.3121529695.000000006EFF1000.00000020.00000001.01000000.00000011.sdmp, Offset: 6EFF0000, based on PE: true
                                                                                                                                                                                                                                                                                                                  • Associated: 0000000B.00000002.3121482743.000000006EFF0000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 0000000B.00000002.3121589070.000000006EFFD000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 0000000B.00000002.3121640141.000000006EFFE000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 0000000B.00000002.3121681624.000000006F000000.00000008.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 0000000B.00000002.3121752033.000000006F001000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 0000000B.00000002.3121797437.000000006F009000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 0000000B.00000002.3121844914.000000006F00C000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_11_2_6eff0000_nsr7B99.jbxd
                                                                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                                                                  • API ID: Info
                                                                                                                                                                                                                                                                                                                  • String ID: $
                                                                                                                                                                                                                                                                                                                  • API String ID: 1807457897-3032137957
                                                                                                                                                                                                                                                                                                                  • Opcode ID: 70baff4cd60f5e877b3dead7e36dffd7b98d06fda3691377eb9b6b87fcd0e907
                                                                                                                                                                                                                                                                                                                  • Instruction ID: 513c9d0017f66421dce975c6e917325293fd94f6626ab84826edfeea62dc03b4
                                                                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 70baff4cd60f5e877b3dead7e36dffd7b98d06fda3691377eb9b6b87fcd0e907
                                                                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: C7417D31104A9C9FEB069BA4CD75BEB7FEDAB03704F2004E5D584D7262C7258545C762
                                                                                                                                                                                                                                                                                                                  Function 0040603F Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 47stringCOMMON
                                                                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                                                                    • Part of subcall function 00406668: lstrcpynW.KERNEL32(?,?,00000400,004037B0,00429260,NSIS Error), ref: 00406675
                                                                                                                                                                                                                                                                                                                    • Part of subcall function 00405FE2: CharNextW.USER32(?,?,00425F50,?,00406056,00425F50,00425F50,74DF3420,?,74DF2EE0,00405D94,?,74DF3420,74DF2EE0,00000000), ref: 00405FF0
                                                                                                                                                                                                                                                                                                                    • Part of subcall function 00405FE2: CharNextW.USER32(00000000), ref: 00405FF5
                                                                                                                                                                                                                                                                                                                    • Part of subcall function 00405FE2: CharNextW.USER32(00000000), ref: 0040600D
                                                                                                                                                                                                                                                                                                                  • lstrlenW.KERNEL32(00425F50,00000000,00425F50,00425F50,74DF3420,?,74DF2EE0,00405D94,?,74DF3420,74DF2EE0,00000000), ref: 00406098
                                                                                                                                                                                                                                                                                                                  • GetFileAttributesW.KERNEL32(00425F50,00425F50,00425F50,00425F50,00425F50,00425F50,00000000,00425F50,00425F50,74DF3420,?,74DF2EE0,00405D94,?,74DF3420,74DF2EE0), ref: 004060A8
                                                                                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                                                                  • Source File: 0000000B.00000002.3116855936.0000000000401000.00000020.00000001.01000000.0000000E.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                                  • Associated: 0000000B.00000002.3116825906.0000000000400000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 0000000B.00000002.3116905887.0000000000408000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 0000000B.00000002.3116932743.000000000040A000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 0000000B.00000002.3116932743.0000000000427000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 0000000B.00000002.3116932743.000000000042B000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 0000000B.00000002.3116932743.000000000042F000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 0000000B.00000002.3116932743.0000000000433000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 0000000B.00000002.3116932743.0000000000435000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 0000000B.00000002.3116932743.0000000000454000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 0000000B.00000002.3116932743.0000000000457000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 0000000B.00000002.3117248813.000000000045D000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 0000000B.00000002.3117248813.000000000045F000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_11_2_400000_nsr7B99.jbxd
                                                                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                                                                  • API ID: CharNext$AttributesFilelstrcpynlstrlen
                                                                                                                                                                                                                                                                                                                  • String ID: P_B
                                                                                                                                                                                                                                                                                                                  • API String ID: 3248276644-906794629
                                                                                                                                                                                                                                                                                                                  • Opcode ID: 900e3a3aedd828ccf636743a116f58552bc6887dcb5d3e9637a901da882d1290
                                                                                                                                                                                                                                                                                                                  • Instruction ID: df110f430b83b9381375b5fd3fa67f6c4419d4890c6468873e0fced3c2676832
                                                                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 900e3a3aedd828ccf636743a116f58552bc6887dcb5d3e9637a901da882d1290
                                                                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 0DF07826144A1216E622B23A0C05BAF05098F82354B07063FFC93B22E1DF3C8973C43E
                                                                                                                                                                                                                                                                                                                  Function 0040563E Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 46windowCOMMON
                                                                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                                                                  • IsWindowVisible.USER32(?), ref: 0040566D
                                                                                                                                                                                                                                                                                                                  • CallWindowProcW.USER32(?,?,?,?), ref: 004056BE
                                                                                                                                                                                                                                                                                                                    • Part of subcall function 00404610: SendMessageW.USER32(?,00000000,00000000,00000000), ref: 00404622
                                                                                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                                                                  • Source File: 0000000B.00000002.3116855936.0000000000401000.00000020.00000001.01000000.0000000E.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                                  • Associated: 0000000B.00000002.3116825906.0000000000400000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 0000000B.00000002.3116905887.0000000000408000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 0000000B.00000002.3116932743.000000000040A000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 0000000B.00000002.3116932743.0000000000427000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 0000000B.00000002.3116932743.000000000042B000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 0000000B.00000002.3116932743.000000000042F000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 0000000B.00000002.3116932743.0000000000433000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 0000000B.00000002.3116932743.0000000000435000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 0000000B.00000002.3116932743.0000000000454000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 0000000B.00000002.3116932743.0000000000457000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 0000000B.00000002.3117248813.000000000045D000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 0000000B.00000002.3117248813.000000000045F000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_11_2_400000_nsr7B99.jbxd
                                                                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                                                                  • API ID: Window$CallMessageProcSendVisible
                                                                                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                                                                                  • API String ID: 3748168415-3916222277
                                                                                                                                                                                                                                                                                                                  • Opcode ID: a73dc4e993bde12ea44745026bd4b5676165c6f206d332bc9731ab0fc1b08652
                                                                                                                                                                                                                                                                                                                  • Instruction ID: 537e1cae7e4c88fb21f4f8cfd237bdd46b0b38e99f2a5e053ca6ba0093d9a5c8
                                                                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: a73dc4e993bde12ea44745026bd4b5676165c6f206d332bc9731ab0fc1b08652
                                                                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 4401B171200608AFEF205F11DD84A6B3A35EB84361F904837FA08752E0D77F8D929E6D
                                                                                                                                                                                                                                                                                                                  Function 00405F83 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 16stringCOMMON
                                                                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                                                                  • lstrlenW.KERNEL32(80000000,C:\Users\user\AppData\Local\Temp,0040313C,C:\Users\user\AppData\Local\Temp,C:\Users\user\AppData\Local\Temp,C:\Users\user\AppData\Local\Temp\nsr7B99.tmp,C:\Users\user\AppData\Local\Temp\nsr7B99.tmp,80000000,00000003), ref: 00405F89
                                                                                                                                                                                                                                                                                                                  • CharPrevW.USER32(80000000,00000000,80000000,C:\Users\user\AppData\Local\Temp,0040313C,C:\Users\user\AppData\Local\Temp,C:\Users\user\AppData\Local\Temp,C:\Users\user\AppData\Local\Temp\nsr7B99.tmp,C:\Users\user\AppData\Local\Temp\nsr7B99.tmp,80000000,00000003), ref: 00405F99
                                                                                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                                                                                  • C:\Users\user\AppData\Local\Temp, xrefs: 00405F83
                                                                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                                                                  • Source File: 0000000B.00000002.3116855936.0000000000401000.00000020.00000001.01000000.0000000E.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                                  • Associated: 0000000B.00000002.3116825906.0000000000400000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 0000000B.00000002.3116905887.0000000000408000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 0000000B.00000002.3116932743.000000000040A000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 0000000B.00000002.3116932743.0000000000427000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 0000000B.00000002.3116932743.000000000042B000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 0000000B.00000002.3116932743.000000000042F000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 0000000B.00000002.3116932743.0000000000433000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 0000000B.00000002.3116932743.0000000000435000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 0000000B.00000002.3116932743.0000000000454000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 0000000B.00000002.3116932743.0000000000457000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 0000000B.00000002.3117248813.000000000045D000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 0000000B.00000002.3117248813.000000000045F000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_11_2_400000_nsr7B99.jbxd
                                                                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                                                                  • API ID: CharPrevlstrlen
                                                                                                                                                                                                                                                                                                                  • String ID: C:\Users\user\AppData\Local\Temp
                                                                                                                                                                                                                                                                                                                  • API String ID: 2709904686-47812868
                                                                                                                                                                                                                                                                                                                  • Opcode ID: 176def5b2db9ef34a9f22db2929791273b03e08e07d7b66f37effa829582f156
                                                                                                                                                                                                                                                                                                                  • Instruction ID: bd974b3f77e4b05eb9372a1ad14375fba7b947cfa10dd8d614d5bb7090e452f7
                                                                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 176def5b2db9ef34a9f22db2929791273b03e08e07d7b66f37effa829582f156
                                                                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 6CD05EB2401D219EC3126B04DC00D9F63ACEF51301B4A4866E441AB1A0DB7C5D9186A9
                                                                                                                                                                                                                                                                                                                  Function 6FB52536 Relevance: 5.2, APIs: 4, Instructions: 243stringCOMMON
                                                                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                                                                  • lstrlenW.KERNEL32(00000000,6FB53F05,?,6FB53F05,?,00000000,?,00000000,00000000,00000000), ref: 6FB52578
                                                                                                                                                                                                                                                                                                                  • lstrlenW.KERNEL32(?,6FB53F05,?,00000000,00000000,00000000,?,6FB51CC7,00000000,?,00000000,00000000,00000000,00000000,00000000,00000000), ref: 6FB52642
                                                                                                                                                                                                                                                                                                                  • lstrlenW.KERNEL32(?,6FB53F05,?,6FB53F05,?,00000000,?,00000000,00000000,00000000), ref: 6FB52607
                                                                                                                                                                                                                                                                                                                    • Part of subcall function 6FB5229E: GlobalReAlloc.KERNEL32(00000000,?,00000042), ref: 6FB522D4
                                                                                                                                                                                                                                                                                                                    • Part of subcall function 6FB5229E: GetLastError.KERNEL32(?,?,6FB52754,00000000,00000000,00000000,6FB5510C,00000001,6FB53F05,?,00000000,00000000,00000000,?,6FB51CC7,00000000), ref: 6FB522DE
                                                                                                                                                                                                                                                                                                                    • Part of subcall function 6FB5229E: GlobalFree.KERNEL32(00000000), ref: 6FB522EB
                                                                                                                                                                                                                                                                                                                    • Part of subcall function 6FB5229E: lstrcpyW.KERNEL32(?,00000000,00000000,00000000,?,?,?,6FB52754,00000000,00000000,00000000,6FB5510C,00000001,6FB53F05,?,00000000), ref: 6FB52319
                                                                                                                                                                                                                                                                                                                  • lstrcpyW.KERNEL32(?,6FB55110,00000000,00000000,00000000,?,6FB51CC7,00000000,?,00000000,00000000,00000000,00000000,00000000,00000000,00000000), ref: 6FB527AF
                                                                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                                                                  • Source File: 0000000B.00000002.3121957134.000000006FB51000.00000020.00000001.01000000.00000012.sdmp, Offset: 6FB50000, based on PE: true
                                                                                                                                                                                                                                                                                                                  • Associated: 0000000B.00000002.3121909200.000000006FB50000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 0000000B.00000002.3122021784.000000006FB55000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 0000000B.00000002.3122082427.000000006FB57000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_11_2_6fb50000_nsr7B99.jbxd
                                                                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                                                                  • API ID: lstrlen$Globallstrcpy$AllocErrorFreeLast
                                                                                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                                                                                  • API String ID: 2385761697-0
                                                                                                                                                                                                                                                                                                                  • Opcode ID: fd751c6663170057f88dca53f5f708ded1b3952b6c0fbb46f0a99cc543bbbc8d
                                                                                                                                                                                                                                                                                                                  • Instruction ID: 6eb1d11f48e7f9bf52ad692243a6878fa6d9f21b9aeb1bbbba02d49ddd6312bf
                                                                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: fd751c6663170057f88dca53f5f708ded1b3952b6c0fbb46f0a99cc543bbbc8d
                                                                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: C9716B75202289BFDF129F549C86EEF3B6AEF49309F048004FE245A160D73AD971DBA4
                                                                                                                                                                                                                                                                                                                  Function 6FB52984 Relevance: 5.1, APIs: 4, Instructions: 96stringCOMMON
                                                                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                                                                  • lstrcmpW.KERNEL32(6FB55050,?,00000000,?,00000000,?,6FB521C4,6FB5487C,00000000,?,00000000,00000000,00000000,?,?,6FB5487C), ref: 6FB529D4
                                                                                                                                                                                                                                                                                                                  • lstrcmpiW.KERNEL32(6FB55050,?,00000000,?,00000000,?,6FB521C4,6FB5487C,00000000,?,00000000,00000000,00000000,?,?,6FB5487C), ref: 6FB529DC
                                                                                                                                                                                                                                                                                                                  • lstrcmpW.KERNEL32(75FF855B,?,00000000,?,00000000,?,6FB521C4,6FB5487C,00000000,?,00000000,00000000,00000000,?,?,6FB5487C), ref: 6FB52A2A
                                                                                                                                                                                                                                                                                                                  • lstrcmpiW.KERNEL32(75FF855B,?,00000000,?,00000000,?,6FB521C4,6FB5487C,00000000,?,00000000,00000000,00000000,?,?,6FB5487C), ref: 6FB52A38
                                                                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                                                                  • Source File: 0000000B.00000002.3121957134.000000006FB51000.00000020.00000001.01000000.00000012.sdmp, Offset: 6FB50000, based on PE: true
                                                                                                                                                                                                                                                                                                                  • Associated: 0000000B.00000002.3121909200.000000006FB50000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 0000000B.00000002.3122021784.000000006FB55000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 0000000B.00000002.3122082427.000000006FB57000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_11_2_6fb50000_nsr7B99.jbxd
                                                                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                                                                  • API ID: lstrcmplstrcmpi
                                                                                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                                                                                  • API String ID: 3524194181-0
                                                                                                                                                                                                                                                                                                                  • Opcode ID: 1eb0f91a92f3e34e4742aeaf8c9cf152e50afb8ceb8337ef213b186f1aa07145
                                                                                                                                                                                                                                                                                                                  • Instruction ID: 5e56f6b051c1986d3553d8280105ff555dbfeb0c1153041eb62387e389db9687
                                                                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 1eb0f91a92f3e34e4742aeaf8c9cf152e50afb8ceb8337ef213b186f1aa07145
                                                                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 8F31F232242380DFDB168EA8E945BD637E5FF44760F294025E9588B2B1D73DE872CB90
                                                                                                                                                                                                                                                                                                                  Function 6FB5229E Relevance: 5.1, APIs: 4, Instructions: 85memorystringCOMMON
                                                                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                                                                  • GlobalReAlloc.KERNEL32(00000000,?,00000042), ref: 6FB522D4
                                                                                                                                                                                                                                                                                                                  • GetLastError.KERNEL32(?,?,6FB52754,00000000,00000000,00000000,6FB5510C,00000001,6FB53F05,?,00000000,00000000,00000000,?,6FB51CC7,00000000), ref: 6FB522DE
                                                                                                                                                                                                                                                                                                                  • GlobalFree.KERNEL32(00000000), ref: 6FB522EB
                                                                                                                                                                                                                                                                                                                  • lstrcpyW.KERNEL32(?,00000000,00000000,00000000,?,?,?,6FB52754,00000000,00000000,00000000,6FB5510C,00000001,6FB53F05,?,00000000), ref: 6FB52319
                                                                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                                                                  • Source File: 0000000B.00000002.3121957134.000000006FB51000.00000020.00000001.01000000.00000012.sdmp, Offset: 6FB50000, based on PE: true
                                                                                                                                                                                                                                                                                                                  • Associated: 0000000B.00000002.3121909200.000000006FB50000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 0000000B.00000002.3122021784.000000006FB55000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 0000000B.00000002.3122082427.000000006FB57000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_11_2_6fb50000_nsr7B99.jbxd
                                                                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                                                                  • API ID: Global$AllocErrorFreeLastlstrcpy
                                                                                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                                                                                  • API String ID: 213496960-0
                                                                                                                                                                                                                                                                                                                  • Opcode ID: cd78fd34f90d19b8345170b40337c96772313cfe36b71d1451a9efa85dcebc96
                                                                                                                                                                                                                                                                                                                  • Instruction ID: 247304bd831d6bd059123eeb2b7403bae7996479baa5e0e595038ec324c0de27
                                                                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: cd78fd34f90d19b8345170b40337c96772313cfe36b71d1451a9efa85dcebc96
                                                                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 483157392012868FDB05DF19E480AAAB3B5FF49311B6000ADED95C7210D739E872CB90
                                                                                                                                                                                                                                                                                                                  Function 6FB52A75 Relevance: 5.1, APIs: 4, Instructions: 55stringCOMMON
                                                                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                                                                  • lstrcmpiW.KERNEL32(?,6FB5602C,00000000,00000000,00000000,?,?,6FB52E0D,6FB5602C,00000000,00000000), ref: 6FB52AA9
                                                                                                                                                                                                                                                                                                                  • GlobalFree.KERNEL32(00000000), ref: 6FB52ADA
                                                                                                                                                                                                                                                                                                                  • GlobalFree.KERNEL32(?), ref: 6FB52AE1
                                                                                                                                                                                                                                                                                                                  • GlobalFree.KERNEL32(?), ref: 6FB52AE4
                                                                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                                                                  • Source File: 0000000B.00000002.3121957134.000000006FB51000.00000020.00000001.01000000.00000012.sdmp, Offset: 6FB50000, based on PE: true
                                                                                                                                                                                                                                                                                                                  • Associated: 0000000B.00000002.3121909200.000000006FB50000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 0000000B.00000002.3122021784.000000006FB55000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 0000000B.00000002.3122082427.000000006FB57000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_11_2_6fb50000_nsr7B99.jbxd
                                                                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                                                                  • API ID: FreeGlobal$lstrcmpi
                                                                                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                                                                                  • API String ID: 2789208084-0
                                                                                                                                                                                                                                                                                                                  • Opcode ID: dbfb03ca849b5aab523e867a4fe7b0ac9f98a80a223ed4c8351185c76d1842f1
                                                                                                                                                                                                                                                                                                                  • Instruction ID: 03017e13fa789ed4bf55d3675b7237c2bceafcc7ca9e81fca49b3142fdad8944
                                                                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: dbfb03ca849b5aab523e867a4fe7b0ac9f98a80a223ed4c8351185c76d1842f1
                                                                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: BC11C035A02A55EFDB20CF98D880A9AB7A8FF08761B10406AFC149B300D778FD20CBD0
                                                                                                                                                                                                                                                                                                                  Function 6EFFA094 Relevance: 5.1, APIs: 4, Instructions: 53memoryCOMMON
                                                                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                                                                  • HeapReAlloc.KERNEL32(00000000,00000050,00000020,00000000,6EFF9E5C,00000020,?,00000000,?,6EFF4652,?,?), ref: 6EFFA0BC
                                                                                                                                                                                                                                                                                                                  • HeapAlloc.KERNEL32(00000008,000041C4,00000020,00000000,6EFF9E5C,00000020,?,00000000,?,6EFF4652,?,?), ref: 6EFFA0F0
                                                                                                                                                                                                                                                                                                                  • VirtualAlloc.KERNEL32(00000000,00100000,00002000,00000004), ref: 6EFFA10A
                                                                                                                                                                                                                                                                                                                  • HeapFree.KERNEL32(00000000,?), ref: 6EFFA121
                                                                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                                                                  • Source File: 0000000B.00000002.3121529695.000000006EFF1000.00000020.00000001.01000000.00000011.sdmp, Offset: 6EFF0000, based on PE: true
                                                                                                                                                                                                                                                                                                                  • Associated: 0000000B.00000002.3121482743.000000006EFF0000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 0000000B.00000002.3121589070.000000006EFFD000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 0000000B.00000002.3121640141.000000006EFFE000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 0000000B.00000002.3121681624.000000006F000000.00000008.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 0000000B.00000002.3121752033.000000006F001000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 0000000B.00000002.3121797437.000000006F009000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 0000000B.00000002.3121844914.000000006F00C000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_11_2_6eff0000_nsr7B99.jbxd
                                                                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                                                                  • API ID: AllocHeap$FreeVirtual
                                                                                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                                                                                  • API String ID: 3499195154-0
                                                                                                                                                                                                                                                                                                                  • Opcode ID: 7108d7366bc4c58baf6e9c43df0fc6428d141de633b0ed47cfac81bd26a550aa
                                                                                                                                                                                                                                                                                                                  • Instruction ID: a71eb434bf993cc20e497e5f7d6a9667348f09d57baacbe1d8e7ee72601f3a0b
                                                                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 7108d7366bc4c58baf6e9c43df0fc6428d141de633b0ed47cfac81bd26a550aa
                                                                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: DE118F70204E01EFDB209F69CC55E5A7BF6FB873347604A1DE162C22A4C3719462EF10
                                                                                                                                                                                                                                                                                                                  Function 6FB521FB Relevance: 5.0, APIs: 4, Instructions: 44memoryCOMMON
                                                                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                                                                  • MultiByteToWideChar.KERNEL32(00000000,00000002,00000002,6FB524FE,00000000,00000000,00000000,00000002,74DEF360,?,6FB524FE,00000002,00000002), ref: 6FB52210
                                                                                                                                                                                                                                                                                                                  • GlobalAlloc.KERNEL32(00000040,?,?,6FB524FE,00000002,00000002), ref: 6FB52226
                                                                                                                                                                                                                                                                                                                  • MultiByteToWideChar.KERNEL32(00000000,00000002,00000002,6FB524FE,00000000,00000000,?,?,6FB524FE,00000002,00000002), ref: 6FB5223D
                                                                                                                                                                                                                                                                                                                  • GlobalFree.KERNEL32(00000000), ref: 6FB5224E
                                                                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                                                                  • Source File: 0000000B.00000002.3121957134.000000006FB51000.00000020.00000001.01000000.00000012.sdmp, Offset: 6FB50000, based on PE: true
                                                                                                                                                                                                                                                                                                                  • Associated: 0000000B.00000002.3121909200.000000006FB50000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 0000000B.00000002.3122021784.000000006FB55000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 0000000B.00000002.3122082427.000000006FB57000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_11_2_6fb50000_nsr7B99.jbxd
                                                                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                                                                  • API ID: ByteCharGlobalMultiWide$AllocFree
                                                                                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                                                                                  • API String ID: 2244543456-0
                                                                                                                                                                                                                                                                                                                  • Opcode ID: 6d6423fb2ada2279bfeb948b6c9875ebb1c5da4bed0310ccd3efc045db64651f
                                                                                                                                                                                                                                                                                                                  • Instruction ID: 23e99b21cd7cbadeee9afd48f6568501485d9e2a7d49c8ab683ef61b1edb9e40
                                                                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 6d6423fb2ada2279bfeb948b6c9875ebb1c5da4bed0310ccd3efc045db64651f
                                                                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 07F04F35241650BBEB111FAA9C49F9B7BACEF8A765F444010FA08CA150D679D826CAA4
                                                                                                                                                                                                                                                                                                                  Function 004060BD Relevance: 5.0, APIs: 4, Instructions: 37stringCOMMON
                                                                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                                                                  • lstrlenA.KERNEL32(00000000,00000000,00000000,00000000,?,00000000,004063A2,00000000,[Rename],00000000,00000000,00000000,?,?,?,?), ref: 004060CD
                                                                                                                                                                                                                                                                                                                  • lstrcmpiA.KERNEL32(00000000,00000000), ref: 004060E5
                                                                                                                                                                                                                                                                                                                  • CharNextA.USER32(00000000,?,00000000,004063A2,00000000,[Rename],00000000,00000000,00000000,?,?,?,?), ref: 004060F6
                                                                                                                                                                                                                                                                                                                  • lstrlenA.KERNEL32(00000000,?,00000000,004063A2,00000000,[Rename],00000000,00000000,00000000,?,?,?,?), ref: 004060FF
                                                                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                                                                  • Source File: 0000000B.00000002.3116855936.0000000000401000.00000020.00000001.01000000.0000000E.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                                  • Associated: 0000000B.00000002.3116825906.0000000000400000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 0000000B.00000002.3116905887.0000000000408000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 0000000B.00000002.3116932743.000000000040A000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 0000000B.00000002.3116932743.0000000000427000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 0000000B.00000002.3116932743.000000000042B000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 0000000B.00000002.3116932743.000000000042F000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 0000000B.00000002.3116932743.0000000000433000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 0000000B.00000002.3116932743.0000000000435000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 0000000B.00000002.3116932743.0000000000454000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 0000000B.00000002.3116932743.0000000000457000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 0000000B.00000002.3117248813.000000000045D000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 0000000B.00000002.3117248813.000000000045F000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_11_2_400000_nsr7B99.jbxd
                                                                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                                                                  • API ID: lstrlen$CharNextlstrcmpi
                                                                                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                                                                                  • API String ID: 190613189-0
                                                                                                                                                                                                                                                                                                                  • Opcode ID: 4f145c51a58837bd7eda372618efc6ab74ada67201017ca859b4805a40dfc06b
                                                                                                                                                                                                                                                                                                                  • Instruction ID: 2f06b96f93541eceebcae48a9adfe7aedd37cb678349478f8cad11de2473fd3e
                                                                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 4f145c51a58837bd7eda372618efc6ab74ada67201017ca859b4805a40dfc06b
                                                                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 0BF0F631104054FFDB12DFA4CD00D9EBBA8EF06350B2640BAE841FB321D674DE11A798

                                                                                                                                                                                                                                                                                                                  Execution Graph

                                                                                                                                                                                                                                                                                                                  Execution Coverage:2.1%
                                                                                                                                                                                                                                                                                                                  Dynamic/Decrypted Code Coverage:0%
                                                                                                                                                                                                                                                                                                                  Signature Coverage:0.7%
                                                                                                                                                                                                                                                                                                                  Total number of Nodes:752
                                                                                                                                                                                                                                                                                                                  Total number of Limit Nodes:48
                                                                                                                                                                                                                                                                                                                  execution_graph 69511 7ff751a41349 69568 7ff751a4abc0 13 API calls 2 library calls 69511->69568 69513 7ff751a4136f 69569 7ff751a61f00 69513->69569 69515 7ff751a41396 69573 7ff751a4abc0 13 API calls 2 library calls 69515->69573 69517 7ff751a413d9 69518 7ff751a61f00 SafeRWList 32 API calls 69517->69518 69519 7ff751a41406 69518->69519 69574 7ff751a4abc0 13 API calls 2 library calls 69519->69574 69521 7ff751a41455 69522 7ff751a61f00 SafeRWList 32 API calls 69521->69522 69523 7ff751a41482 69522->69523 69575 7ff751a4abc0 13 API calls 2 library calls 69523->69575 69525 7ff751a414d1 69526 7ff751a61f00 SafeRWList 32 API calls 69525->69526 69527 7ff751a414fe 69526->69527 69576 7ff751a4abc0 13 API calls 2 library calls 69527->69576 69529 7ff751a4154d 69530 7ff751a61f00 SafeRWList 32 API calls 69529->69530 69531 7ff751a4157a 69530->69531 69577 7ff751a4abc0 13 API calls 2 library calls 69531->69577 69533 7ff751a415c9 69534 7ff751a61f00 SafeRWList 32 API calls 69533->69534 69535 7ff751a415f6 69534->69535 69578 7ff751a4abc0 13 API calls 2 library calls 69535->69578 69537 7ff751a41645 69538 7ff751a61f00 SafeRWList 32 API calls 69537->69538 69539 7ff751a41672 69538->69539 69579 7ff751a4abc0 13 API calls 2 library calls 69539->69579 69541 7ff751a416c1 69542 7ff751a61f00 SafeRWList 32 API calls 69541->69542 69543 7ff751a416ee 69542->69543 69580 7ff751a4abc0 13 API calls 2 library calls 69543->69580 69545 7ff751a4173d std::_Fac_node::_Fac_node 69581 7ff751a628e0 33 API calls 69545->69581 69547 7ff751a41787 69582 7ff751a66cc0 69547->69582 69550 7ff751a66cc0 SafeRWList RtlFreeHeap 69551 7ff751a417c3 69550->69551 69552 7ff751a66cc0 SafeRWList RtlFreeHeap 69551->69552 69553 7ff751a417d1 69552->69553 69554 7ff751a66cc0 SafeRWList RtlFreeHeap 69553->69554 69555 7ff751a417df 69554->69555 69556 7ff751a66cc0 SafeRWList RtlFreeHeap 69555->69556 69557 7ff751a417ed 69556->69557 69558 7ff751a66cc0 SafeRWList RtlFreeHeap 69557->69558 69559 7ff751a417fb 69558->69559 69560 7ff751a66cc0 SafeRWList RtlFreeHeap 69559->69560 69561 7ff751a41809 69560->69561 69562 7ff751a66cc0 SafeRWList RtlFreeHeap 69561->69562 69563 7ff751a41817 69562->69563 69564 7ff751a66cc0 SafeRWList RtlFreeHeap 69563->69564 69565 7ff751a41825 69564->69565 69585 7ff751c4d494 14 API calls SafeRWList 69565->69585 69567 7ff751a41832 69568->69513 69570 7ff751a61f22 Concurrency::details::WorkQueue::IsStructuredEmpty Concurrency::cancellation_token::_FromImpl std::ios_base::failure::failure 69569->69570 69586 7ff751a4e660 69570->69586 69572 7ff751a61f86 69572->69515 69573->69517 69574->69521 69575->69525 69576->69529 69577->69533 69578->69537 69579->69541 69580->69545 69581->69547 69594 7ff751a66c90 69582->69594 69585->69567 69587 7ff751a4e687 _Mpunct 69586->69587 69589 7ff751a4e696 Concurrency::details::WorkQueue::IsStructuredEmpty _Mpunct 69587->69589 69592 7ff751a86040 15 API calls _Mpunct 69587->69592 69591 7ff751a4e6d2 type_info::_name_internal_method shared_ptr 69589->69591 69593 7ff751a4d760 21 API calls _Mpunct 69589->69593 69591->69572 69592->69589 69593->69591 69595 7ff751a66ca3 UnDecorator::getVbTableType 69594->69595 69598 7ff751a77af0 69595->69598 69599 7ff751a417b5 69598->69599 69600 7ff751a77b13 69598->69600 69599->69550 69602 7ff751a76ec0 69600->69602 69603 7ff751a76ece 69602->69603 69603->69603 69606 7ff751a76f10 69603->69606 69607 7ff751a76f26 RtlFreeHeap 69606->69607 69608 7ff751a76f05 69606->69608 69607->69608 69608->69599 69609 7ff751abe2b0 69629 7ff751a620a0 69609->69629 69617 7ff751abe31c Concurrency::details::ScheduleGroupSegmentBase::HasUnrealizedChores 69618 7ff751abe32b WinHttpOpen 69617->69618 69619 7ff751a66cc0 SafeRWList RtlFreeHeap 69618->69619 69620 7ff751abe35d 69619->69620 69621 7ff751abe370 69620->69621 69622 7ff751abe388 WinHttpSetTimeouts 69620->69622 69625 7ff751a66cc0 SafeRWList RtlFreeHeap 69621->69625 69623 7ff751abe3d2 69622->69623 69624 7ff751abe3ba 69622->69624 69627 7ff751a66cc0 SafeRWList RtlFreeHeap 69623->69627 69626 7ff751a66cc0 SafeRWList RtlFreeHeap 69624->69626 69628 7ff751abe382 69625->69628 69626->69628 69627->69628 69630 7ff751a620c7 _Mpunct _WChar_traits shared_ptr 69629->69630 69701 7ff751a4e360 69630->69701 69632 7ff751a620ec 69633 7ff751abcf20 69632->69633 69634 7ff751a620a0 _Mpunct 32 API calls 69633->69634 69635 7ff751abcf4d 69634->69635 69709 7ff751abb880 69635->69709 69645 7ff751abcfc3 Concurrency::details::ScheduleGroupSegmentBase::HasUnrealizedChores Concurrency::details::WorkQueue::IsStructuredEmpty 69731 7ff751abc050 69645->69731 69647 7ff751abd0a9 Concurrency::details::WorkQueue::IsStructuredEmpty 69744 7ff751a5f530 69647->69744 69653 7ff751abd0d8 69654 7ff751a682e0 SafeRWList 17 API calls 69653->69654 69656 7ff751abd0e6 69654->69656 69655 7ff751abcffb SafeRWList shared_ptr 69655->69647 69756 7ff751abb910 33 API calls SafeRWList 69655->69756 69757 7ff751abd350 32 API calls 3 library calls 69655->69757 69657 7ff751a682e0 SafeRWList 17 API calls 69656->69657 69658 7ff751abd0f4 69657->69658 69659 7ff751a682e0 SafeRWList 17 API calls 69658->69659 69660 7ff751abd102 69659->69660 69661 7ff751a5f4d0 69660->69661 69883 7ff751a5f300 69661->69883 69663 7ff751a5f4ed 69664 7ff751abc510 69663->69664 69665 7ff751abc536 Concurrency::details::ScheduleGroupSegmentBase::HasUnrealizedChores 69664->69665 69666 7ff751a620a0 _Mpunct 32 API calls 69665->69666 69667 7ff751abc546 69666->69667 69668 7ff751a682e0 SafeRWList 17 API calls 69667->69668 69671 7ff751abc56a SafeRWList shared_ptr 69668->69671 69670 7ff751abc62b SafeRWList 69672 7ff751abc63c 69670->69672 69678 7ff751abc687 SafeRWList shared_ptr 69670->69678 69895 7ff751abbc90 69671->69895 69907 7ff751a5f6f0 69672->69907 69677 7ff751a682b0 std::ios_base::failure::failure 17 API calls 69679 7ff751abc66c 69677->69679 69915 7ff751a4b330 32 API calls 5 library calls 69678->69915 69680 7ff751a66cc0 SafeRWList RtlFreeHeap 69679->69680 69681 7ff751abc67a 69680->69681 69681->69617 69683 7ff751abc71d SafeRWList shared_ptr 69916 7ff751a4b330 32 API calls 5 library calls 69683->69916 69685 7ff751abc7d2 69686 7ff751abd4e0 SafeRWList 32 API calls 69685->69686 69687 7ff751abc7f0 Concurrency::details::WorkQueue::IsStructuredEmpty 69686->69687 69917 7ff751a5f5f0 69687->69917 69690 7ff751a682e0 SafeRWList 17 API calls 69691 7ff751abc83d 69690->69691 69692 7ff751a682e0 SafeRWList 17 API calls 69691->69692 69693 7ff751abc84b 69692->69693 69694 7ff751a682e0 SafeRWList 17 API calls 69693->69694 69695 7ff751abc859 69694->69695 69696 7ff751abb6e0 SafeRWList 17 API calls 69695->69696 69697 7ff751abc864 69696->69697 69698 7ff751a682b0 std::ios_base::failure::failure 17 API calls 69697->69698 69699 7ff751abc872 69698->69699 69700 7ff751a66cc0 SafeRWList RtlFreeHeap 69699->69700 69700->69681 69702 7ff751a4e387 _Mpunct 69701->69702 69704 7ff751a4e393 Concurrency::details::WorkQueue::IsStructuredEmpty _Mpunct 69702->69704 69707 7ff751a86040 15 API calls _Mpunct 69702->69707 69706 7ff751a4e3cc type_info::_name_internal_method shared_ptr char_traits 69704->69706 69708 7ff751a4d760 21 API calls _Mpunct 69704->69708 69706->69632 69707->69704 69708->69706 69711 7ff751abb89f SafeRWList 69709->69711 69710 7ff751abb8d7 SafeRWList 69714 7ff751a682e0 SafeRWList 17 API calls 69710->69714 69711->69710 69758 7ff751abb910 33 API calls SafeRWList 69711->69758 69759 7ff751a72b80 32 API calls SafeRWList 69711->69759 69715 7ff751abb8fb 69714->69715 69716 7ff751a865d0 69715->69716 69717 7ff751a865f9 Concurrency::details::WorkQueue::IsStructuredEmpty 69716->69717 69760 7ff751a86660 69717->69760 69719 7ff751a86612 69720 7ff751abd4e0 69719->69720 69721 7ff751a61f00 SafeRWList 32 API calls 69720->69721 69724 7ff751abd510 Concurrency::details::ScheduleGroupSegmentBase::HasUnrealizedChores SafeRWList 69721->69724 69722 7ff751a682e0 SafeRWList 17 API calls 69723 7ff751abcf94 69722->69723 69725 7ff751abb850 69723->69725 69724->69722 69726 7ff751a865d0 type_info::_name_internal_method 32 API calls 69725->69726 69727 7ff751abb86d 69726->69727 69728 7ff751a682e0 69727->69728 69765 7ff751a856e0 69728->69765 69730 7ff751a682f3 std::ios_base::failure::failure 69730->69645 69770 7ff751a61730 69731->69770 69733 7ff751abc07f SafeRWList 69740 7ff751abc20e SafeRWList 69733->69740 69774 7ff751a72b20 32 API calls Concurrency::task_continuation_context::task_continuation_context 69733->69774 69734 7ff751abc367 Concurrency::details::HardwareAffinity::operator!= 69735 7ff751a682b0 std::ios_base::failure::failure 17 API calls 69734->69735 69736 7ff751abc38e 69735->69736 69739 7ff751a682b0 std::ios_base::failure::failure 17 API calls 69736->69739 69737 7ff751abc33f 69737->69734 69776 7ff751a72b20 32 API calls Concurrency::task_continuation_context::task_continuation_context 69737->69776 69742 7ff751abc399 69739->69742 69740->69734 69740->69737 69775 7ff751a72b20 32 API calls Concurrency::task_continuation_context::task_continuation_context 69740->69775 69742->69655 69785 7ff751a770b0 69744->69785 69748 7ff751a5f550 69792 7ff751a74d00 69748->69792 69750 7ff751a5f576 69753 7ff751a682b0 69750->69753 69878 7ff751a85630 69753->69878 69755 7ff751a682c3 std::ios_base::failure::failure 69755->69653 69756->69655 69757->69655 69758->69711 69759->69711 69761 7ff751a8671f 69760->69761 69763 7ff751a8669e Concurrency::details::WorkQueue::IsStructuredEmpty type_info::_name_internal_method char_traits 69760->69763 69764 7ff751a55250 32 API calls 5 library calls 69761->69764 69763->69719 69764->69763 69766 7ff751a856fd Concurrency::details::WorkQueue::IsStructuredEmpty shared_ptr 69765->69766 69768 7ff751a85739 shared_ptr char_traits 69766->69768 69769 7ff751a7e220 17 API calls shared_ptr 69766->69769 69768->69730 69769->69768 69771 7ff751a61757 _Mpunct shared_ptr char_traits 69770->69771 69777 7ff751a4e1d0 69771->69777 69773 7ff751a6177c 69773->69733 69774->69733 69775->69740 69776->69737 69778 7ff751a4e1f7 _Mpunct 69777->69778 69780 7ff751a4e203 Concurrency::details::WorkQueue::IsStructuredEmpty _Mpunct 69778->69780 69783 7ff751a86040 15 API calls _Mpunct 69778->69783 69782 7ff751a4e23c type_info::_name_internal_method shared_ptr char_traits 69780->69782 69784 7ff751a4d700 21 API calls _Mpunct 69780->69784 69782->69773 69783->69780 69784->69782 69809 7ff751a77130 69785->69809 69788 7ff751a5f350 69789 7ff751a5f35e 69788->69789 69789->69789 69791 7ff751a5f39e UnDecorator::getVbTableType 69789->69791 69827 7ff751a74c90 RtlPcToFileHeader RaiseException Concurrency::cancel_current_task atomic 69789->69827 69791->69748 69793 7ff751a5f560 69792->69793 69794 7ff751a74d1b 69792->69794 69793->69750 69796 7ff751a69d70 69793->69796 69794->69793 69828 7ff751a77490 22 API calls SafeRWList 69794->69828 69797 7ff751a69d90 69796->69797 69798 7ff751a69d86 69796->69798 69800 7ff751a69dad 69797->69800 69801 7ff751a69dea 69797->69801 69829 7ff751a76f70 69798->69829 69832 7ff751a76fe0 69800->69832 69839 7ff751a76110 RtlFreeHeap RtlPcToFileHeader RaiseException UnDecorator::getVbTableType 69801->69839 69806 7ff751a69de7 69806->69750 69807 7ff751a69dd9 69836 7ff751a77b50 69807->69836 69810 7ff751a77159 69809->69810 69811 7ff751a7719b 69809->69811 69825 7ff751c4d554 AcquireSRWLockExclusive SleepConditionVariableSRW ReleaseSRWLockExclusive 69810->69825 69812 7ff751a5f543 69811->69812 69826 7ff751c4d554 AcquireSRWLockExclusive SleepConditionVariableSRW ReleaseSRWLockExclusive 69811->69826 69812->69788 69827->69789 69828->69793 69840 7ff751a7c1f0 69829->69840 69831 7ff751a76f7e MultiByteToWideChar 69831->69797 69841 7ff751a776f0 69832->69841 69835 7ff751a75190 MultiByteToWideChar SafeRWList 69835->69807 69873 7ff751a794d0 69836->69873 69838 7ff751a77b6b 69838->69806 69839->69806 69840->69831 69842 7ff751a77704 69841->69842 69844 7ff751a7770e UnDecorator::getVbTableType 69841->69844 69854 7ff751a74c90 RtlPcToFileHeader RaiseException Concurrency::cancel_current_task atomic 69842->69854 69846 7ff751a69dbb 69844->69846 69847 7ff751a77620 69844->69847 69846->69835 69848 7ff751a77637 strrchr UnDecorator::getVbTableType 69847->69848 69849 7ff751a77667 69848->69849 69852 7ff751a77678 69848->69852 69855 7ff751a76c10 69849->69855 69850 7ff751a77675 69850->69846 69852->69850 69865 7ff751a77860 RtlPcToFileHeader RaiseException UnDecorator::getVbTableType 69852->69865 69854->69844 69856 7ff751a76c27 UnDecorator::getVbTableType 69855->69856 69866 7ff751a74650 69856->69866 69859 7ff751a76c88 UnDecorator::getVbTableType 69871 7ff751aaf090 11 API calls 4 library calls 69859->69871 69861 7ff751a76cf2 69862 7ff751a77af0 UnDecorator::getVbTableType RtlFreeHeap 69861->69862 69863 7ff751a76d08 UnDecorator::getVbTableType 69862->69863 69863->69850 69865->69850 69867 7ff751a74662 69866->69867 69868 7ff751a7468a 69867->69868 69872 7ff751a747c0 HeapAlloc 69867->69872 69868->69859 69870 7ff751a7baf0 RtlPcToFileHeader RaiseException strrchr 69868->69870 69870->69859 69871->69861 69872->69868 69874 7ff751a794e4 UnDecorator::getVbTableType 69873->69874 69876 7ff751a79501 UnDecorator::getVbTableType 69874->69876 69877 7ff751a74c90 RtlPcToFileHeader RaiseException Concurrency::cancel_current_task atomic 69874->69877 69876->69838 69877->69876 69880 7ff751a8564d Concurrency::details::WorkQueue::IsStructuredEmpty shared_ptr 69878->69880 69879 7ff751a85689 shared_ptr char_traits 69879->69755 69880->69879 69882 7ff751a7e1e0 17 API calls shared_ptr 69880->69882 69882->69879 69884 7ff751a5f318 UnDecorator::getVbTableType 69883->69884 69887 7ff751a74db0 69884->69887 69886 7ff751a5f327 UnDecorator::getVbTableType 69886->69663 69888 7ff751a74dd8 UnDecorator::getVbTableType 69887->69888 69889 7ff751a74dfd UnDecorator::getVbTableType 69888->69889 69891 7ff751a74e50 UnDecorator::getVbTableType 69888->69891 69893 7ff751a7baf0 RtlPcToFileHeader RaiseException strrchr 69888->69893 69889->69886 69894 7ff751aaf090 11 API calls 4 library calls 69891->69894 69893->69891 69894->69889 69896 7ff751a61730 _Mpunct 32 API calls 69895->69896 69906 7ff751abbcba Concurrency::details::ScheduleGroupSegmentBase::HasUnrealizedChores SafeRWList Concurrency::details::_TaskCreationCallstack::_TaskCreationCallstack 69896->69906 69897 7ff751abc001 SafeRWList 69898 7ff751abb6e0 SafeRWList 17 API calls 69897->69898 69900 7ff751abc028 69898->69900 69899 7ff751abbeb8 SafeRWList 69899->69897 69928 7ff751abd480 32 API calls SafeRWList 69899->69928 69901 7ff751a682b0 std::ios_base::failure::failure 17 API calls 69900->69901 69903 7ff751abc033 69901->69903 69903->69670 69906->69899 69926 7ff751abd3e0 36 API calls SafeRWList 69906->69926 69927 7ff751abd480 32 API calls SafeRWList 69906->69927 69908 7ff751a770b0 SafeRWList 21 API calls 69907->69908 69909 7ff751a5f6fe 69908->69909 69910 7ff751a5f350 SafeRWList 2 API calls 69909->69910 69911 7ff751a5f70b 69910->69911 69912 7ff751abb6e0 69911->69912 69929 7ff751abbbc0 69912->69929 69915->69683 69916->69685 69918 7ff751a770b0 SafeRWList 21 API calls 69917->69918 69919 7ff751a5f603 69918->69919 69920 7ff751a5f350 SafeRWList 2 API calls 69919->69920 69921 7ff751a5f610 69920->69921 69922 7ff751a74d00 SafeRWList 22 API calls 69921->69922 69923 7ff751a5f620 69922->69923 69924 7ff751a5f636 69923->69924 69934 7ff751a69e00 15 API calls UnDecorator::getVbTableType 69923->69934 69924->69690 69926->69906 69927->69906 69928->69899 69931 7ff751abbbd3 Concurrency::details::WorkQueue::IsStructuredEmpty Concurrency::details::_TaskCreationCallstack::_TaskCreationCallstack shared_ptr 69929->69931 69930 7ff751abb6f3 69930->69677 69931->69930 69933 7ff751a89880 17 API calls type_info::_name_internal_method 69931->69933 69933->69930 69934->69924 69935 7ff751abe3f0 69936 7ff751abe408 69935->69936 69944 7ff751abe40f Concurrency::details::WorkQueue::IsStructuredEmpty 69935->69944 69937 7ff751abe507 WaitForSingleObject 69937->69936 69937->69944 69938 7ff751aa1c10 38 API calls unique_lock 69938->69944 69940 7ff751aae5c0 ReleaseSRWLockExclusive Concurrency::details::WorkQueue::IsStructuredEmpty 69940->69944 69944->69937 69944->69938 69944->69940 69945 7ff751abe080 69944->69945 69958 7ff751abf080 69944->69958 69986 7ff751abee70 RtlFreeHeap 69944->69986 69987 7ff751abe1f0 RtlFreeHeap SafeRWList 69944->69987 69946 7ff751a5f4d0 Concurrency::details::SchedulerBase::GetPolicy 13 API calls 69945->69946 69947 7ff751abe0aa 69946->69947 69948 7ff751a5f4d0 Concurrency::details::SchedulerBase::GetPolicy 13 API calls 69947->69948 69949 7ff751abe0cf 69948->69949 69950 7ff751a5f4d0 Concurrency::details::SchedulerBase::GetPolicy 13 API calls 69949->69950 69951 7ff751abe0f4 69950->69951 69952 7ff751a5f4d0 Concurrency::details::SchedulerBase::GetPolicy 13 API calls 69951->69952 69953 7ff751abe119 69952->69953 69954 7ff751a5f4d0 Concurrency::details::SchedulerBase::GetPolicy 13 API calls 69953->69954 69955 7ff751abe13e 69954->69955 69956 7ff751a5f4d0 Concurrency::details::SchedulerBase::GetPolicy 13 API calls 69955->69956 69957 7ff751abe163 69956->69957 69957->69944 69959 7ff751abf0c1 Concurrency::details::ScheduleGroupSegmentBase::HasUnrealizedChores std::ios_base::good 69958->69959 69982 7ff751abf160 69958->69982 69960 7ff751abf11c WinHttpConnect 69959->69960 69961 7ff751abf167 69960->69961 69962 7ff751a5f6f0 SafeRWList 23 API calls 69961->69962 69961->69982 69963 7ff751abf17d GetTickCount64 69962->69963 69964 7ff751abf4c6 Concurrency::details::ScheduleGroupSegmentBase::HasUnrealizedChores std::ios_base::good 69963->69964 69988 7ff751a76d20 69964->69988 69966 7ff751abf597 Concurrency::details::ScheduleGroupSegmentBase::HasUnrealizedChores 69967 7ff751abf5a2 WinHttpOpenRequest 69966->69967 69968 7ff751abf5e1 WinHttpSetTimeouts 69967->69968 69969 7ff751abf64c 69967->69969 69968->69969 69970 7ff751abf609 69968->69970 69971 7ff751a66cc0 SafeRWList RtlFreeHeap 69969->69971 69972 7ff751abf611 WinHttpCloseHandle 69970->69972 69973 7ff751abf61d 69970->69973 69974 7ff751abf656 69971->69974 69972->69973 69975 7ff751abf631 69973->69975 69976 7ff751abf625 WinHttpCloseHandle 69973->69976 69977 7ff751abf695 69974->69977 69978 7ff751abf665 WinHttpSendRequest 69974->69978 69979 7ff751a66cc0 SafeRWList RtlFreeHeap 69975->69979 69976->69975 69980 7ff751abf6ad 69977->69980 69981 7ff751abf69c WinHttpReceiveResponse 69977->69981 69978->69977 69979->69982 69983 7ff751abf6c1 69980->69983 69984 7ff751abf6b5 WinHttpCloseHandle 69980->69984 69981->69980 69982->69944 69983->69982 69985 7ff751abf6c9 WinHttpCloseHandle 69983->69985 69984->69983 69985->69982 69986->69944 69987->69944 69991 7ff751a76df0 69988->69991 69992 7ff751a76e0b 69991->69992 69993 7ff751a76e15 69991->69993 70030 7ff751a74c90 RtlPcToFileHeader RaiseException Concurrency::cancel_current_task atomic 69992->70030 70011 7ff751a770c0 69993->70011 70000 7ff751a76e3a 70015 7ff751a77290 70000->70015 70003 7ff751a76fe0 strrchr 15 API calls 70004 7ff751a76e66 Concurrency::details::ScheduleGroupSegmentBase::HasUnrealizedChores 70003->70004 70026 7ff751a76d70 70004->70026 70007 7ff751a77b50 UnDecorator::getVbTableType 2 API calls 70008 7ff751a76ea1 70007->70008 70009 7ff751a66cc0 SafeRWList RtlFreeHeap 70008->70009 70010 7ff751a76d56 70009->70010 70010->69966 70012 7ff751a770d3 _vswprintf_s_l 70011->70012 70032 7ff751c5b58c 70012->70032 70016 7ff751a772a3 SafeRWList 70015->70016 70017 7ff751a770b0 SafeRWList 21 API calls 70016->70017 70018 7ff751a76e45 70016->70018 70017->70018 70019 7ff751a5f690 70018->70019 70020 7ff751a5f350 SafeRWList 2 API calls 70019->70020 70021 7ff751a5f6b2 70020->70021 70022 7ff751a74d00 SafeRWList 22 API calls 70021->70022 70023 7ff751a5f6c2 70022->70023 70024 7ff751a5f6d8 70023->70024 70059 7ff751a69e00 15 API calls UnDecorator::getVbTableType 70023->70059 70024->70003 70027 7ff751a76d8d _vswprintf_s_l 70026->70027 70060 7ff751c5b7e8 70027->70060 70029 7ff751a76dbe 70029->70007 70030->69993 70031 7ff751a74c90 RtlPcToFileHeader RaiseException Concurrency::cancel_current_task atomic 70031->70000 70034 7ff751c5b5e6 70032->70034 70033 7ff751c5b728 70056 7ff751c6b27c 11 API calls 2 library calls 70033->70056 70034->70033 70037 7ff751c5b60b 70034->70037 70039 7ff751c5b74e 70034->70039 70040 7ff751c5b6fd 70034->70040 70043 7ff751c5b6f4 70034->70043 70045 7ff751c4d720 70037->70045 70039->70033 70041 7ff751c5b758 70039->70041 70054 7ff751c6b27c 11 API calls 2 library calls 70040->70054 70055 7ff751c6b27c 11 API calls 2 library calls 70041->70055 70043->70033 70043->70040 70046 7ff751c4d729 70045->70046 70047 7ff751a76e25 70046->70047 70048 7ff751c4df44 IsProcessorFeaturePresent 70046->70048 70047->70000 70047->70031 70049 7ff751c4df5c 70048->70049 70057 7ff751c4e13c RtlCaptureContext RtlLookupFunctionEntry RtlVirtualUnwind 70049->70057 70051 7ff751c4df6f 70058 7ff751c4df10 SetUnhandledExceptionFilter UnhandledExceptionFilter GetCurrentProcess TerminateProcess 70051->70058 70054->70037 70055->70037 70056->70037 70057->70051 70059->70024 70061 7ff751c5b821 70060->70061 70063 7ff751c5b864 70061->70063 70064 7ff751c55f88 19 API calls 2 library calls 70061->70064 70063->70029 70064->70063 70065 7ff751af5130 70083 7ff751a53ae0 70065->70083 70067 7ff751af515a RegCreateKeyW 70068 7ff751af5175 Concurrency::details::ScheduleGroupSegmentBase::HasUnrealizedChores 70067->70068 70069 7ff751af5214 70067->70069 70072 7ff751af517f RegQueryValueExW 70068->70072 70070 7ff751a66cc0 SafeRWList RtlFreeHeap 70069->70070 70071 7ff751af5223 70070->70071 70073 7ff751a66cc0 SafeRWList RtlFreeHeap 70071->70073 70074 7ff751af51bc RegCloseKey 70072->70074 70075 7ff751af51e8 RegCloseKey 70072->70075 70082 7ff751af51e1 70073->70082 70076 7ff751a66cc0 SafeRWList RtlFreeHeap 70074->70076 70077 7ff751a66cc0 SafeRWList RtlFreeHeap 70075->70077 70078 7ff751af51d7 70076->70078 70079 7ff751af5203 70077->70079 70080 7ff751a66cc0 SafeRWList RtlFreeHeap 70078->70080 70081 7ff751a66cc0 SafeRWList RtlFreeHeap 70079->70081 70080->70082 70081->70082 70083->70067 70084 7ff751b113e0 70085 7ff751b113f7 Concurrency::details::_TaskCreationCallstack::_TaskCreationCallstack 70084->70085 70098 7ff751b10580 70085->70098 70087 7ff751b11402 70088 7ff751b11409 70087->70088 70092 7ff751b11422 HandleT Concurrency::details::_CriticalNonReentrantLock::_Scoped_lock::~_Scoped_lock 70087->70092 70153 7ff751a68c50 18 API calls 70088->70153 70090 7ff751b11418 70091 7ff751b114ad 70156 7ff751a68c50 18 API calls 70091->70156 70092->70091 70093 7ff751b1147e 70092->70093 70154 7ff751a69d40 15 API calls UnDecorator::getVbTableType 70093->70154 70096 7ff751b11494 70155 7ff751a68c50 18 API calls 70096->70155 70157 7ff751c4d680 70098->70157 70100 7ff751b10735 70101 7ff751b10769 OpenProcess 70100->70101 70102 7ff751b105e8 std::_Throw_Cpp_error 70100->70102 70101->70102 70103 7ff751b107a3 70101->70103 70102->70087 70104 7ff751a5f6f0 SafeRWList 23 API calls 70103->70104 70105 7ff751b107ad 70104->70105 70161 7ff751b0fe20 70105->70161 70107 7ff751b10712 K32EnumProcesses 70107->70102 70112 7ff751b105cb std::_Throw_Cpp_error 70107->70112 70108 7ff751b107d4 std::error_category::equivalent 70110 7ff751b107e9 QueryFullProcessImageNameW 70108->70110 70109 7ff751c4d680 RtlPcToFileHeader RaiseException EnterCriticalSection LeaveCriticalSection 70109->70112 70168 7ff751b10040 70110->70168 70112->70100 70112->70102 70112->70107 70112->70109 70113 7ff751b1080e Concurrency::details::ScheduleGroupSegmentBase::HasUnrealizedChores 70114 7ff751b10819 PathFindFileNameW 70113->70114 70115 7ff751a5f5f0 SafeRWList 32 API calls 70114->70115 70116 7ff751b10832 70115->70116 70117 7ff751a5f6f0 SafeRWList 23 API calls 70116->70117 70118 7ff751b10840 70117->70118 70119 7ff751a5f6f0 SafeRWList 23 API calls 70118->70119 70120 7ff751b1084e 70119->70120 70171 7ff751b10ca0 70120->70171 70123 7ff751a5f4d0 Concurrency::details::SchedulerBase::GetPolicy 13 API calls 70124 7ff751b1087b 70123->70124 70190 7ff751a775c0 44 API calls 3 library calls 70124->70190 70126 7ff751b10896 70127 7ff751a5f4d0 Concurrency::details::SchedulerBase::GetPolicy 13 API calls 70126->70127 70128 7ff751b108a6 70127->70128 70191 7ff751af0340 24 API calls 4 library calls 70128->70191 70130 7ff751b108bb 70131 7ff751a76d20 40 API calls 70130->70131 70132 7ff751b108cf 70131->70132 70192 7ff751b0ff70 13 API calls Concurrency::details::SchedulerBase::GetPolicy 70132->70192 70134 7ff751b10913 SafeRWList 70193 7ff751b0fd20 RtlPcToFileHeader RaiseException codecvt SafeRWList 70134->70193 70136 7ff751b10979 SafeRWList Concurrency::details::HardwareAffinity::operator!= 70137 7ff751b109ba 70136->70137 70138 7ff751b109d0 CloseHandle 70136->70138 70194 7ff751b113b0 33 API calls 70137->70194 70195 7ff751a69100 RtlFreeHeap SafeRWList 70138->70195 70141 7ff751b109cf 70141->70138 70142 7ff751b109ec 70143 7ff751a66cc0 SafeRWList RtlFreeHeap 70142->70143 70144 7ff751b109f7 70143->70144 70145 7ff751a66cc0 SafeRWList RtlFreeHeap 70144->70145 70146 7ff751b10a05 70145->70146 70147 7ff751a66cc0 SafeRWList RtlFreeHeap 70146->70147 70148 7ff751b10a13 70147->70148 70149 7ff751a66cc0 SafeRWList RtlFreeHeap 70148->70149 70150 7ff751b10a21 70149->70150 70151 7ff751a66cc0 SafeRWList RtlFreeHeap 70150->70151 70152 7ff751b10a2c 70151->70152 70152->70102 70153->70090 70154->70096 70155->70090 70156->70090 70158 7ff751c4d66c 70157->70158 70196 7ff751c4d228 70158->70196 70162 7ff751b0fe5d 70161->70162 70163 7ff751b0feac 70162->70163 70164 7ff751b0fe86 70162->70164 70166 7ff751a76fe0 strrchr 15 API calls 70163->70166 70212 7ff751a77050 15 API calls 2 library calls 70164->70212 70167 7ff751b0fea1 70166->70167 70167->70108 70213 7ff751add3d0 70168->70213 70172 7ff751b10cc3 Concurrency::details::ScheduleGroupSegmentBase::HasUnrealizedChores 70171->70172 70173 7ff751b10d0a GlobalAlloc 70172->70173 70174 7ff751b10cdb 70172->70174 70175 7ff751b10869 70173->70175 70179 7ff751b10d2c Concurrency::details::ScheduleGroupSegmentBase::HasUnrealizedChores 70173->70179 70217 7ff751a69e00 15 API calls UnDecorator::getVbTableType 70174->70217 70175->70123 70177 7ff751b10cef 70218 7ff751a69e00 15 API calls UnDecorator::getVbTableType 70177->70218 70180 7ff751b10d8e VerQueryValueW 70179->70180 70181 7ff751b10e90 GlobalFree 70180->70181 70182 7ff751b10db1 wsprintfW wsprintfW VerQueryValueW 70180->70182 70181->70175 70183 7ff751b10e4a 70182->70183 70184 7ff751b10e5d VerQueryValueW 70182->70184 70219 7ff751a69e00 15 API calls UnDecorator::getVbTableType 70183->70219 70184->70181 70186 7ff751b10e7d 70184->70186 70220 7ff751a69e00 15 API calls UnDecorator::getVbTableType 70186->70220 70188 7ff751b10e5c 70188->70184 70189 7ff751b10e8f 70189->70181 70190->70126 70191->70130 70192->70134 70193->70136 70194->70141 70195->70142 70197 7ff751c4d233 70196->70197 70198 7ff751c4d24c 70197->70198 70200 7ff751c4d252 70197->70200 70205 7ff751c6a51c EnterCriticalSection LeaveCriticalSection std::ios_base::_Init 70197->70205 70198->70112 70201 7ff751c4d25d 70200->70201 70206 7ff751c2b830 70200->70206 70210 7ff751c4dee0 RtlPcToFileHeader RaiseException stdext::threads::lock_error::lock_error Concurrency::cancel_current_task 70201->70210 70204 7ff751c4d263 70205->70197 70207 7ff751c2b83e std::bad_alloc::bad_alloc 70206->70207 70211 7ff751c4e4a4 RtlPcToFileHeader RaiseException 70207->70211 70209 7ff751c2b84f 70210->70204 70211->70209 70212->70167 70216 7ff751add3e4 UnDecorator::getVbTableType 70213->70216 70214 7ff751a794d0 UnDecorator::getVbTableType 2 API calls 70215 7ff751add41c 70214->70215 70215->70113 70216->70214 70217->70177 70218->70175 70219->70188 70220->70189 70221 7ff751a41a30 70222 7ff751a620a0 _Mpunct 32 API calls 70221->70222 70223 7ff751a41a4f 70222->70223 70224 7ff751abcf20 SafeRWList 61 API calls 70223->70224 70225 7ff751a41a63 Concurrency::details::ScheduleGroupSegmentBase::HasUnrealizedChores 70224->70225 70226 7ff751a620a0 _Mpunct 32 API calls 70225->70226 70227 7ff751a41a8b 70226->70227 70228 7ff751a66cc0 SafeRWList RtlFreeHeap 70227->70228 70229 7ff751a41a96 70228->70229 70232 7ff751c4d494 14 API calls SafeRWList 70229->70232 70231 7ff751a41aa3 70232->70231 70233 7ff751a64310 70234 7ff751a64326 SafeRWList Concurrency::details::_TaskCreationCallstack::_TaskCreationCallstack 70233->70234 70235 7ff751a6436b CoInitializeEx CoInitializeSecurity CoCreateInstance IcmpCreateFile 70234->70235 70236 7ff751a64428 70235->70236 70237 7ff751a78330 70240 7ff751aa9f20 70237->70240 70241 7ff751aa9f34 Concurrency::details::_TaskCreationCallstack::_TaskCreationCallstack 70240->70241 70242 7ff751a78343 70241->70242 70244 7ff751c17f00 70 API calls 70241->70244 70245 7ff751a5f530 34 API calls SafeRWList 70241->70245 70246 7ff751a68cb0 18 API calls 70241->70246 70247 7ff751c238e0 78 API calls 70241->70247 70248 7ff751aaa0bd WaitForSingleObject 70241->70248 70249 7ff751a66cc0 RtlFreeHeap SafeRWList 70241->70249 70250 7ff751c1cb80 70 API calls 5 library calls 70241->70250 70244->70241 70245->70241 70246->70241 70247->70241 70248->70241 70249->70241 70250->70241 70251 7ff751aaf761 70252 7ff751aaf772 70251->70252 70258 7ff751aaf7d1 70251->70258 70259 7ff751a6b4a0 7 API calls 2 library calls 70252->70259 70254 7ff751aaf78c 70260 7ff751ab3d10 70254->70260 70259->70254 70264 7ff751c2fde4 70260->70264 70262 7ff751aaf7a5 70263 7ff751ab2c90 13 API calls 2 library calls 70262->70263 70263->70258 70277 7ff751c2a894 70264->70277 70266 7ff751c2fe0d 70267 7ff751c2fecf 70266->70267 70270 7ff751c2fe3e 70266->70270 70269 7ff751c2b830 Concurrency::cancel_current_task 2 API calls 70267->70269 70272 7ff751c2fed4 70269->70272 70289 7ff751c2a90c 70270->70289 70271 7ff751c2feb9 70271->70262 70281 7ff751a64d30 70272->70281 70274 7ff751c2ff0a 70293 7ff751a694d0 70274->70293 70278 7ff751c2a8a8 70277->70278 70279 7ff751c2a8a3 70277->70279 70278->70266 70310 7ff751c64cb4 6 API calls std::_Locinfo::_Locinfo_ctor 70279->70310 70282 7ff751c2a894 std::_Lockit::_Lockit 6 API calls 70281->70282 70283 7ff751a64d54 _Yarn 70282->70283 70284 7ff751a64ddb 70283->70284 70285 7ff751a64dc9 70283->70285 70312 7ff751c2b900 15 API calls 2 library calls 70284->70312 70311 7ff751c2c5e8 18 API calls std::_Locinfo::_Locinfo_ctor 70285->70311 70288 7ff751a64dd8 70288->70274 70290 7ff751c2a917 LeaveCriticalSection 70289->70290 70291 7ff751c2a920 70289->70291 70291->70271 70313 7ff751c2c654 70293->70313 70298 7ff751a68010 std::bad_exception::bad_exception 13 API calls 70299 7ff751a69506 70298->70299 70300 7ff751a68010 std::bad_exception::bad_exception 13 API calls 70299->70300 70301 7ff751a69517 70300->70301 70302 7ff751a68010 std::bad_exception::bad_exception 13 API calls 70301->70302 70303 7ff751a69528 70302->70303 70304 7ff751a68010 std::bad_exception::bad_exception 13 API calls 70303->70304 70305 7ff751a69539 70304->70305 70306 7ff751a68010 std::bad_exception::bad_exception 13 API calls 70305->70306 70307 7ff751a6954a 70306->70307 70308 7ff751c2a90c std::_Lockit::~_Lockit LeaveCriticalSection 70307->70308 70309 7ff751a69557 70308->70309 70309->70262 70312->70288 70314 7ff751a694e3 70313->70314 70315 7ff751c2c661 70313->70315 70317 7ff751a68010 70314->70317 70320 7ff751c64fbc 7 API calls std::_Locinfo::_Locinfo_ctor 70315->70320 70321 7ff751a84ce0 70317->70321 70320->70314 70322 7ff751a84cf4 70321->70322 70323 7ff751a68023 70321->70323 70325 7ff751c542c0 13 API calls 2 library calls 70322->70325 70323->70298 70325->70323 70326 7ff751ab24e0 70329 7ff751ab2270 70326->70329 70328 7ff751ab24ec 70332 7ff751ab21f0 70329->70332 70333 7ff751ab2216 std::bad_exception::bad_exception 70332->70333 70334 7ff751a64d30 std::bad_exception::bad_exception 21 API calls 70333->70334 70335 7ff751ab223a 70334->70335 70340 7ff751ab4270 70335->70340 70338 7ff751a694d0 std::bad_exception::bad_exception 19 API calls 70339 7ff751ab2258 70338->70339 70339->70328 70343 7ff751a80280 70340->70343 70346 7ff751c2c96c 70343->70346 70355 7ff751c65038 70346->70355 70348 7ff751c2c991 70358 7ff751c650cc 70348->70358 70350 7ff751c2c998 70361 7ff751c65098 70350->70361 70352 7ff751c2c9a0 70354 7ff751a8029a 70352->70354 70364 7ff751c65008 33 API calls _Getctype 70352->70364 70354->70338 70365 7ff751c6af1c GetLastError 70355->70365 70357 7ff751c65041 _Getctype 70357->70348 70359 7ff751c6af1c _Getctype 33 API calls 70358->70359 70360 7ff751c650d5 _Getctype 70359->70360 70360->70350 70362 7ff751c6af1c _Getctype 33 API calls 70361->70362 70363 7ff751c650a1 _Getctype 70362->70363 70363->70352 70364->70354 70366 7ff751c6af5d FlsSetValue 70365->70366 70367 7ff751c6af40 FlsGetValue 70365->70367 70368 7ff751c6af4d 70366->70368 70370 7ff751c6af6f 70366->70370 70367->70368 70369 7ff751c6af57 70367->70369 70372 7ff751c6afc9 SetLastError 70368->70372 70369->70366 70388 7ff751c6b478 11 API calls 2 library calls 70370->70388 70374 7ff751c6afe9 70372->70374 70375 7ff751c6afd6 70372->70375 70373 7ff751c6af7e 70377 7ff751c6af9c FlsSetValue 70373->70377 70378 7ff751c6af8c FlsSetValue 70373->70378 70392 7ff751c55d38 17 API calls 2 library calls 70374->70392 70375->70357 70381 7ff751c6afba 70377->70381 70382 7ff751c6afa8 FlsSetValue 70377->70382 70380 7ff751c6af95 70378->70380 70389 7ff751c6b27c 11 API calls 2 library calls 70380->70389 70390 7ff751c6accc EnterCriticalSection LeaveCriticalSection _get_daylight 70381->70390 70382->70380 70385 7ff751c6af9a 70385->70368 70386 7ff751c6afc2 70391 7ff751c6b27c 11 API calls 2 library calls 70386->70391 70388->70373 70389->70385 70390->70386 70391->70372 70393 7ff751c03bb0 70394 7ff751c03be5 70393->70394 70399 7ff751a74f20 CoCreateInstance 70394->70399 70396 7ff751c03c44 70398 7ff751c03c4f 70396->70398 70400 7ff751c03f80 CoInitializeEx 70396->70400 70399->70396 70401 7ff751c03fd5 70400->70401 70404 7ff751c03fae 70400->70404 70402 7ff751a620a0 _Mpunct 32 API calls 70401->70402 70403 7ff751c03ff9 70402->70403 70405 7ff751abcf20 SafeRWList 61 API calls 70403->70405 70404->70398 70406 7ff751c04013 70405->70406 70407 7ff751a620a0 _Mpunct 32 API calls 70406->70407 70408 7ff751c04038 70407->70408 70409 7ff751abcf20 SafeRWList 61 API calls 70408->70409 70410 7ff751c04052 Concurrency::details::ScheduleGroupSegmentBase::HasUnrealizedChores shared_ptr 70409->70410 70411 7ff751c04145 70410->70411 70419 7ff751c041ad Concurrency::details::ScheduleGroupSegmentBase::HasUnrealizedChores Concurrency::details::HardwareAffinity::operator!= shared_ptr 70410->70419 70412 7ff751a66cc0 SafeRWList RtlFreeHeap 70411->70412 70413 7ff751c04195 70412->70413 70414 7ff751a66cc0 SafeRWList RtlFreeHeap 70413->70414 70414->70404 70415 7ff751c0476e 70416 7ff751a66cc0 SafeRWList RtlFreeHeap 70415->70416 70417 7ff751c047d4 70416->70417 70418 7ff751a66cc0 SafeRWList RtlFreeHeap 70417->70418 70418->70404 70419->70415 70464 7ff751a63f30 SysAllocStringLen RtlPcToFileHeader RaiseException strrchr List 70419->70464 70421 7ff751c04326 Concurrency::details::ScheduleGroupSegmentBase::HasUnrealizedChores shared_ptr 70465 7ff751a63f30 SysAllocStringLen RtlPcToFileHeader RaiseException strrchr List 70421->70465 70423 7ff751c04759 70472 7ff751a68f00 SysFreeString 70423->70472 70425 7ff751c04763 70473 7ff751a68f00 SysFreeString 70425->70473 70427 7ff751c0438c Concurrency::details::ScheduleGroupSegmentBase::HasUnrealizedChores shared_ptr 70427->70423 70428 7ff751a5f4d0 Concurrency::details::SchedulerBase::GetPolicy 13 API calls 70427->70428 70429 7ff751c04452 70428->70429 70430 7ff751abc510 SafeRWList 61 API calls 70429->70430 70431 7ff751c0446f Concurrency::details::ScheduleGroupSegmentBase::HasUnrealizedChores 70430->70431 70432 7ff751c044ac SysStringLen 70431->70432 70433 7ff751c044c6 Concurrency::details::ScheduleGroupSegmentBase::HasUnrealizedChores 70432->70433 70466 7ff751ab1e40 23 API calls SafeRWList 70433->70466 70435 7ff751c044eb 70467 7ff751a6a9e0 RtlPcToFileHeader RaiseException Concurrency::details::ScheduleGroupSegmentBase::HasUnrealizedChores allocator 70435->70467 70437 7ff751c04533 70438 7ff751c04631 70437->70438 70439 7ff751a5f4d0 Concurrency::details::SchedulerBase::GetPolicy 13 API calls 70437->70439 70440 7ff751c04670 70438->70440 70442 7ff751a66cc0 SafeRWList RtlFreeHeap 70438->70442 70441 7ff751c04560 70439->70441 70444 7ff751c0468e 70440->70444 70446 7ff751a66cc0 SafeRWList RtlFreeHeap 70440->70446 70443 7ff751abc510 SafeRWList 61 API calls 70441->70443 70442->70440 70445 7ff751c0457d Concurrency::details::ScheduleGroupSegmentBase::HasUnrealizedChores 70443->70445 70447 7ff751c046ac 70444->70447 70449 7ff751a66cc0 SafeRWList RtlFreeHeap 70444->70449 70452 7ff751c045ba SysStringLen 70445->70452 70446->70444 70448 7ff751c046ca 70447->70448 70450 7ff751a66cc0 SafeRWList RtlFreeHeap 70447->70450 70448->70423 70451 7ff751c046d8 70448->70451 70449->70447 70450->70448 70470 7ff751a68f00 SysFreeString 70451->70470 70453 7ff751c045d4 Concurrency::details::ScheduleGroupSegmentBase::HasUnrealizedChores 70452->70453 70468 7ff751ab1e40 23 API calls SafeRWList 70453->70468 70456 7ff751c046ff 70471 7ff751a68f00 SysFreeString 70456->70471 70457 7ff751c045f9 70469 7ff751a6a9e0 RtlPcToFileHeader RaiseException Concurrency::details::ScheduleGroupSegmentBase::HasUnrealizedChores allocator 70457->70469 70460 7ff751c0470a 70461 7ff751a66cc0 SafeRWList RtlFreeHeap 70460->70461 70462 7ff751c04741 70461->70462 70463 7ff751a66cc0 SafeRWList RtlFreeHeap 70462->70463 70463->70404 70464->70421 70465->70427 70466->70435 70467->70437 70468->70457 70469->70438 70470->70456 70471->70460 70472->70425 70473->70415 70474 7ff751c6b2b8 70475 7ff751c6b2c7 _get_daylight 70474->70475 70476 7ff751c6b303 70474->70476 70475->70476 70478 7ff751c6b2ea HeapAlloc 70475->70478 70481 7ff751c6a51c EnterCriticalSection LeaveCriticalSection std::ios_base::_Init 70475->70481 70482 7ff751c535f0 11 API calls _get_daylight 70476->70482 70478->70475 70479 7ff751c6b301 70478->70479 70481->70475 70482->70479 70483 7ff751af5240 70484 7ff751a5f6f0 SafeRWList 23 API calls 70483->70484 70485 7ff751af526a Concurrency::details::ScheduleGroupSegmentBase::HasUnrealizedChores 70484->70485 70486 7ff751af5280 RegCreateKeyW 70485->70486 70487 7ff751af5360 70486->70487 70488 7ff751af529e 70486->70488 70489 7ff751a5f5f0 SafeRWList 32 API calls 70487->70489 70490 7ff751a76fe0 strrchr 15 API calls 70488->70490 70491 7ff751af5374 70489->70491 70492 7ff751af52ac Concurrency::details::ScheduleGroupSegmentBase::HasUnrealizedChores 70490->70492 70493 7ff751a66cc0 SafeRWList RtlFreeHeap 70491->70493 70495 7ff751af52be RegQueryValueExW 70492->70495 70494 7ff751af5389 70493->70494 70496 7ff751a66cc0 SafeRWList RtlFreeHeap 70494->70496 70497 7ff751add3d0 2 API calls 70495->70497 70498 7ff751af5397 70496->70498 70499 7ff751af5308 RegCloseKey 70497->70499 70500 7ff751a66cc0 SafeRWList RtlFreeHeap 70498->70500 70501 7ff751a5f4d0 Concurrency::details::SchedulerBase::GetPolicy 13 API calls 70499->70501 70502 7ff751af5356 70500->70502 70503 7ff751af5325 70501->70503 70504 7ff751a66cc0 SafeRWList RtlFreeHeap 70503->70504 70505 7ff751af533a 70504->70505 70506 7ff751a66cc0 SafeRWList RtlFreeHeap 70505->70506 70507 7ff751af5348 70506->70507 70508 7ff751a66cc0 SafeRWList RtlFreeHeap 70507->70508 70508->70502

                                                                                                                                                                                                                                                                                                                  Executed Functions

                                                                                                                                                                                                                                                                                                                  Function 00007FF751C03F80 Relevance: 12.7, APIs: 5, Strings: 2, Instructions: 417COMMON
                                                                                                                                                                                                                                                                                                                  Download Yara Rule

                                                                                                                                                                                                                                                                                                                  Control-flow Graph

                                                                                                                                                                                                                                                                                                                  • Executed
                                                                                                                                                                                                                                                                                                                  • Not Executed
                                                                                                                                                                                                                                                                                                                  control_flow_graph 82 7ff751c03f80-7ff751c03fac CoInitializeEx 83 7ff751c03fd5-7ff751c04143 call 7ff751a620a0 call 7ff751abcf20 call 7ff751a620a0 call 7ff751abcf20 call 7ff751a5f1f0 * 3 call 7ff751a53ae0 call 7ff751a4dd90 call 7ff751a5f1f0 call 7ff751a53ae0 call 7ff751a4dd90 82->83 84 7ff751c03fae-7ff751c03fd0 call 7ff751a5f240 82->84 114 7ff751c04145-7ff751c041a8 call 7ff751a5f240 call 7ff751a66c20 * 4 call 7ff751a66cc0 * 2 83->114 115 7ff751c041ad-7ff751c0420f call 7ff751a53ae0 call 7ff751a4dd90 call 7ff751a53ae0 83->115 89 7ff751c047e7-7ff751c047ee 84->89 114->89 129 7ff751c0421e-7ff751c04227 115->129 131 7ff751c04781-7ff751c047df call 7ff751bffd40 call 7ff751a66c20 * 4 call 7ff751a66cc0 * 2 129->131 132 7ff751c0422d-7ff751c0423e call 7ff751a6ab70 129->132 131->89 132->131 140 7ff751c04244-7ff751c042a6 call 7ff751a53ae0 132->140 140->131 154 7ff751c042ac-7ff751c04314 call 7ff751a53ae0 call 7ff751a4dd90 call 7ff751a6ab70 140->154 168 7ff751c0476f-7ff751c0477b call 7ff751a69be0 154->168 169 7ff751c0431a-7ff751c043ee call 7ff751a63f30 call 7ff751a53ae0 call 7ff751a4dd90 call 7ff751a63f30 call 7ff751a53ae0 call 7ff751a4dd90 154->169 168->131 186 7ff751c043f4-7ff751c043fc 169->186 187 7ff751c04759-7ff751c0476e call 7ff751a68f00 * 2 169->187 186->187 188 7ff751c04402-7ff751c04413 call 7ff751a6ac70 186->188 187->168 188->187 194 7ff751c04419-7ff751c0442a call 7ff751a6ac70 188->194 194->187 198 7ff751c04430-7ff751c04538 call 7ff751a5f4d0 call 7ff751abc510 call 7ff751a53ae0 SysStringLen call 7ff751a53ae0 call 7ff751ab1e40 call 7ff751a6a9e0 194->198 211 7ff751c04642 198->211 212 7ff751c0453e-7ff751c04636 call 7ff751a5f4d0 call 7ff751abc510 call 7ff751a53ae0 SysStringLen call 7ff751a53ae0 call 7ff751ab1e40 call 7ff751a6a9e0 198->212 213 7ff751c0464a-7ff751c0465c 211->213 212->211 249 7ff751c04638-7ff751c04640 212->249 215 7ff751c04671-7ff751c0467a 213->215 216 7ff751c0465e-7ff751c04670 call 7ff751a66cc0 213->216 220 7ff751c0468f-7ff751c04698 215->220 221 7ff751c0467c-7ff751c0468e call 7ff751a66cc0 215->221 216->215 225 7ff751c046ad-7ff751c046b6 220->225 226 7ff751c0469a-7ff751c046ac call 7ff751a66cc0 220->226 221->220 227 7ff751c046cb-7ff751c046d2 225->227 228 7ff751c046b8-7ff751c046ca call 7ff751a66cc0 225->228 226->225 227->187 233 7ff751c046d8-7ff751c04754 call 7ff751bffd40 call 7ff751a68f00 * 2 call 7ff751a66c20 * 4 call 7ff751a66cc0 * 2 227->233 228->227 233->89 249->213
                                                                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                                                                  • Source File: 0000000C.00000002.3060241232.00007FF751A41000.00000020.00000001.01000000.00000014.sdmp, Offset: 00007FF751A40000, based on PE: true
                                                                                                                                                                                                                                                                                                                  • Associated: 0000000C.00000002.3060132073.00007FF751A40000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 0000000C.00000002.3060819819.00007FF751C94000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 0000000C.00000002.3061160990.00007FF751CDA000.00000004.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 0000000C.00000002.3061264071.00007FF751CDB000.00000008.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 0000000C.00000002.3061350002.00007FF751CF0000.00000004.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 0000000C.00000002.3061425831.00007FF751CF2000.00000008.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 0000000C.00000002.3061583034.00007FF751CF6000.00000004.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 0000000C.00000002.3061583034.00007FF751D00000.00000004.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 0000000C.00000002.3061749541.00007FF751D03000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_12_2_7ff751a40000_PcAppStore.jbxd
                                                                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                                                                  • API ID: Initialize
                                                                                                                                                                                                                                                                                                                  • String ID: Shell_TrayWnd$Taskbar
                                                                                                                                                                                                                                                                                                                  • API String ID: 2538663250-1897506974
                                                                                                                                                                                                                                                                                                                  • Opcode ID: a8f9f8aefe39c9bb3fc6f1700612f5796ff5a976957e75bfcaea7b801d4d4d5b
                                                                                                                                                                                                                                                                                                                  • Instruction ID: f05788e2f7a8536e63d9a13ab9d415bd8059c1646311f22d6990025ce924192c
                                                                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: a8f9f8aefe39c9bb3fc6f1700612f5796ff5a976957e75bfcaea7b801d4d4d5b
                                                                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: C722F572A0CAC196DB61EB55E4916EFB3A0FBC4341F840132E68D83AADDF6DD544CB10
                                                                                                                                                                                                                                                                                                                  Function 00007FF751B10CA0 Relevance: 24.6, APIs: 11, Strings: 3, Instructions: 111memoryCOMMON
                                                                                                                                                                                                                                                                                                                  Download Yara Rule

                                                                                                                                                                                                                                                                                                                  Control-flow Graph

                                                                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                                                                  • Source File: 0000000C.00000002.3060241232.00007FF751A41000.00000020.00000001.01000000.00000014.sdmp, Offset: 00007FF751A40000, based on PE: true
                                                                                                                                                                                                                                                                                                                  • Associated: 0000000C.00000002.3060132073.00007FF751A40000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 0000000C.00000002.3060819819.00007FF751C94000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 0000000C.00000002.3061160990.00007FF751CDA000.00000004.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 0000000C.00000002.3061264071.00007FF751CDB000.00000008.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 0000000C.00000002.3061350002.00007FF751CF0000.00000004.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 0000000C.00000002.3061425831.00007FF751CF2000.00000008.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 0000000C.00000002.3061583034.00007FF751CF6000.00000004.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 0000000C.00000002.3061583034.00007FF751D00000.00000004.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 0000000C.00000002.3061749541.00007FF751D03000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_12_2_7ff751a40000_PcAppStore.jbxd
                                                                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                                                                  • API ID: Decorator::getTableType$QueryValue$Globalwsprintf$AllocFree
                                                                                                                                                                                                                                                                                                                  • String ID: \StringFileInfo\%04x%04x\FileDescription$\StringFileInfo\%04x%04x\ProductVersion$\VarFileInfo\Translation
                                                                                                                                                                                                                                                                                                                  • API String ID: 3623593157-227869778
                                                                                                                                                                                                                                                                                                                  • Opcode ID: de8831d1a3eb507047cc2c15f653a8f1ddda4228520ee9f313ef852ba1c3bc30
                                                                                                                                                                                                                                                                                                                  • Instruction ID: 2a2ce2543d78a90e0e81ca94c4611a353240bdec6392a306938b95df6468e4f9
                                                                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: de8831d1a3eb507047cc2c15f653a8f1ddda4228520ee9f313ef852ba1c3bc30
                                                                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 38519272A18A4282DB20EB55E0507BAF361FBC4785F942032EA8E83B6CDF7DD545CB50
                                                                                                                                                                                                                                                                                                                  Function 00007FF751ABF080 Relevance: 23.0, APIs: 12, Strings: 1, Instructions: 264timeCOMMON
                                                                                                                                                                                                                                                                                                                  Download Yara Rule

                                                                                                                                                                                                                                                                                                                  Control-flow Graph

                                                                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                                                                  • Source File: 0000000C.00000002.3060241232.00007FF751A41000.00000020.00000001.01000000.00000014.sdmp, Offset: 00007FF751A40000, based on PE: true
                                                                                                                                                                                                                                                                                                                  • Associated: 0000000C.00000002.3060132073.00007FF751A40000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 0000000C.00000002.3060819819.00007FF751C94000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 0000000C.00000002.3061160990.00007FF751CDA000.00000004.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 0000000C.00000002.3061264071.00007FF751CDB000.00000008.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 0000000C.00000002.3061350002.00007FF751CF0000.00000004.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 0000000C.00000002.3061425831.00007FF751CF2000.00000008.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 0000000C.00000002.3061583034.00007FF751CF6000.00000004.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 0000000C.00000002.3061583034.00007FF751D00000.00000004.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 0000000C.00000002.3061749541.00007FF751D03000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_12_2_7ff751a40000_PcAppStore.jbxd
                                                                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                                                                  • API ID: Http$CloseHandle$Requeststd::ios_base::good$ConnectCount64OpenReceiveResponseSendTickTimeouts
                                                                                                                                                                                                                                                                                                                  • String ID: GET
                                                                                                                                                                                                                                                                                                                  • API String ID: 2571818228-1805413626
                                                                                                                                                                                                                                                                                                                  • Opcode ID: f2bbd1fb475fb939bf103f19e359ecaea94e68e1f4a006866a52bfb478bd0036
                                                                                                                                                                                                                                                                                                                  • Instruction ID: 003d2270f28568216398d102a2ff6b60596355d7e2cfba175d622ca8987a6f3d
                                                                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: f2bbd1fb475fb939bf103f19e359ecaea94e68e1f4a006866a52bfb478bd0036
                                                                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: DCF1BD36609FC585DBB19B56F88439AB3A4F788B91F540126DACD43B68EFBCC494CB00
                                                                                                                                                                                                                                                                                                                  Function 00007FF751B10580 Relevance: 7.7, APIs: 5, Instructions: 238COMMON
                                                                                                                                                                                                                                                                                                                  Download Yara Rule

                                                                                                                                                                                                                                                                                                                  Control-flow Graph

                                                                                                                                                                                                                                                                                                                  • Executed
                                                                                                                                                                                                                                                                                                                  • Not Executed
                                                                                                                                                                                                                                                                                                                  control_flow_graph 262 7ff751b10580-7ff751b105e6 call 7ff751c4d680 265 7ff751b105e8-7ff751b105ea 262->265 266 7ff751b105ef-7ff751b10612 call 7ff751c2a5c8 262->266 267 7ff751b10a4f-7ff751b10a56 265->267 270 7ff751b1061b 266->270 271 7ff751b10614-7ff751b10616 266->271 272 7ff751b10620-7ff751b10629 270->272 271->267 273 7ff751b1062f-7ff751b10636 272->273 274 7ff751b10735-7ff751b10763 272->274 273->274 276 7ff751b1063c-7ff751b106a3 call 7ff751c4d264 call 7ff751c4d680 273->276 277 7ff751b10769-7ff751b1079d OpenProcess 274->277 278 7ff751b10a32-7ff751b10a4d call 7ff751c4d264 274->278 290 7ff751b10712-7ff751b10727 K32EnumProcesses 276->290 291 7ff751b106a5-7ff751b1070d call 7ff751c4d264 call 7ff751c4d680 276->291 281 7ff751b10a2d 277->281 282 7ff751b107a3-7ff751b10864 call 7ff751a5f6f0 call 7ff751b0fe20 call 7ff751a87490 QueryFullProcessImageNameW call 7ff751b10040 call 7ff751a53ae0 PathFindFileNameW call 7ff751a5f5f0 call 7ff751a5f6f0 * 2 call 7ff751b10ca0 277->282 278->267 281->278 312 7ff751b10869-7ff751b109b8 call 7ff751a5f4d0 call 7ff751a775c0 call 7ff751a5f4d0 call 7ff751af0340 call 7ff751a76d20 call 7ff751b0ff70 call 7ff751a8e250 call 7ff751a86f30 call 7ff751b0fd20 call 7ff751a8e250 call 7ff751a6a990 282->312 292 7ff751b10729-7ff751b1072b 290->292 293 7ff751b10730 290->293 291->290 292->267 293->272 335 7ff751b109ba-7ff751b109cf call 7ff751b113b0 312->335 336 7ff751b109d0-7ff751b10a2c CloseHandle call 7ff751a69100 call 7ff751a66cc0 * 5 312->336 335->336 336->281
                                                                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                                                                  • Source File: 0000000C.00000002.3060241232.00007FF751A41000.00000020.00000001.01000000.00000014.sdmp, Offset: 00007FF751A40000, based on PE: true
                                                                                                                                                                                                                                                                                                                  • Associated: 0000000C.00000002.3060132073.00007FF751A40000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 0000000C.00000002.3060819819.00007FF751C94000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 0000000C.00000002.3061160990.00007FF751CDA000.00000004.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 0000000C.00000002.3061264071.00007FF751CDB000.00000008.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 0000000C.00000002.3061350002.00007FF751CF0000.00000004.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 0000000C.00000002.3061425831.00007FF751CF2000.00000008.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 0000000C.00000002.3061583034.00007FF751CF6000.00000004.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 0000000C.00000002.3061583034.00007FF751D00000.00000004.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 0000000C.00000002.3061749541.00007FF751D03000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_12_2_7ff751a40000_PcAppStore.jbxd
                                                                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                                                                                                                                  • Opcode ID: d8e13e99e12a9853492c0fa8fa32c86ad2c14a18008e79842811f36bd6186243
                                                                                                                                                                                                                                                                                                                  • Instruction ID: b1a289c6fa411057f872d41a89da8acf221fcd6c98115e5334a5ecd8d8dfe425
                                                                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: d8e13e99e12a9853492c0fa8fa32c86ad2c14a18008e79842811f36bd6186243
                                                                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 38C1357260DA8191DB60EB54E4403EAF3A1FBC5391F955132E68D83BAEDEBCD448CB50
                                                                                                                                                                                                                                                                                                                  Function 00007FF751ABCF20 Relevance: 6.1, APIs: 4, Instructions: 101COMMONLIBRARYCODE
                                                                                                                                                                                                                                                                                                                  Download Yara Rule

                                                                                                                                                                                                                                                                                                                  Control-flow Graph

                                                                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                                                                    • Part of subcall function 00007FF751A620A0: _WChar_traits.LIBCPMTD ref: 00007FF751A620CD
                                                                                                                                                                                                                                                                                                                  • type_info::_name_internal_method.LIBCMTD ref: 00007FF751ABCFB0
                                                                                                                                                                                                                                                                                                                  • Concurrency::details::WorkQueue::IsStructuredEmpty.LIBCMTD ref: 00007FF751ABCFDD
                                                                                                                                                                                                                                                                                                                    • Part of subcall function 00007FF751ABC050: Concurrency::task_continuation_context::task_continuation_context.LIBCPMTD ref: 00007FF751ABC1F9
                                                                                                                                                                                                                                                                                                                  • shared_ptr.LIBCMTD ref: 00007FF751ABD013
                                                                                                                                                                                                                                                                                                                  • Concurrency::details::WorkQueue::IsStructuredEmpty.LIBCMTD ref: 00007FF751ABD0AE
                                                                                                                                                                                                                                                                                                                    • Part of subcall function 00007FF751ABB630: UnDecorator::getVbTableType.LIBCMTD ref: 00007FF751ABB64A
                                                                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                                                                  • Source File: 0000000C.00000002.3060241232.00007FF751A41000.00000020.00000001.01000000.00000014.sdmp, Offset: 00007FF751A40000, based on PE: true
                                                                                                                                                                                                                                                                                                                  • Associated: 0000000C.00000002.3060132073.00007FF751A40000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 0000000C.00000002.3060819819.00007FF751C94000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 0000000C.00000002.3061160990.00007FF751CDA000.00000004.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 0000000C.00000002.3061264071.00007FF751CDB000.00000008.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 0000000C.00000002.3061350002.00007FF751CF0000.00000004.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 0000000C.00000002.3061425831.00007FF751CF2000.00000008.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 0000000C.00000002.3061583034.00007FF751CF6000.00000004.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 0000000C.00000002.3061583034.00007FF751D00000.00000004.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 0000000C.00000002.3061749541.00007FF751D03000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_12_2_7ff751a40000_PcAppStore.jbxd
                                                                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                                                                  • API ID: Concurrency::details::EmptyQueue::StructuredWork$Char_traitsConcurrency::task_continuation_context::task_continuation_contextDecorator::getTableTypeshared_ptrtype_info::_name_internal_method
                                                                                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                                                                                  • API String ID: 4040233825-0
                                                                                                                                                                                                                                                                                                                  • Opcode ID: d0c4bd5257ea87a9d30ac203d02df68460a5a650e7b5957a02da17cb04325be4
                                                                                                                                                                                                                                                                                                                  • Instruction ID: e9dda06bcca50e63a1d847bf90e47d5756ba12fd26a290f3a3cf48470ebfd410
                                                                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: d0c4bd5257ea87a9d30ac203d02df68460a5a650e7b5957a02da17cb04325be4
                                                                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: E1413B3291DAC595DB21EB64E4817EEF760FBC4384F845032E68D43AAEDE6CD905CB10
                                                                                                                                                                                                                                                                                                                  Function 00007FF751ABE3F0 Relevance: 6.1, APIs: 4, Instructions: 78synchronizationCOMMON
                                                                                                                                                                                                                                                                                                                  Download Yara Rule

                                                                                                                                                                                                                                                                                                                  Control-flow Graph

                                                                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                                                                  • Source File: 0000000C.00000002.3060241232.00007FF751A41000.00000020.00000001.01000000.00000014.sdmp, Offset: 00007FF751A40000, based on PE: true
                                                                                                                                                                                                                                                                                                                  • Associated: 0000000C.00000002.3060132073.00007FF751A40000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 0000000C.00000002.3060819819.00007FF751C94000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 0000000C.00000002.3061160990.00007FF751CDA000.00000004.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 0000000C.00000002.3061264071.00007FF751CDB000.00000008.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 0000000C.00000002.3061350002.00007FF751CF0000.00000004.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 0000000C.00000002.3061425831.00007FF751CF2000.00000008.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 0000000C.00000002.3061583034.00007FF751CF6000.00000004.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 0000000C.00000002.3061583034.00007FF751D00000.00000004.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 0000000C.00000002.3061749541.00007FF751D03000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_12_2_7ff751a40000_PcAppStore.jbxd
                                                                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                                                                  • API ID: Concurrency::details::EmptyQueue::StructuredWork$ObjectSingleWait
                                                                                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                                                                                  • API String ID: 282557418-0
                                                                                                                                                                                                                                                                                                                  • Opcode ID: 6217c9990599a4b135350d17e64cbfab7854f6f94625d0cc2ab53f12fc9ce3ae
                                                                                                                                                                                                                                                                                                                  • Instruction ID: 2069831cde926a0eadbd4ed7f39316c765503624203272d7aed06d949f3f712c
                                                                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 6217c9990599a4b135350d17e64cbfab7854f6f94625d0cc2ab53f12fc9ce3ae
                                                                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 8C316561E0828243EF11E769E04567EA390FF81785FD40536E68D477ABEE6CD8828B14
                                                                                                                                                                                                                                                                                                                  Function 00007FF751AF5240 Relevance: 6.1, APIs: 4, Instructions: 74registrystringCOMMON
                                                                                                                                                                                                                                                                                                                  Download Yara Rule

                                                                                                                                                                                                                                                                                                                  Control-flow Graph

                                                                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                                                                  • Source File: 0000000C.00000002.3060241232.00007FF751A41000.00000020.00000001.01000000.00000014.sdmp, Offset: 00007FF751A40000, based on PE: true
                                                                                                                                                                                                                                                                                                                  • Associated: 0000000C.00000002.3060132073.00007FF751A40000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 0000000C.00000002.3060819819.00007FF751C94000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 0000000C.00000002.3061160990.00007FF751CDA000.00000004.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 0000000C.00000002.3061264071.00007FF751CDB000.00000008.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 0000000C.00000002.3061350002.00007FF751CF0000.00000004.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 0000000C.00000002.3061425831.00007FF751CF2000.00000008.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 0000000C.00000002.3061583034.00007FF751CF6000.00000004.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 0000000C.00000002.3061583034.00007FF751D00000.00000004.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 0000000C.00000002.3061749541.00007FF751D03000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_12_2_7ff751a40000_PcAppStore.jbxd
                                                                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                                                                  • API ID: CloseCreateQueryValuestrrchr
                                                                                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                                                                                  • API String ID: 2429320508-0
                                                                                                                                                                                                                                                                                                                  • Opcode ID: ee8a4c03e8f49404586714ede41ddf851252e0d59494cd6efd69df26dc44f78b
                                                                                                                                                                                                                                                                                                                  • Instruction ID: 1b38ae0dbf0f431e2fe7e1cbece12b215678f45dc96c7b9b1f37963e855173ea
                                                                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: ee8a4c03e8f49404586714ede41ddf851252e0d59494cd6efd69df26dc44f78b
                                                                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 4F31F772A1CA8182D750EB65E491AABF360FBC0781F945132E68E83A6DDFBDD404CB50
                                                                                                                                                                                                                                                                                                                  Function 00007FF751A64310 Relevance: 6.1, APIs: 4, Instructions: 60comfileCOMMON
                                                                                                                                                                                                                                                                                                                  Download Yara Rule

                                                                                                                                                                                                                                                                                                                  Control-flow Graph

                                                                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                                                                  • Source File: 0000000C.00000002.3060241232.00007FF751A41000.00000020.00000001.01000000.00000014.sdmp, Offset: 00007FF751A40000, based on PE: true
                                                                                                                                                                                                                                                                                                                  • Associated: 0000000C.00000002.3060132073.00007FF751A40000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 0000000C.00000002.3060819819.00007FF751C94000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 0000000C.00000002.3061160990.00007FF751CDA000.00000004.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 0000000C.00000002.3061264071.00007FF751CDB000.00000008.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 0000000C.00000002.3061350002.00007FF751CF0000.00000004.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 0000000C.00000002.3061425831.00007FF751CF2000.00000008.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 0000000C.00000002.3061583034.00007FF751CF6000.00000004.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 0000000C.00000002.3061583034.00007FF751D00000.00000004.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 0000000C.00000002.3061749541.00007FF751D03000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_12_2_7ff751a40000_PcAppStore.jbxd
                                                                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                                                                  • API ID: CreateInitialize$FileIcmpInstanceSecurity
                                                                                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                                                                                  • API String ID: 897544864-0
                                                                                                                                                                                                                                                                                                                  • Opcode ID: 2ab00a7be3f113a5459278352ca62c8047a08fefabb5a2b79c5b5b9f5f8cb546
                                                                                                                                                                                                                                                                                                                  • Instruction ID: 1f44fd391e8dadfff5cc4fa6b6fb5bddfb79fd7776e02b7cbe233efccfe453d5
                                                                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 2ab00a7be3f113a5459278352ca62c8047a08fefabb5a2b79c5b5b9f5f8cb546
                                                                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 74316172A08B8582EB01EF2AE44571EB7A1FB81B54F544136EA9D07799CF7DE004CB40
                                                                                                                                                                                                                                                                                                                  Function 00007FF751AF5130 Relevance: 6.1, APIs: 4, Instructions: 58registryCOMMON
                                                                                                                                                                                                                                                                                                                  Download Yara Rule

                                                                                                                                                                                                                                                                                                                  Control-flow Graph

                                                                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                                                                  • Source File: 0000000C.00000002.3060241232.00007FF751A41000.00000020.00000001.01000000.00000014.sdmp, Offset: 00007FF751A40000, based on PE: true
                                                                                                                                                                                                                                                                                                                  • Associated: 0000000C.00000002.3060132073.00007FF751A40000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 0000000C.00000002.3060819819.00007FF751C94000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 0000000C.00000002.3061160990.00007FF751CDA000.00000004.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 0000000C.00000002.3061264071.00007FF751CDB000.00000008.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 0000000C.00000002.3061350002.00007FF751CF0000.00000004.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 0000000C.00000002.3061425831.00007FF751CF2000.00000008.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 0000000C.00000002.3061583034.00007FF751CF6000.00000004.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 0000000C.00000002.3061583034.00007FF751D00000.00000004.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 0000000C.00000002.3061749541.00007FF751D03000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_12_2_7ff751a40000_PcAppStore.jbxd
                                                                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                                                                  • API ID: Close$CreateQueryValue
                                                                                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                                                                                  • API String ID: 2495337196-0
                                                                                                                                                                                                                                                                                                                  • Opcode ID: bbc35d118a5a876e55791ea3b8aae80a94f822d3b07ba856eefde835958cdc06
                                                                                                                                                                                                                                                                                                                  • Instruction ID: ff37a00e662d3195954f42ced441fe65c509b973b4a80561320c906c0e2db250
                                                                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: bbc35d118a5a876e55791ea3b8aae80a94f822d3b07ba856eefde835958cdc06
                                                                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 5721D462A2CA8182D741AB66E49056FB7A0FBC1782F541032FACE46A6DCF6DE415CB50
                                                                                                                                                                                                                                                                                                                  Function 00007FF751A41349 Relevance: 5.5, APIs: 1, Strings: 2, Instructions: 206COMMON
                                                                                                                                                                                                                                                                                                                  Download Yara Rule

                                                                                                                                                                                                                                                                                                                  Control-flow Graph

                                                                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                                                                    • Part of subcall function 00007FF751A61F00: Concurrency::details::WorkQueue::IsStructuredEmpty.LIBCMTD ref: 00007FF751A61F1D
                                                                                                                                                                                                                                                                                                                  • std::_Fac_node::_Fac_node.LIBCPMTD ref: 00007FF751A41759
                                                                                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                                                                  • Source File: 0000000C.00000002.3060241232.00007FF751A41000.00000020.00000001.01000000.00000014.sdmp, Offset: 00007FF751A40000, based on PE: true
                                                                                                                                                                                                                                                                                                                  • Associated: 0000000C.00000002.3060132073.00007FF751A40000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 0000000C.00000002.3060819819.00007FF751C94000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 0000000C.00000002.3061160990.00007FF751CDA000.00000004.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 0000000C.00000002.3061264071.00007FF751CDB000.00000008.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 0000000C.00000002.3061350002.00007FF751CF0000.00000004.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 0000000C.00000002.3061425831.00007FF751CF2000.00000008.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 0000000C.00000002.3061583034.00007FF751CF6000.00000004.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 0000000C.00000002.3061583034.00007FF751D00000.00000004.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 0000000C.00000002.3061749541.00007FF751D03000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_12_2_7ff751a40000_PcAppStore.jbxd
                                                                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                                                                  • API ID: Concurrency::details::EmptyFac_nodeFac_node::_Queue::StructuredWorkstd::_
                                                                                                                                                                                                                                                                                                                  • String ID: $@
                                                                                                                                                                                                                                                                                                                  • API String ID: 3399187363-1077428164
                                                                                                                                                                                                                                                                                                                  • Opcode ID: a4610d397a1216623fe72095897da41efb7be93f784f97debb236857b467e61d
                                                                                                                                                                                                                                                                                                                  • Instruction ID: 602722baa8f656411a0f8d235b359366f66830f7406c431020eb7f8b8ef434da
                                                                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: a4610d397a1216623fe72095897da41efb7be93f784f97debb236857b467e61d
                                                                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: FFC1C172A09AC291DB72AB50E4907EBB365FBC4381F845032E68D43B6DDFB8D549CB50
                                                                                                                                                                                                                                                                                                                  Function 00007FF751ABE2B0 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 63timeCOMMON
                                                                                                                                                                                                                                                                                                                  Download Yara Rule

                                                                                                                                                                                                                                                                                                                  Control-flow Graph

                                                                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                                                                    • Part of subcall function 00007FF751A620A0: _WChar_traits.LIBCPMTD ref: 00007FF751A620CD
                                                                                                                                                                                                                                                                                                                    • Part of subcall function 00007FF751ABCF20: type_info::_name_internal_method.LIBCMTD ref: 00007FF751ABCFB0
                                                                                                                                                                                                                                                                                                                    • Part of subcall function 00007FF751ABCF20: Concurrency::details::WorkQueue::IsStructuredEmpty.LIBCMTD ref: 00007FF751ABCFDD
                                                                                                                                                                                                                                                                                                                    • Part of subcall function 00007FF751ABCF20: shared_ptr.LIBCMTD ref: 00007FF751ABD013
                                                                                                                                                                                                                                                                                                                    • Part of subcall function 00007FF751ABCF20: Concurrency::details::WorkQueue::IsStructuredEmpty.LIBCMTD ref: 00007FF751ABD0AE
                                                                                                                                                                                                                                                                                                                    • Part of subcall function 00007FF751ABC510: shared_ptr.LIBCMTD ref: 00007FF751ABC585
                                                                                                                                                                                                                                                                                                                    • Part of subcall function 00007FF751ABC510: shared_ptr.LIBCMTD ref: 00007FF751ABC60E
                                                                                                                                                                                                                                                                                                                  • WinHttpOpen.WINHTTP ref: 00007FF751ABE33E
                                                                                                                                                                                                                                                                                                                  • WinHttpSetTimeouts.WINHTTP ref: 00007FF751ABE3B0
                                                                                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                                                                  • Source File: 0000000C.00000002.3060241232.00007FF751A41000.00000020.00000001.01000000.00000014.sdmp, Offset: 00007FF751A40000, based on PE: true
                                                                                                                                                                                                                                                                                                                  • Associated: 0000000C.00000002.3060132073.00007FF751A40000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 0000000C.00000002.3060819819.00007FF751C94000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 0000000C.00000002.3061160990.00007FF751CDA000.00000004.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 0000000C.00000002.3061264071.00007FF751CDB000.00000008.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 0000000C.00000002.3061350002.00007FF751CF0000.00000004.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 0000000C.00000002.3061425831.00007FF751CF2000.00000008.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 0000000C.00000002.3061583034.00007FF751CF6000.00000004.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 0000000C.00000002.3061583034.00007FF751D00000.00000004.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 0000000C.00000002.3061749541.00007FF751D03000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_12_2_7ff751a40000_PcAppStore.jbxd
                                                                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                                                                  • API ID: shared_ptr$Concurrency::details::EmptyHttpQueue::StructuredWork$Char_traitsOpenTimeoutstype_info::_name_internal_method
                                                                                                                                                                                                                                                                                                                  • String ID: WinHTTP 1.0
                                                                                                                                                                                                                                                                                                                  • API String ID: 2528808869-2851767304
                                                                                                                                                                                                                                                                                                                  • Opcode ID: 760f99f6ca04a1c46898f9a2c16207f08d962393f426984c8685a803207f4b58
                                                                                                                                                                                                                                                                                                                  • Instruction ID: 16a550c7b7509b72b1d79a2e4d9a0aa2ac60f1399141ecc15f59e9e5167f3199
                                                                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 760f99f6ca04a1c46898f9a2c16207f08d962393f426984c8685a803207f4b58
                                                                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 0F310A32A1CA8182E750EB55E480B6FB761FBC0744F945032E68E47A6DDFBCD445CB50
                                                                                                                                                                                                                                                                                                                  Function 00007FF751C2FDE4 Relevance: 4.6, APIs: 3, Instructions: 95COMMON
                                                                                                                                                                                                                                                                                                                  Download Yara Rule

                                                                                                                                                                                                                                                                                                                  Control-flow Graph

                                                                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                                                                  • Source File: 0000000C.00000002.3060241232.00007FF751A41000.00000020.00000001.01000000.00000014.sdmp, Offset: 00007FF751A40000, based on PE: true
                                                                                                                                                                                                                                                                                                                  • Associated: 0000000C.00000002.3060132073.00007FF751A40000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 0000000C.00000002.3060819819.00007FF751C94000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 0000000C.00000002.3061160990.00007FF751CDA000.00000004.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 0000000C.00000002.3061264071.00007FF751CDB000.00000008.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 0000000C.00000002.3061350002.00007FF751CF0000.00000004.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 0000000C.00000002.3061425831.00007FF751CF2000.00000008.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 0000000C.00000002.3061583034.00007FF751CF6000.00000004.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 0000000C.00000002.3061583034.00007FF751D00000.00000004.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 0000000C.00000002.3061749541.00007FF751D03000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_12_2_7ff751a40000_PcAppStore.jbxd
                                                                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                                                                  • API ID: Lockitstd::_$Concurrency::cancel_current_taskLockit::_Lockit::~_
                                                                                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                                                                                  • API String ID: 2115809835-0
                                                                                                                                                                                                                                                                                                                  • Opcode ID: 593d566724d10316e6f2a9b2dbdb246ea62d452b964b8ed4a517b9ab6e659b21
                                                                                                                                                                                                                                                                                                                  • Instruction ID: 6be2a85a91652ff3b63d21485f75db7b3774419abd3b96757616cba57e791b3d
                                                                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 593d566724d10316e6f2a9b2dbdb246ea62d452b964b8ed4a517b9ab6e659b21
                                                                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 2241A062A14B8982EB15EB15E45026CB360FB88FC1F984072DE9D43B6DDFBEE851C350
                                                                                                                                                                                                                                                                                                                  Function 00007FF751B113E0 Relevance: 4.6, APIs: 3, Instructions: 55COMMON
                                                                                                                                                                                                                                                                                                                  Download Yara Rule

                                                                                                                                                                                                                                                                                                                  Control-flow Graph

                                                                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                                                                  • Source File: 0000000C.00000002.3060241232.00007FF751A41000.00000020.00000001.01000000.00000014.sdmp, Offset: 00007FF751A40000, based on PE: true
                                                                                                                                                                                                                                                                                                                  • Associated: 0000000C.00000002.3060132073.00007FF751A40000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 0000000C.00000002.3060819819.00007FF751C94000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 0000000C.00000002.3061160990.00007FF751CDA000.00000004.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 0000000C.00000002.3061264071.00007FF751CDB000.00000008.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 0000000C.00000002.3061350002.00007FF751CF0000.00000004.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 0000000C.00000002.3061425831.00007FF751CF2000.00000008.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 0000000C.00000002.3061583034.00007FF751CF6000.00000004.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 0000000C.00000002.3061583034.00007FF751D00000.00000004.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 0000000C.00000002.3061749541.00007FF751D03000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_12_2_7ff751a40000_PcAppStore.jbxd
                                                                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                                                                  • API ID: Concurrency::details::_CriticalDecorator::getHandleLock::_ReentrantScoped_lockScoped_lock::~_TableType
                                                                                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                                                                                  • API String ID: 268523177-0
                                                                                                                                                                                                                                                                                                                  • Opcode ID: 3ec8b67f0218985b6ccc806678789a5bfe10daa593550025e2044fe239463e9e
                                                                                                                                                                                                                                                                                                                  • Instruction ID: d8f9e92c37e69092f73b597b49b39bab3b12e1fa07ecb861935951e129f5e411
                                                                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 3ec8b67f0218985b6ccc806678789a5bfe10daa593550025e2044fe239463e9e
                                                                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: D621712295DA8185D720E715E05016EFBA0EBC5785F991032F7CE82BAEDF6CC541CF50
                                                                                                                                                                                                                                                                                                                  Function 00007FF751A69D70 Relevance: 1.5, APIs: 1, Instructions: 34stringCOMMONLIBRARYCODE
                                                                                                                                                                                                                                                                                                                  Download Yara Rule

                                                                                                                                                                                                                                                                                                                  Control-flow Graph

                                                                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                                                                  • Source File: 0000000C.00000002.3060241232.00007FF751A41000.00000020.00000001.01000000.00000014.sdmp, Offset: 00007FF751A40000, based on PE: true
                                                                                                                                                                                                                                                                                                                  • Associated: 0000000C.00000002.3060132073.00007FF751A40000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 0000000C.00000002.3060819819.00007FF751C94000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 0000000C.00000002.3061160990.00007FF751CDA000.00000004.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 0000000C.00000002.3061264071.00007FF751CDB000.00000008.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 0000000C.00000002.3061350002.00007FF751CF0000.00000004.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 0000000C.00000002.3061425831.00007FF751CF2000.00000008.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 0000000C.00000002.3061583034.00007FF751CF6000.00000004.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 0000000C.00000002.3061583034.00007FF751D00000.00000004.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 0000000C.00000002.3061749541.00007FF751D03000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_12_2_7ff751a40000_PcAppStore.jbxd
                                                                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                                                                  • API ID: ByteCharMultiWidestrrchr
                                                                                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                                                                                  • API String ID: 276481755-0
                                                                                                                                                                                                                                                                                                                  • Opcode ID: 7fafca46d7438934a01356089c12a64e9e854521357d7ee9cbf224d3c1cce801
                                                                                                                                                                                                                                                                                                                  • Instruction ID: 55046c7d76bd8f0ae263d035ab96edaa5da918113da95c09ebe10570f0651b9b
                                                                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 7fafca46d7438934a01356089c12a64e9e854521357d7ee9cbf224d3c1cce801
                                                                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 24012A3290C68186D321EB55E440A2AB7B0F7C9789F640232E68C47AADCF7CD9008F50
                                                                                                                                                                                                                                                                                                                  Function 00007FF751AFABA0 Relevance: 1.5, APIs: 1, Instructions: 22memoryCOMMON
                                                                                                                                                                                                                                                                                                                  Download Yara Rule

                                                                                                                                                                                                                                                                                                                  Control-flow Graph

                                                                                                                                                                                                                                                                                                                  • Executed
                                                                                                                                                                                                                                                                                                                  • Not Executed
                                                                                                                                                                                                                                                                                                                  control_flow_graph 675 7ff751afaba0-7ff751afabe3 SysAllocString 676 7ff751afabe5-7ff751afabeb 675->676 677 7ff751afabf8-7ff751afac01 675->677 676->677 678 7ff751afabed-7ff751afabf7 call 7ff751c4cab0 676->678 678->677
                                                                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                                                                  • Source File: 0000000C.00000002.3060241232.00007FF751A41000.00000020.00000001.01000000.00000014.sdmp, Offset: 00007FF751A40000, based on PE: true
                                                                                                                                                                                                                                                                                                                  • Associated: 0000000C.00000002.3060132073.00007FF751A40000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 0000000C.00000002.3060819819.00007FF751C94000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 0000000C.00000002.3061160990.00007FF751CDA000.00000004.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 0000000C.00000002.3061264071.00007FF751CDB000.00000008.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 0000000C.00000002.3061350002.00007FF751CF0000.00000004.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 0000000C.00000002.3061425831.00007FF751CF2000.00000008.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 0000000C.00000002.3061583034.00007FF751CF6000.00000004.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 0000000C.00000002.3061583034.00007FF751D00000.00000004.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 0000000C.00000002.3061749541.00007FF751D03000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_12_2_7ff751a40000_PcAppStore.jbxd
                                                                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                                                                  • API ID: AllocString
                                                                                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                                                                                  • API String ID: 2525500382-0
                                                                                                                                                                                                                                                                                                                  • Opcode ID: 4cf0768df7eaef10e69101eb9cf7f491419159847323e2dff04672cc99fbd735
                                                                                                                                                                                                                                                                                                                  • Instruction ID: 63ded31289b36ebb989e640e63c586fa2d0bf2923c569bcbb7a5a43b7e7c3117
                                                                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 4cf0768df7eaef10e69101eb9cf7f491419159847323e2dff04672cc99fbd735
                                                                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 0FF03A76529B8982D7409F55E48471EB7A0F7C4B85F946426FA8E43768CFBDD480CB00
                                                                                                                                                                                                                                                                                                                  Function 00007FF751A723D0 Relevance: 1.5, APIs: 1, Instructions: 19COMMONLIBRARYCODE
                                                                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                                                                  • Source File: 0000000C.00000002.3060241232.00007FF751A41000.00000020.00000001.01000000.00000014.sdmp, Offset: 00007FF751A40000, based on PE: true
                                                                                                                                                                                                                                                                                                                  • Associated: 0000000C.00000002.3060132073.00007FF751A40000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 0000000C.00000002.3060819819.00007FF751C94000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 0000000C.00000002.3061160990.00007FF751CDA000.00000004.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 0000000C.00000002.3061264071.00007FF751CDB000.00000008.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 0000000C.00000002.3061350002.00007FF751CF0000.00000004.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 0000000C.00000002.3061425831.00007FF751CF2000.00000008.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 0000000C.00000002.3061583034.00007FF751CF6000.00000004.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 0000000C.00000002.3061583034.00007FF751D00000.00000004.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 0000000C.00000002.3061749541.00007FF751D03000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_12_2_7ff751a40000_PcAppStore.jbxd
                                                                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                                                                  • API ID: Func_class
                                                                                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                                                                                  • API String ID: 1670654298-0
                                                                                                                                                                                                                                                                                                                  • Opcode ID: a9e9c8497dd71b8d3d56d2e0fc3a50a7d872121369f15b3d52fc570d9e215e95
                                                                                                                                                                                                                                                                                                                  • Instruction ID: a9792a79ad19b435f577aebfa105cc5e9866adeb73c9f6af4cd02cadbc688ba2
                                                                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: a9e9c8497dd71b8d3d56d2e0fc3a50a7d872121369f15b3d52fc570d9e215e95
                                                                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 12E04F32A18A8582DB20BB61E44102FB370FBC5B85F944072EACD47B6ECF6CC5158B10
                                                                                                                                                                                                                                                                                                                  Function 00007FF751AB24E0 Relevance: 1.5, APIs: 1, Instructions: 14COMMON
                                                                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                                                                  • Source File: 0000000C.00000002.3060241232.00007FF751A41000.00000020.00000001.01000000.00000014.sdmp, Offset: 00007FF751A40000, based on PE: true
                                                                                                                                                                                                                                                                                                                  • Associated: 0000000C.00000002.3060132073.00007FF751A40000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 0000000C.00000002.3060819819.00007FF751C94000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 0000000C.00000002.3061160990.00007FF751CDA000.00000004.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 0000000C.00000002.3061264071.00007FF751CDB000.00000008.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 0000000C.00000002.3061350002.00007FF751CF0000.00000004.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 0000000C.00000002.3061425831.00007FF751CF2000.00000008.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 0000000C.00000002.3061583034.00007FF751CF6000.00000004.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 0000000C.00000002.3061583034.00007FF751D00000.00000004.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 0000000C.00000002.3061749541.00007FF751D03000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_12_2_7ff751a40000_PcAppStore.jbxd
                                                                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                                                                  • API ID: std::bad_exception::bad_exception
                                                                                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                                                                                  • API String ID: 2160870905-0
                                                                                                                                                                                                                                                                                                                  • Opcode ID: 65001d8e746deffeca408a196246966546a9e165f4c2f5ec19224ae183bfa6a2
                                                                                                                                                                                                                                                                                                                  • Instruction ID: 40566e8e4011ca14bda9e20b85e3e308f21adcf3ca7e3ec34127502d72c79d79
                                                                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 65001d8e746deffeca408a196246966546a9e165f4c2f5ec19224ae183bfa6a2
                                                                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: A2E0BF6251DA8081D610E755E48041AE360F7C8795F441123EA8D43B2EDE6CD9104B14
                                                                                                                                                                                                                                                                                                                  Function 00007FF751A74F20 Relevance: 1.5, APIs: 1, Instructions: 14comCOMMON
                                                                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                                                                  • Source File: 0000000C.00000002.3060241232.00007FF751A41000.00000020.00000001.01000000.00000014.sdmp, Offset: 00007FF751A40000, based on PE: true
                                                                                                                                                                                                                                                                                                                  • Associated: 0000000C.00000002.3060132073.00007FF751A40000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 0000000C.00000002.3060819819.00007FF751C94000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 0000000C.00000002.3061160990.00007FF751CDA000.00000004.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 0000000C.00000002.3061264071.00007FF751CDB000.00000008.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 0000000C.00000002.3061350002.00007FF751CF0000.00000004.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 0000000C.00000002.3061425831.00007FF751CF2000.00000008.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 0000000C.00000002.3061583034.00007FF751CF6000.00000004.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 0000000C.00000002.3061583034.00007FF751D00000.00000004.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 0000000C.00000002.3061749541.00007FF751D03000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_12_2_7ff751a40000_PcAppStore.jbxd
                                                                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                                                                  • API ID: CreateInstance
                                                                                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                                                                                  • API String ID: 542301482-0
                                                                                                                                                                                                                                                                                                                  • Opcode ID: bb6c3724e980722ef81d4ebb3334c6ec1cd663cf3bfeef8f3b2db88d1033d0f7
                                                                                                                                                                                                                                                                                                                  • Instruction ID: a6905388bad09fea2f188b53c4f6c007df31cca355634dd259e5e371df18c85f
                                                                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: bb6c3724e980722ef81d4ebb3334c6ec1cd663cf3bfeef8f3b2db88d1033d0f7
                                                                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 2BE05AB6A08B8082C710EB55F84005ABBA4F799794FA04526EAC802B28DF7DD5658B40
                                                                                                                                                                                                                                                                                                                  Function 00007FF751A76F10 Relevance: 1.5, APIs: 1, Instructions: 13memoryCOMMON
                                                                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                                                                  • Source File: 0000000C.00000002.3060241232.00007FF751A41000.00000020.00000001.01000000.00000014.sdmp, Offset: 00007FF751A40000, based on PE: true
                                                                                                                                                                                                                                                                                                                  • Associated: 0000000C.00000002.3060132073.00007FF751A40000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 0000000C.00000002.3060819819.00007FF751C94000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 0000000C.00000002.3061160990.00007FF751CDA000.00000004.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 0000000C.00000002.3061264071.00007FF751CDB000.00000008.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 0000000C.00000002.3061350002.00007FF751CF0000.00000004.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 0000000C.00000002.3061425831.00007FF751CF2000.00000008.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 0000000C.00000002.3061583034.00007FF751CF6000.00000004.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 0000000C.00000002.3061583034.00007FF751D00000.00000004.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 0000000C.00000002.3061749541.00007FF751D03000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_12_2_7ff751a40000_PcAppStore.jbxd
                                                                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                                                                  • API ID: FreeHeap
                                                                                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                                                                                  • API String ID: 3298025750-0
                                                                                                                                                                                                                                                                                                                  • Opcode ID: 21840e2703154ceb77cf641923c93027379598a8bd7ec7ce9b01d5ad23a3ceed
                                                                                                                                                                                                                                                                                                                  • Instruction ID: f734ac26d4eb6fefe2dfa064edb0ef12d8a9b0f942191174980d81d75f92cf83
                                                                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 21840e2703154ceb77cf641923c93027379598a8bd7ec7ce9b01d5ad23a3ceed
                                                                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 81E0E2B2908B81C2D710EB55E84435ABBB0FBC9780FA48126EB8C42B38DF7DC595CA40
                                                                                                                                                                                                                                                                                                                  Function 00007FF751C6B2B8 Relevance: 1.3, APIs: 1, Instructions: 29memoryCOMMONLIBRARYCODE
                                                                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                                                                  • HeapAlloc.KERNEL32(?,?,?,00007FF751C6B50D,?,?,00000000,00007FF751C64BC3,?,?,?,00007FF751C6A6C3,?,?,?,00007FF751C6A5B9), ref: 00007FF751C6B2F6
                                                                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                                                                  • Source File: 0000000C.00000002.3060241232.00007FF751A41000.00000020.00000001.01000000.00000014.sdmp, Offset: 00007FF751A40000, based on PE: true
                                                                                                                                                                                                                                                                                                                  • Associated: 0000000C.00000002.3060132073.00007FF751A40000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 0000000C.00000002.3060819819.00007FF751C94000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 0000000C.00000002.3061160990.00007FF751CDA000.00000004.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 0000000C.00000002.3061264071.00007FF751CDB000.00000008.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 0000000C.00000002.3061350002.00007FF751CF0000.00000004.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 0000000C.00000002.3061425831.00007FF751CF2000.00000008.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 0000000C.00000002.3061583034.00007FF751CF6000.00000004.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 0000000C.00000002.3061583034.00007FF751D00000.00000004.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 0000000C.00000002.3061749541.00007FF751D03000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_12_2_7ff751a40000_PcAppStore.jbxd
                                                                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                                                                  • API ID: AllocHeap
                                                                                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                                                                                  • API String ID: 4292702814-0
                                                                                                                                                                                                                                                                                                                  • Opcode ID: 6af5379fc1423127b9ba2ee9f9ded3ce19b22409504cddf95798ed8901624e82
                                                                                                                                                                                                                                                                                                                  • Instruction ID: 1b0f1c47765cf78006367978f4007f6b33b19e22fa5c52379e2378ec4a73b3fa
                                                                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 6af5379fc1423127b9ba2ee9f9ded3ce19b22409504cddf95798ed8901624e82
                                                                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 48F05EC0F0D68240FF24776A598177992805F48BB2FEC1630DC2E852C9EEDEE4408130
                                                                                                                                                                                                                                                                                                                  Function 00007FF751A76F70 Relevance: 1.3, APIs: 1, Instructions: 13COMMONLIBRARYCODE
                                                                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                                                                  • Source File: 0000000C.00000002.3060241232.00007FF751A41000.00000020.00000001.01000000.00000014.sdmp, Offset: 00007FF751A40000, based on PE: true
                                                                                                                                                                                                                                                                                                                  • Associated: 0000000C.00000002.3060132073.00007FF751A40000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 0000000C.00000002.3060819819.00007FF751C94000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 0000000C.00000002.3061160990.00007FF751CDA000.00000004.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 0000000C.00000002.3061264071.00007FF751CDB000.00000008.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 0000000C.00000002.3061350002.00007FF751CF0000.00000004.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 0000000C.00000002.3061425831.00007FF751CF2000.00000008.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 0000000C.00000002.3061583034.00007FF751CF6000.00000004.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 0000000C.00000002.3061583034.00007FF751D00000.00000004.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 0000000C.00000002.3061749541.00007FF751D03000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_12_2_7ff751a40000_PcAppStore.jbxd
                                                                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                                                                  • API ID: ByteCharMultiWide
                                                                                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                                                                                  • API String ID: 626452242-0
                                                                                                                                                                                                                                                                                                                  • Opcode ID: a9716de1d424df544070958b6575c038fa39b0fecce4ea74dbf1b539a0fc0cdf
                                                                                                                                                                                                                                                                                                                  • Instruction ID: c79f841252c1e4f692ed78d01f7e4400b03c625400cc78fcdaa4eda1bbb61f22
                                                                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: a9716de1d424df544070958b6575c038fa39b0fecce4ea74dbf1b539a0fc0cdf
                                                                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 0FD05B71A08A8181D7207BA5B40574AA7A1F7D4354F544225D598066E8DF7DC1458B40
                                                                                                                                                                                                                                                                                                                  Function 00007FF751A747C0 Relevance: 1.3, APIs: 1, Instructions: 10memoryCOMMON
                                                                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                                                                  • Source File: 0000000C.00000002.3060241232.00007FF751A41000.00000020.00000001.01000000.00000014.sdmp, Offset: 00007FF751A40000, based on PE: true
                                                                                                                                                                                                                                                                                                                  • Associated: 0000000C.00000002.3060132073.00007FF751A40000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 0000000C.00000002.3060819819.00007FF751C94000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 0000000C.00000002.3061160990.00007FF751CDA000.00000004.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 0000000C.00000002.3061264071.00007FF751CDB000.00000008.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 0000000C.00000002.3061350002.00007FF751CF0000.00000004.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 0000000C.00000002.3061425831.00007FF751CF2000.00000008.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 0000000C.00000002.3061583034.00007FF751CF6000.00000004.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 0000000C.00000002.3061583034.00007FF751D00000.00000004.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 0000000C.00000002.3061749541.00007FF751D03000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_12_2_7ff751a40000_PcAppStore.jbxd
                                                                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                                                                  • API ID: AllocHeap
                                                                                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                                                                                  • API String ID: 4292702814-0
                                                                                                                                                                                                                                                                                                                  • Opcode ID: 3a7726d1fe1f1a9ca71c651f12233f4499634b6f2f0d22293cbe5f86a4e8b91c
                                                                                                                                                                                                                                                                                                                  • Instruction ID: 7ea5b032bfcfbd8767a7affce1f6f36fd9e7bddaefe476a0a83d1c7f397d2d0d
                                                                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 3a7726d1fe1f1a9ca71c651f12233f4499634b6f2f0d22293cbe5f86a4e8b91c
                                                                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: A1D09EA1915A80C1C604DB16E840049A7A0FBC8781F959425E68D42728DF38C4958B40

                                                                                                                                                                                                                                                                                                                  Non-executed Functions

                                                                                                                                                                                                                                                                                                                  Function 00007FF751C2D224 Relevance: 27.2, APIs: 18, Instructions: 229fileCOMMON
                                                                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                                                                  • Source File: 0000000C.00000002.3060241232.00007FF751A41000.00000020.00000001.01000000.00000014.sdmp, Offset: 00007FF751A40000, based on PE: true
                                                                                                                                                                                                                                                                                                                  • Associated: 0000000C.00000002.3060132073.00007FF751A40000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 0000000C.00000002.3060819819.00007FF751C94000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 0000000C.00000002.3061160990.00007FF751CDA000.00000004.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 0000000C.00000002.3061264071.00007FF751CDB000.00000008.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 0000000C.00000002.3061350002.00007FF751CF0000.00000004.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 0000000C.00000002.3061425831.00007FF751CF2000.00000008.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 0000000C.00000002.3061583034.00007FF751CF6000.00000004.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 0000000C.00000002.3061583034.00007FF751D00000.00000004.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 0000000C.00000002.3061749541.00007FF751D03000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_12_2_7ff751a40000_PcAppStore.jbxd
                                                                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                                                                  • API ID: Close$ErrorFileFindHandleLast$AttributesFirst__std_fs_open_handle
                                                                                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                                                                                  • API String ID: 2398595512-0
                                                                                                                                                                                                                                                                                                                  • Opcode ID: a04a84777fa909781954cc8eb27e3494502870664c88adc4f63f6f614ca6e4c2
                                                                                                                                                                                                                                                                                                                  • Instruction ID: 88cd0fe0f8928d00ac56602ca94091b204f0cc4e74197acf88c4220be8af3e77
                                                                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: a04a84777fa909781954cc8eb27e3494502870664c88adc4f63f6f614ca6e4c2
                                                                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: C191E7B5A08A0287E7606B15A404679A390AF557B6FBC4370D9FD476D8DFBFF8018720
                                                                                                                                                                                                                                                                                                                  Function 00007FF751B0D960 Relevance: 19.3, APIs: 9, Strings: 2, Instructions: 59memoryCOMMON
                                                                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                                                                  • Source File: 0000000C.00000002.3060241232.00007FF751A41000.00000020.00000001.01000000.00000014.sdmp, Offset: 00007FF751A40000, based on PE: true
                                                                                                                                                                                                                                                                                                                  • Associated: 0000000C.00000002.3060132073.00007FF751A40000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 0000000C.00000002.3060819819.00007FF751C94000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 0000000C.00000002.3061160990.00007FF751CDA000.00000004.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 0000000C.00000002.3061264071.00007FF751CDB000.00000008.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 0000000C.00000002.3061350002.00007FF751CF0000.00000004.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 0000000C.00000002.3061425831.00007FF751CF2000.00000008.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 0000000C.00000002.3061583034.00007FF751CF6000.00000004.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 0000000C.00000002.3061583034.00007FF751D00000.00000004.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 0000000C.00000002.3061749541.00007FF751D03000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_12_2_7ff751a40000_PcAppStore.jbxd
                                                                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                                                                  • API ID: GlobalResource$LockName$AllocCreateErrorFindLastLoadNodeNode::SizeofStreamUnlock
                                                                                                                                                                                                                                                                                                                  • String ID: &$PNG
                                                                                                                                                                                                                                                                                                                  • API String ID: 404809873-3047161795
                                                                                                                                                                                                                                                                                                                  • Opcode ID: a3e69eaa7fe4e027b54eff4a4c4b154e826756c3258a12b19c4f175aa9a4c265
                                                                                                                                                                                                                                                                                                                  • Instruction ID: f0a08551db1164324612d871ec760ed4721a57e7fca05c85f0d0cc318198e29d
                                                                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: a3e69eaa7fe4e027b54eff4a4c4b154e826756c3258a12b19c4f175aa9a4c265
                                                                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 963116B6608B81C2D760AB11F48432AF7A0FB88795F544036EA8E43B6CDF7DD554CB10
                                                                                                                                                                                                                                                                                                                  Function 00007FF751A75290 Relevance: 18.0, APIs: 2, Strings: 8, Instructions: 500COMMON
                                                                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                                                                  • Source File: 0000000C.00000002.3060241232.00007FF751A41000.00000020.00000001.01000000.00000014.sdmp, Offset: 00007FF751A40000, based on PE: true
                                                                                                                                                                                                                                                                                                                  • Associated: 0000000C.00000002.3060132073.00007FF751A40000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 0000000C.00000002.3060819819.00007FF751C94000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 0000000C.00000002.3061160990.00007FF751CDA000.00000004.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 0000000C.00000002.3061264071.00007FF751CDB000.00000008.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 0000000C.00000002.3061350002.00007FF751CF0000.00000004.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 0000000C.00000002.3061425831.00007FF751CF2000.00000008.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 0000000C.00000002.3061583034.00007FF751CF6000.00000004.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 0000000C.00000002.3061583034.00007FF751D00000.00000004.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 0000000C.00000002.3061749541.00007FF751D03000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_12_2_7ff751a40000_PcAppStore.jbxd
                                                                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                                                                  • API ID: Concurrency::details::EmptyQueue::StructuredWorkshared_ptr$Char_traitsConcurrency::details::_CriticalDecorator::getHandleLock::_ReentrantScoped_lockScoped_lock::~_TableTypetype_info::_name_internal_method
                                                                                                                                                                                                                                                                                                                  • String ID: .\nwjs\NW_store.exe$.\ui\.$UI StartedMain process ID:%d$creation_error=%ws$directory_switching_error$product$ui_creation_failed$ui_termination_error
                                                                                                                                                                                                                                                                                                                  • API String ID: 1646997740-2964731665
                                                                                                                                                                                                                                                                                                                  • Opcode ID: 30bc6161198870f95657aee4dec0876918b3cfb726367de54f96cdf4195dcfe3
                                                                                                                                                                                                                                                                                                                  • Instruction ID: 9bb75050b9eeb01ce79b6c577a346598df6fe1efa25ce915d82131564cc2d5e4
                                                                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 30bc6161198870f95657aee4dec0876918b3cfb726367de54f96cdf4195dcfe3
                                                                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 1042E572A0DAC191DBB2EB50E4907EAB364FBC5741F840132D68D82BAEEF6CD545CB50
                                                                                                                                                                                                                                                                                                                  Function 00007FF751AAA0F0 Relevance: 9.1, APIs: 6, Instructions: 92keyboardthreadCOMMON
                                                                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                                                                  • Source File: 0000000C.00000002.3060241232.00007FF751A41000.00000020.00000001.01000000.00000014.sdmp, Offset: 00007FF751A40000, based on PE: true
                                                                                                                                                                                                                                                                                                                  • Associated: 0000000C.00000002.3060132073.00007FF751A40000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 0000000C.00000002.3060819819.00007FF751C94000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 0000000C.00000002.3061160990.00007FF751CDA000.00000004.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 0000000C.00000002.3061264071.00007FF751CDB000.00000008.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 0000000C.00000002.3061350002.00007FF751CF0000.00000004.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 0000000C.00000002.3061425831.00007FF751CF2000.00000008.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 0000000C.00000002.3061583034.00007FF751CF6000.00000004.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 0000000C.00000002.3061583034.00007FF751D00000.00000004.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 0000000C.00000002.3061749541.00007FF751D03000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_12_2_7ff751a40000_PcAppStore.jbxd
                                                                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                                                                  • API ID: Window$AsyncCursorFromMetricsMultipleObjectsPhysicalPointProcessStateSystemThreadWait
                                                                                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                                                                                  • API String ID: 289137893-0
                                                                                                                                                                                                                                                                                                                  • Opcode ID: 90e3551e6fdd43765942f280ef10e4a2a6a800e660f53d889575bd5eba786987
                                                                                                                                                                                                                                                                                                                  • Instruction ID: bac161ea3ab968f6545c750769aa97a8c0c2ffe7404d02cab6f54782966fee79
                                                                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 90e3551e6fdd43765942f280ef10e4a2a6a800e660f53d889575bd5eba786987
                                                                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 0D418F7250D68186E760AF61E44076AF7A0FB85785F840136E68D83AADDFBDE908CF50
                                                                                                                                                                                                                                                                                                                  Function 00007FF751C531B8 Relevance: 9.1, APIs: 6, Instructions: 83COMMONLIBRARYCODE
                                                                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                                                                  • Source File: 0000000C.00000002.3060241232.00007FF751A41000.00000020.00000001.01000000.00000014.sdmp, Offset: 00007FF751A40000, based on PE: true
                                                                                                                                                                                                                                                                                                                  • Associated: 0000000C.00000002.3060132073.00007FF751A40000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 0000000C.00000002.3060819819.00007FF751C94000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 0000000C.00000002.3061160990.00007FF751CDA000.00000004.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 0000000C.00000002.3061264071.00007FF751CDB000.00000008.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 0000000C.00000002.3061350002.00007FF751CF0000.00000004.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 0000000C.00000002.3061425831.00007FF751CF2000.00000008.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 0000000C.00000002.3061583034.00007FF751CF6000.00000004.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 0000000C.00000002.3061583034.00007FF751D00000.00000004.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 0000000C.00000002.3061749541.00007FF751D03000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_12_2_7ff751a40000_PcAppStore.jbxd
                                                                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                                                                  • API ID: ExceptionFilterUnhandled$CaptureContextDebuggerEntryFunctionLookupPresentUnwindVirtual
                                                                                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                                                                                  • API String ID: 1239891234-0
                                                                                                                                                                                                                                                                                                                  • Opcode ID: 837e5f49032e5951ea110759844515bb01f4e566b4e6d92a955baa8b12d14088
                                                                                                                                                                                                                                                                                                                  • Instruction ID: acbc297914764e9ca1a980dccd500b841c7af6830e321e12c78eb67107fb8ea5
                                                                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 837e5f49032e5951ea110759844515bb01f4e566b4e6d92a955baa8b12d14088
                                                                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 4131C672608F8186D760DF64E8402BEB3A0FB84799FA40135EA8D43B59EF7DD545CB10
                                                                                                                                                                                                                                                                                                                  Function 00007FF751C2A700 Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 42COMMONLIBRARYCODE
                                                                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                                                                                  • ERROR : Unable to initialize critical section in CAtlBaseModule, xrefs: 00007FF751C2A783
                                                                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                                                                  • Source File: 0000000C.00000002.3060241232.00007FF751A41000.00000020.00000001.01000000.00000014.sdmp, Offset: 00007FF751A40000, based on PE: true
                                                                                                                                                                                                                                                                                                                  • Associated: 0000000C.00000002.3060132073.00007FF751A40000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 0000000C.00000002.3060819819.00007FF751C94000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 0000000C.00000002.3061160990.00007FF751CDA000.00000004.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 0000000C.00000002.3061264071.00007FF751CDB000.00000008.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 0000000C.00000002.3061350002.00007FF751CF0000.00000004.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 0000000C.00000002.3061425831.00007FF751CF2000.00000008.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 0000000C.00000002.3061583034.00007FF751CF6000.00000004.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 0000000C.00000002.3061583034.00007FF751D00000.00000004.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 0000000C.00000002.3061749541.00007FF751D03000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_12_2_7ff751a40000_PcAppStore.jbxd
                                                                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                                                                  • API ID: CriticalInitializeSection$DebugDebuggerErrorLastOutputPresentString__vcrt_
                                                                                                                                                                                                                                                                                                                  • String ID: ERROR : Unable to initialize critical section in CAtlBaseModule
                                                                                                                                                                                                                                                                                                                  • API String ID: 3055932891-631824599
                                                                                                                                                                                                                                                                                                                  • Opcode ID: 678aa78a45da7123f2dcdc824f29a4d9faabecb369de89995129efab38f764fd
                                                                                                                                                                                                                                                                                                                  • Instruction ID: 752144533731f6a59ba649946e407410e9394607c796f6d84448568386a08121
                                                                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 678aa78a45da7123f2dcdc824f29a4d9faabecb369de89995129efab38f764fd
                                                                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: F711C1B2A14B4297E745EB22DA443BD73A4FF44746F984035C64D42A58EFBEE4B4C720
                                                                                                                                                                                                                                                                                                                  Function 00007FF751AEB270 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 94COMMON
                                                                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                                                                    • Part of subcall function 00007FF751ADC690: GetUserDefaultUILanguage.KERNEL32 ref: 00007FF751ADC6BE
                                                                                                                                                                                                                                                                                                                    • Part of subcall function 00007FF751ADC690: LCIDToLocaleName.KERNEL32 ref: 00007FF751ADC6DD
                                                                                                                                                                                                                                                                                                                    • Part of subcall function 00007FF751A620A0: _WChar_traits.LIBCPMTD ref: 00007FF751A620CD
                                                                                                                                                                                                                                                                                                                    • Part of subcall function 00007FF751ABCF20: type_info::_name_internal_method.LIBCMTD ref: 00007FF751ABCFB0
                                                                                                                                                                                                                                                                                                                    • Part of subcall function 00007FF751ABCF20: Concurrency::details::WorkQueue::IsStructuredEmpty.LIBCMTD ref: 00007FF751ABCFDD
                                                                                                                                                                                                                                                                                                                    • Part of subcall function 00007FF751ABCF20: shared_ptr.LIBCMTD ref: 00007FF751ABD013
                                                                                                                                                                                                                                                                                                                    • Part of subcall function 00007FF751ABCF20: Concurrency::details::WorkQueue::IsStructuredEmpty.LIBCMTD ref: 00007FF751ABD0AE
                                                                                                                                                                                                                                                                                                                    • Part of subcall function 00007FF751ABC510: shared_ptr.LIBCMTD ref: 00007FF751ABC585
                                                                                                                                                                                                                                                                                                                    • Part of subcall function 00007FF751ABC510: shared_ptr.LIBCMTD ref: 00007FF751ABC60E
                                                                                                                                                                                                                                                                                                                  • GetLocaleInfoEx.KERNEL32 ref: 00007FF751AEB334
                                                                                                                                                                                                                                                                                                                  • Concurrency::details::WorkQueue::IsStructuredEmpty.LIBCMTD ref: 00007FF751AEB381
                                                                                                                                                                                                                                                                                                                  • GetLocaleInfoEx.KERNEL32 ref: 00007FF751AEB3B4
                                                                                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                                                                  • Source File: 0000000C.00000002.3060241232.00007FF751A41000.00000020.00000001.01000000.00000014.sdmp, Offset: 00007FF751A40000, based on PE: true
                                                                                                                                                                                                                                                                                                                  • Associated: 0000000C.00000002.3060132073.00007FF751A40000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 0000000C.00000002.3060819819.00007FF751C94000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 0000000C.00000002.3061160990.00007FF751CDA000.00000004.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 0000000C.00000002.3061264071.00007FF751CDB000.00000008.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 0000000C.00000002.3061350002.00007FF751CF0000.00000004.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 0000000C.00000002.3061425831.00007FF751CF2000.00000008.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 0000000C.00000002.3061583034.00007FF751CF6000.00000004.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 0000000C.00000002.3061583034.00007FF751D00000.00000004.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 0000000C.00000002.3061749541.00007FF751D03000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_12_2_7ff751a40000_PcAppStore.jbxd
                                                                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                                                                  • API ID: Concurrency::details::EmptyLocaleQueue::StructuredWorkshared_ptr$Info$Char_traitsDefaultLanguageNameUsertype_info::_name_internal_method
                                                                                                                                                                                                                                                                                                                  • String ID: unknown
                                                                                                                                                                                                                                                                                                                  • API String ID: 378872536-2904991687
                                                                                                                                                                                                                                                                                                                  • Opcode ID: 1a0665b5d898e2aaaa22b67eb9d99290c3cdf054fa2b0a8bfa8ff136547cc237
                                                                                                                                                                                                                                                                                                                  • Instruction ID: 1eee26b78d0140cd2799c6262db7e831bfc61931a8f324b0f226cd685daa1b07
                                                                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 1a0665b5d898e2aaaa22b67eb9d99290c3cdf054fa2b0a8bfa8ff136547cc237
                                                                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: C8414D3261CA8182D761EB60E491BAFF7A0FBC5781F845132E68D43B6EDE6CD508CB50
                                                                                                                                                                                                                                                                                                                  Function 00007FF751C4DB14 Relevance: 6.0, APIs: 4, Instructions: 39timethreadCOMMON
                                                                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                                                                  • Source File: 0000000C.00000002.3060241232.00007FF751A41000.00000020.00000001.01000000.00000014.sdmp, Offset: 00007FF751A40000, based on PE: true
                                                                                                                                                                                                                                                                                                                  • Associated: 0000000C.00000002.3060132073.00007FF751A40000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 0000000C.00000002.3060819819.00007FF751C94000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 0000000C.00000002.3061160990.00007FF751CDA000.00000004.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 0000000C.00000002.3061264071.00007FF751CDB000.00000008.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 0000000C.00000002.3061350002.00007FF751CF0000.00000004.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 0000000C.00000002.3061425831.00007FF751CF2000.00000008.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 0000000C.00000002.3061583034.00007FF751CF6000.00000004.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 0000000C.00000002.3061583034.00007FF751D00000.00000004.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 0000000C.00000002.3061749541.00007FF751D03000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_12_2_7ff751a40000_PcAppStore.jbxd
                                                                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                                                                  • API ID: CurrentTime$CounterFilePerformanceProcessQuerySystemThread
                                                                                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                                                                                  • API String ID: 2933794660-0
                                                                                                                                                                                                                                                                                                                  • Opcode ID: b1413f96d661d82bed3ea6c441f910976aba7540b1f36d73952f0ab48b072fcf
                                                                                                                                                                                                                                                                                                                  • Instruction ID: 7a9791b5f04b1876984876585d74a130d0fa0edcc94cba603dc699f9f20f0b27
                                                                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: b1413f96d661d82bed3ea6c441f910976aba7540b1f36d73952f0ab48b072fcf
                                                                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 12117366B14F018AEB00DF60E8542B873A4F719B5AF880E31EE2D42B98DFB9E5548350
                                                                                                                                                                                                                                                                                                                  Function 00007FF751C2B92C Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 41windowCOMMON
                                                                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                                                                  • Source File: 0000000C.00000002.3060241232.00007FF751A41000.00000020.00000001.01000000.00000014.sdmp, Offset: 00007FF751A40000, based on PE: true
                                                                                                                                                                                                                                                                                                                  • Associated: 0000000C.00000002.3060132073.00007FF751A40000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 0000000C.00000002.3060819819.00007FF751C94000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 0000000C.00000002.3061160990.00007FF751CDA000.00000004.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 0000000C.00000002.3061264071.00007FF751CDB000.00000008.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 0000000C.00000002.3061350002.00007FF751CF0000.00000004.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 0000000C.00000002.3061425831.00007FF751CF2000.00000008.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 0000000C.00000002.3061583034.00007FF751CF6000.00000004.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 0000000C.00000002.3061583034.00007FF751D00000.00000004.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 0000000C.00000002.3061749541.00007FF751D03000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_12_2_7ff751a40000_PcAppStore.jbxd
                                                                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                                                                  • API ID: FormatInfoLocaleMessage
                                                                                                                                                                                                                                                                                                                  • String ID: !x-sys-default-locale
                                                                                                                                                                                                                                                                                                                  • API String ID: 4235545615-2729719199
                                                                                                                                                                                                                                                                                                                  • Opcode ID: a36232e41266dceb5b0b5568f3a4c759eebd48792b9ad22a0fd1be39f35c00ff
                                                                                                                                                                                                                                                                                                                  • Instruction ID: 1f5976b7255747b1ed950703ca112c6fc6e7ebf992fc0c2840d566a08a27aff0
                                                                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: a36232e41266dceb5b0b5568f3a4c759eebd48792b9ad22a0fd1be39f35c00ff
                                                                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 3E0104B2B08B8282E711AB12B44077AA7A1F785785FAC8031DA8902B9CCF7ED5008710
                                                                                                                                                                                                                                                                                                                  Function 00007FF751AF7D70 Relevance: 3.0, APIs: 2, Instructions: 14keyboardCOMMON
                                                                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                                                                  • Source File: 0000000C.00000002.3060241232.00007FF751A41000.00000020.00000001.01000000.00000014.sdmp, Offset: 00007FF751A40000, based on PE: true
                                                                                                                                                                                                                                                                                                                  • Associated: 0000000C.00000002.3060132073.00007FF751A40000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 0000000C.00000002.3060819819.00007FF751C94000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 0000000C.00000002.3061160990.00007FF751CDA000.00000004.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 0000000C.00000002.3061264071.00007FF751CDB000.00000008.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 0000000C.00000002.3061350002.00007FF751CF0000.00000004.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 0000000C.00000002.3061425831.00007FF751CF2000.00000008.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 0000000C.00000002.3061583034.00007FF751CF6000.00000004.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 0000000C.00000002.3061583034.00007FF751D00000.00000004.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 0000000C.00000002.3061749541.00007FF751D03000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_12_2_7ff751a40000_PcAppStore.jbxd
                                                                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                                                                  • API ID: keybd_event
                                                                                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                                                                                  • API String ID: 2665452162-0
                                                                                                                                                                                                                                                                                                                  • Opcode ID: 6b4310fd13f835e717ff32019fa5cbfea9bd5370c6973a7efb14a49844f97541
                                                                                                                                                                                                                                                                                                                  • Instruction ID: a2b32736dc873f8111607c28cff729f4f81e0ff7e20cef1d58f4e29885eb337d
                                                                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 6b4310fd13f835e717ff32019fa5cbfea9bd5370c6973a7efb14a49844f97541
                                                                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: EBD0C9A0B200A742E7E03B62795AF950FA12B9ABCEFA27060C9040FB44CD5B21494768
                                                                                                                                                                                                                                                                                                                  Function 00007FF751A77130 Relevance: 1.3, APIs: 1, Instructions: 45memoryCOMMONLIBRARYCODE
                                                                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                                                                    • Part of subcall function 00007FF751C4D554: AcquireSRWLockExclusive.KERNEL32(?,?,?,00007FF751A771CD,?,?,?,?,00007FF751A770B9,?,?,?,?,00007FF751A5F543), ref: 00007FF751C4D564
                                                                                                                                                                                                                                                                                                                  • GetProcessHeap.KERNEL32(?,?,?,?,00007FF751A770B9,?,?,?,?,00007FF751A5F543), ref: 00007FF751A7716E
                                                                                                                                                                                                                                                                                                                    • Part of subcall function 00007FF751C4D4E8: AcquireSRWLockExclusive.KERNEL32(?,?,?,00007FF751A77201,?,?,?,?,00007FF751A770B9,?,?,?,?,00007FF751A5F543), ref: 00007FF751C4D4F8
                                                                                                                                                                                                                                                                                                                    • Part of subcall function 00007FF751C4D4E8: ReleaseSRWLockExclusive.KERNEL32(?,?,?,00007FF751A77201,?,?,?,?,00007FF751A770B9,?,?,?,?,00007FF751A5F543), ref: 00007FF751C4D538
                                                                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                                                                  • Source File: 0000000C.00000002.3060241232.00007FF751A41000.00000020.00000001.01000000.00000014.sdmp, Offset: 00007FF751A40000, based on PE: true
                                                                                                                                                                                                                                                                                                                  • Associated: 0000000C.00000002.3060132073.00007FF751A40000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 0000000C.00000002.3060819819.00007FF751C94000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 0000000C.00000002.3061160990.00007FF751CDA000.00000004.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 0000000C.00000002.3061264071.00007FF751CDB000.00000008.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 0000000C.00000002.3061350002.00007FF751CF0000.00000004.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 0000000C.00000002.3061425831.00007FF751CF2000.00000008.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 0000000C.00000002.3061583034.00007FF751CF6000.00000004.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 0000000C.00000002.3061583034.00007FF751D00000.00000004.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 0000000C.00000002.3061749541.00007FF751D03000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_12_2_7ff751a40000_PcAppStore.jbxd
                                                                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                                                                  • API ID: ExclusiveLock$Acquire$HeapProcessRelease
                                                                                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                                                                                  • API String ID: 3865638231-0
                                                                                                                                                                                                                                                                                                                  • Opcode ID: adbf40907dcc6d4703d04292c7a3a83ac3d841495ff5493fadcc3300774617e6
                                                                                                                                                                                                                                                                                                                  • Instruction ID: d07f31904cc4d4d9f923720c7ef65942afb84889ad67e1c59d33cb338a8a6a39
                                                                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: adbf40907dcc6d4703d04292c7a3a83ac3d841495ff5493fadcc3300774617e6
                                                                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: A82110A4E19A4381EB01FB54E8A16B8A361BF50753FE80132D41D822EDDFEDF945C764
                                                                                                                                                                                                                                                                                                                  Function 00007FF751C21A00 Relevance: 42.4, APIs: 1, Strings: 23, Instructions: 439COMMON
                                                                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                                                                    • Part of subcall function 00007FF751A620A0: _WChar_traits.LIBCPMTD ref: 00007FF751A620CD
                                                                                                                                                                                                                                                                                                                    • Part of subcall function 00007FF751ABCF20: type_info::_name_internal_method.LIBCMTD ref: 00007FF751ABCFB0
                                                                                                                                                                                                                                                                                                                    • Part of subcall function 00007FF751ABCF20: Concurrency::details::WorkQueue::IsStructuredEmpty.LIBCMTD ref: 00007FF751ABCFDD
                                                                                                                                                                                                                                                                                                                    • Part of subcall function 00007FF751ABCF20: shared_ptr.LIBCMTD ref: 00007FF751ABD013
                                                                                                                                                                                                                                                                                                                    • Part of subcall function 00007FF751ABCF20: Concurrency::details::WorkQueue::IsStructuredEmpty.LIBCMTD ref: 00007FF751ABD0AE
                                                                                                                                                                                                                                                                                                                  • std::_Fac_node::_Fac_node.LIBCPMTD ref: 00007FF751C221E9
                                                                                                                                                                                                                                                                                                                    • Part of subcall function 00007FF751A63300: Concurrency::details::WorkQueue::IsStructuredEmpty.LIBCMTD ref: 00007FF751A63397
                                                                                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                                                                  • Source File: 0000000C.00000002.3060241232.00007FF751A41000.00000020.00000001.01000000.00000014.sdmp, Offset: 00007FF751A40000, based on PE: true
                                                                                                                                                                                                                                                                                                                  • Associated: 0000000C.00000002.3060132073.00007FF751A40000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 0000000C.00000002.3060819819.00007FF751C94000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 0000000C.00000002.3061160990.00007FF751CDA000.00000004.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 0000000C.00000002.3061264071.00007FF751CDB000.00000008.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 0000000C.00000002.3061350002.00007FF751CF0000.00000004.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 0000000C.00000002.3061425831.00007FF751CF2000.00000008.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 0000000C.00000002.3061583034.00007FF751CF6000.00000004.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 0000000C.00000002.3061583034.00007FF751D00000.00000004.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 0000000C.00000002.3061749541.00007FF751D03000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_12_2_7ff751a40000_PcAppStore.jbxd
                                                                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                                                                  • API ID: Concurrency::details::EmptyQueue::StructuredWork$Char_traitsFac_nodeFac_node::_shared_ptrstd::_type_info::_name_internal_method
                                                                                                                                                                                                                                                                                                                  • String ID: Caption$Description$HelpLink$HelpTelephone$IdentifyingNumber$InstallDate$InstallLocation$InstallSource$Language$LocalPackage$Name$PackageCache$PackageCode$PackageName$ProductID$RegCompany$RegOwner$SKUNumber$Transforms$URLInfoAbout$URLUpdateInfo$Vendor$Version
                                                                                                                                                                                                                                                                                                                  • API String ID: 2107158585-605506046
                                                                                                                                                                                                                                                                                                                  • Opcode ID: e056a6b112d847ee0b177e488be79309f53793e5ead1baa78f4ea65d2a9edaaa
                                                                                                                                                                                                                                                                                                                  • Instruction ID: 4cd92de739530314ca5ff85c0c5537e26ab28004414a224fc867c0407503a9de
                                                                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: e056a6b112d847ee0b177e488be79309f53793e5ead1baa78f4ea65d2a9edaaa
                                                                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 7C321C7260DAC2A1DB71EB50E4907EAB365FBC4341FC55432D68D83A6EEE6CD948CB10
                                                                                                                                                                                                                                                                                                                  Function 00007FF751B119E0 Relevance: 37.1, APIs: 15, Strings: 6, Instructions: 313windowCOMMON
                                                                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                                                                  • Source File: 0000000C.00000002.3060241232.00007FF751A41000.00000020.00000001.01000000.00000014.sdmp, Offset: 00007FF751A40000, based on PE: true
                                                                                                                                                                                                                                                                                                                  • Associated: 0000000C.00000002.3060132073.00007FF751A40000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 0000000C.00000002.3060819819.00007FF751C94000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 0000000C.00000002.3061160990.00007FF751CDA000.00000004.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 0000000C.00000002.3061264071.00007FF751CDB000.00000008.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 0000000C.00000002.3061350002.00007FF751CF0000.00000004.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 0000000C.00000002.3061425831.00007FF751CF2000.00000008.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 0000000C.00000002.3061583034.00007FF751CF6000.00000004.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 0000000C.00000002.3061583034.00007FF751D00000.00000004.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 0000000C.00000002.3061749541.00007FF751D03000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_12_2_7ff751a40000_PcAppStore.jbxd
                                                                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                                                                  • API ID: Window$Concurrency::details::EmptyQueue::StructuredWorkshared_ptr$MetricsSystem$AssocChar_traitsCreateDecorator::getErrorExecuteFocusForegroundLastRectShellTableTypestd::ios_base::goodtype_info::_name_internal_method
                                                                                                                                                                                                                                                                                                                  • String ID: $&eCode=%lu&br=default$C$open$product$showInCurrentBrowser_error
                                                                                                                                                                                                                                                                                                                  • API String ID: 1779610432-685431900
                                                                                                                                                                                                                                                                                                                  • Opcode ID: 37b7a3ccd77369bae251ac16fdb4ae0f86d9035b89a5d9af7c8bd4cae9637e19
                                                                                                                                                                                                                                                                                                                  • Instruction ID: 9d1f0106959b914226e28860c693d40bc800dc048c98041ae5f8667a5cc834c0
                                                                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 37b7a3ccd77369bae251ac16fdb4ae0f86d9035b89a5d9af7c8bd4cae9637e19
                                                                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: A2022672609AC196D771EB64E4907EAF361FBC5341F805132D68D82AADEFBCD588CB10
                                                                                                                                                                                                                                                                                                                  Function 00007FF751ABF6F0 Relevance: 30.1, APIs: 15, Strings: 2, Instructions: 313timeCOMMON
                                                                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                                                                  • Source File: 0000000C.00000002.3060241232.00007FF751A41000.00000020.00000001.01000000.00000014.sdmp, Offset: 00007FF751A40000, based on PE: true
                                                                                                                                                                                                                                                                                                                  • Associated: 0000000C.00000002.3060132073.00007FF751A40000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 0000000C.00000002.3060819819.00007FF751C94000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 0000000C.00000002.3061160990.00007FF751CDA000.00000004.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 0000000C.00000002.3061264071.00007FF751CDB000.00000008.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 0000000C.00000002.3061350002.00007FF751CF0000.00000004.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 0000000C.00000002.3061425831.00007FF751CF2000.00000008.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 0000000C.00000002.3061583034.00007FF751CF6000.00000004.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 0000000C.00000002.3061583034.00007FF751D00000.00000004.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 0000000C.00000002.3061749541.00007FF751D03000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_12_2_7ff751a40000_PcAppStore.jbxd
                                                                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                                                                  • API ID: Http$CloseHandle$shared_ptr$Concurrency::details::EmptyOpenQueue::RequestStructuredWorkstd::ios_base::good$Char_traitsConnectCount64ReceiveResponseSendTickTimeoutstype_info::_name_internal_method
                                                                                                                                                                                                                                                                                                                  • String ID: GET$WinHTTP 1.0
                                                                                                                                                                                                                                                                                                                  • API String ID: 967572324-1397384856
                                                                                                                                                                                                                                                                                                                  • Opcode ID: 868fb529f4b9e42a5eb7f4151dd2c4ba4f67db625f6d5eaa8a3648255dd7e45e
                                                                                                                                                                                                                                                                                                                  • Instruction ID: e35c485e734696edfb68227fd03d13bf139d46db23e415fabbec72427e7b6e37
                                                                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 868fb529f4b9e42a5eb7f4151dd2c4ba4f67db625f6d5eaa8a3648255dd7e45e
                                                                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 7702BC3260DBC585EBB19B55F8847AAB3A4FB88781F540126DACD83B68DF7CD494CB10
                                                                                                                                                                                                                                                                                                                  Function 00007FF751B05A40 Relevance: 28.4, APIs: 9, Strings: 7, Instructions: 388COMMON
                                                                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                                                                    • Part of subcall function 00007FF751A61730: char_traits.LIBCPMTD ref: 00007FF751A6175D
                                                                                                                                                                                                                                                                                                                    • Part of subcall function 00007FF751ABD120: type_info::_name_internal_method.LIBCMTD ref: 00007FF751ABD1D1
                                                                                                                                                                                                                                                                                                                    • Part of subcall function 00007FF751ABD120: Concurrency::details::WorkQueue::IsStructuredEmpty.LIBCMTD ref: 00007FF751ABD20C
                                                                                                                                                                                                                                                                                                                    • Part of subcall function 00007FF751ABD120: shared_ptr.LIBCMTD ref: 00007FF751ABD248
                                                                                                                                                                                                                                                                                                                    • Part of subcall function 00007FF751A61640: Concurrency::details::WorkQueue::IsStructuredEmpty.LIBCMTD ref: 00007FF751A6165D
                                                                                                                                                                                                                                                                                                                    • Part of subcall function 00007FF751ABCC00: shared_ptr.LIBCMTD ref: 00007FF751ABCC33
                                                                                                                                                                                                                                                                                                                    • Part of subcall function 00007FF751ABCC00: shared_ptr.LIBCMTD ref: 00007FF751ABCCBC
                                                                                                                                                                                                                                                                                                                  • Concurrency::details::WorkQueue::IsStructuredEmpty.LIBCMTD ref: 00007FF751B05C2E
                                                                                                                                                                                                                                                                                                                    • Part of subcall function 00007FF751B028E0: Concurrency::details::WorkQueue::IsStructuredEmpty.LIBCMTD ref: 00007FF751B02902
                                                                                                                                                                                                                                                                                                                  • Concurrency::details::WorkQueue::IsStructuredEmpty.LIBCMTD ref: 00007FF751B05D87
                                                                                                                                                                                                                                                                                                                  • Concurrency::details::WorkQueue::IsStructuredEmpty.LIBCMTD ref: 00007FF751B05E14
                                                                                                                                                                                                                                                                                                                  • Concurrency::details::WorkQueue::IsStructuredEmpty.LIBCMTD ref: 00007FF751B05E2A
                                                                                                                                                                                                                                                                                                                  • Concurrency::details::WorkQueue::IsStructuredEmpty.LIBCMTD ref: 00007FF751B05E6C
                                                                                                                                                                                                                                                                                                                    • Part of subcall function 00007FF751B05070: Concurrency::details::VirtualProcessorRoot::GetSchedulerProxy.LIBCMTD ref: 00007FF751B050DA
                                                                                                                                                                                                                                                                                                                  • Concurrency::details::WorkQueue::IsStructuredEmpty.LIBCMTD ref: 00007FF751B05EB0
                                                                                                                                                                                                                                                                                                                  • Concurrency::details::WorkQueue::IsStructuredEmpty.LIBCMTD ref: 00007FF751B05FF9
                                                                                                                                                                                                                                                                                                                    • Part of subcall function 00007FF751A63300: Concurrency::details::WorkQueue::IsStructuredEmpty.LIBCMTD ref: 00007FF751A63397
                                                                                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                                                                  • Source File: 0000000C.00000002.3060241232.00007FF751A41000.00000020.00000001.01000000.00000014.sdmp, Offset: 00007FF751A40000, based on PE: true
                                                                                                                                                                                                                                                                                                                  • Associated: 0000000C.00000002.3060132073.00007FF751A40000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 0000000C.00000002.3060819819.00007FF751C94000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 0000000C.00000002.3061160990.00007FF751CDA000.00000004.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 0000000C.00000002.3061264071.00007FF751CDB000.00000008.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 0000000C.00000002.3061350002.00007FF751CF0000.00000004.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 0000000C.00000002.3061425831.00007FF751CF2000.00000008.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 0000000C.00000002.3061583034.00007FF751CF6000.00000004.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 0000000C.00000002.3061583034.00007FF751D00000.00000004.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 0000000C.00000002.3061749541.00007FF751D03000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_12_2_7ff751a40000_PcAppStore.jbxd
                                                                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                                                                  • API ID: Concurrency::details::$EmptyQueue::StructuredWork$shared_ptr$ProcessorProxyRoot::SchedulerVirtualchar_traitstype_info::_name_internal_method
                                                                                                                                                                                                                                                                                                                  • String ID: SELECT url, title, visit_count, last_visit_time FROM urls$SELECT url, title, visit_count, last_visit_time/ 1000000 - 11644473600 AS last_visit_time FROM urls WHERE last_visit_time/ 1000000 - 11644473600 > %d ORDER BY last_visit_time DESC$\HRDR_History.sqlite$\Microsoft\Edge\User Data\Default\History$d$localappdata$temp
                                                                                                                                                                                                                                                                                                                  • API String ID: 2671280029-3709265721
                                                                                                                                                                                                                                                                                                                  • Opcode ID: 708783b734785d030ee4b6f6c7700943746b2d96465ee05de4aa3a86b578ff79
                                                                                                                                                                                                                                                                                                                  • Instruction ID: 6f7ffd281fbb4c3a9651a754c0de57d4643011c59a51fc0d10deaa3a439becfc
                                                                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 708783b734785d030ee4b6f6c7700943746b2d96465ee05de4aa3a86b578ff79
                                                                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: B422E672A1DAC191DB72EB50E4916EFA364FBC4341F841132D68D82BAEDF6CD544CB50
                                                                                                                                                                                                                                                                                                                  Function 00007FF751AFFAD0 Relevance: 28.3, APIs: 7, Strings: 9, Instructions: 321sleepfilenetworkCOMMON
                                                                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                                                                  • Source File: 0000000C.00000002.3060241232.00007FF751A41000.00000020.00000001.01000000.00000014.sdmp, Offset: 00007FF751A40000, based on PE: true
                                                                                                                                                                                                                                                                                                                  • Associated: 0000000C.00000002.3060132073.00007FF751A40000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 0000000C.00000002.3060819819.00007FF751C94000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 0000000C.00000002.3061160990.00007FF751CDA000.00000004.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 0000000C.00000002.3061264071.00007FF751CDB000.00000008.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 0000000C.00000002.3061350002.00007FF751CF0000.00000004.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 0000000C.00000002.3061425831.00007FF751CF2000.00000008.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 0000000C.00000002.3061583034.00007FF751CF6000.00000004.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 0000000C.00000002.3061583034.00007FF751D00000.00000004.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 0000000C.00000002.3061749541.00007FF751D03000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_12_2_7ff751a40000_PcAppStore.jbxd
                                                                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                                                                  • API ID: Concurrency::details::EmptyQueue::StructuredWork$Sleepshared_ptr$FileTick$Char_traitsCountCount64DeleteDownloadtype_info::_name_internal_method
                                                                                                                                                                                                                                                                                                                  • String ID: %s%s%s%s%s%s%s%s&%s%s%I64u$%ws\%ws$&evt_action=$&evt_src=fa_$&nocache=$&version=$71434D56-1548-ED3D-AEE6-C75AECD93BF0$https://pcapp.store/pixel.gif?guid=$temp_event
                                                                                                                                                                                                                                                                                                                  • API String ID: 2670538149-1165228633
                                                                                                                                                                                                                                                                                                                  • Opcode ID: 08662405f1db59fc2d1a86391c523a346a3333d93fd00fec36754c21dc495181
                                                                                                                                                                                                                                                                                                                  • Instruction ID: 4ac2590e4624893086c6d7f84787788bab50e11da7d61a9facd4071804c0c2f1
                                                                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 08662405f1db59fc2d1a86391c523a346a3333d93fd00fec36754c21dc495181
                                                                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: C402C232A0DAC195DBB1AB51E4907EAB3A4FBC4381F840132D68D82B6EEF6DD554CB50
                                                                                                                                                                                                                                                                                                                  Function 00007FF751AAD330 Relevance: 26.7, APIs: 6, Strings: 9, Instructions: 432COMMON
                                                                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                                                                    • Part of subcall function 00007FF751A620A0: _WChar_traits.LIBCPMTD ref: 00007FF751A620CD
                                                                                                                                                                                                                                                                                                                    • Part of subcall function 00007FF751ABCF20: type_info::_name_internal_method.LIBCMTD ref: 00007FF751ABCFB0
                                                                                                                                                                                                                                                                                                                    • Part of subcall function 00007FF751ABCF20: Concurrency::details::WorkQueue::IsStructuredEmpty.LIBCMTD ref: 00007FF751ABCFDD
                                                                                                                                                                                                                                                                                                                    • Part of subcall function 00007FF751ABCF20: shared_ptr.LIBCMTD ref: 00007FF751ABD013
                                                                                                                                                                                                                                                                                                                    • Part of subcall function 00007FF751ABCF20: Concurrency::details::WorkQueue::IsStructuredEmpty.LIBCMTD ref: 00007FF751ABD0AE
                                                                                                                                                                                                                                                                                                                    • Part of subcall function 00007FF751ABC510: shared_ptr.LIBCMTD ref: 00007FF751ABC585
                                                                                                                                                                                                                                                                                                                    • Part of subcall function 00007FF751ABC510: shared_ptr.LIBCMTD ref: 00007FF751ABC60E
                                                                                                                                                                                                                                                                                                                  • CreateEventW.KERNEL32 ref: 00007FF751AAD3F4
                                                                                                                                                                                                                                                                                                                    • Part of subcall function 00007FF751A645F0: OpenEventW.KERNEL32 ref: 00007FF751A646E9
                                                                                                                                                                                                                                                                                                                  • Concurrency::details::_Scheduler::_Scheduler.LIBCMTD ref: 00007FF751AAD6AF
                                                                                                                                                                                                                                                                                                                    • Part of subcall function 00007FF751A4CFB0: CreateEventW.KERNEL32 ref: 00007FF751A4CFD8
                                                                                                                                                                                                                                                                                                                  • Concurrency::details::_Scheduler::_Scheduler.LIBCMTD ref: 00007FF751AAD833
                                                                                                                                                                                                                                                                                                                  • Concurrency::details::_Scheduler::_Scheduler.LIBCMTD ref: 00007FF751AAD9AC
                                                                                                                                                                                                                                                                                                                    • Part of subcall function 00007FF751ABC510: Concurrency::details::WorkQueue::IsStructuredEmpty.LIBCMTD ref: 00007FF751ABC810
                                                                                                                                                                                                                                                                                                                  • Concurrency::details::_Scheduler::_Scheduler.LIBCMTD ref: 00007FF751AADB25
                                                                                                                                                                                                                                                                                                                  • Concurrency::details::_Scheduler::_Scheduler.LIBCMTD ref: 00007FF751AADC9E
                                                                                                                                                                                                                                                                                                                    • Part of subcall function 00007FF751A78090: WaitForMultipleObjects.KERNEL32 ref: 00007FF751A780C7
                                                                                                                                                                                                                                                                                                                    • Part of subcall function 00007FF751A69180: CloseHandle.KERNEL32 ref: 00007FF751A691BC
                                                                                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                                                                  • Source File: 0000000C.00000002.3060241232.00007FF751A41000.00000020.00000001.01000000.00000014.sdmp, Offset: 00007FF751A40000, based on PE: true
                                                                                                                                                                                                                                                                                                                  • Associated: 0000000C.00000002.3060132073.00007FF751A40000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 0000000C.00000002.3060819819.00007FF751C94000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 0000000C.00000002.3061160990.00007FF751CDA000.00000004.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 0000000C.00000002.3061264071.00007FF751CDB000.00000008.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 0000000C.00000002.3061350002.00007FF751CF0000.00000004.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 0000000C.00000002.3061425831.00007FF751CF2000.00000008.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 0000000C.00000002.3061583034.00007FF751CF6000.00000004.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 0000000C.00000002.3061583034.00007FF751D00000.00000004.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 0000000C.00000002.3061749541.00007FF751D03000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_12_2_7ff751a40000_PcAppStore.jbxd
                                                                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                                                                  • API ID: Concurrency::details::_SchedulerScheduler::_$Concurrency::details::EmptyEventQueue::StructuredWorkshared_ptr$Create$Char_traitsCloseHandleMultipleObjectsOpenWaittype_info::_name_internal_method
                                                                                                                                                                                                                                                                                                                  • String ID: ClosingEvent$ColorPrevalence$ColorizationColor$EnableTransparency$Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced$Software\Microsoft\Windows\CurrentVersion\Themes\Personalize$Software\Microsoft\Windows\DWM$SystemUsesLightTheme$TaskbarAl
                                                                                                                                                                                                                                                                                                                  • API String ID: 1702329918-2470191940
                                                                                                                                                                                                                                                                                                                  • Opcode ID: 8ab7119308b7ecbe3c3fc3a40fb81dbfb9724bdf6dc26889c9e69e055737f2e0
                                                                                                                                                                                                                                                                                                                  • Instruction ID: 22dd5095ae0c05ca3d2c87b02097709393ca48a602df36359569d8144f86c742
                                                                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 8ab7119308b7ecbe3c3fc3a40fb81dbfb9724bdf6dc26889c9e69e055737f2e0
                                                                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 4042B076609BC595DAB1AB50E4907EBB3A4FBC8741F800122DACD83B6EEF68C554CB50
                                                                                                                                                                                                                                                                                                                  Function 00007FF751B06320 Relevance: 23.1, APIs: 8, Strings: 5, Instructions: 342COMMON
                                                                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                                                                    • Part of subcall function 00007FF751A61730: char_traits.LIBCPMTD ref: 00007FF751A6175D
                                                                                                                                                                                                                                                                                                                    • Part of subcall function 00007FF751ABD120: type_info::_name_internal_method.LIBCMTD ref: 00007FF751ABD1D1
                                                                                                                                                                                                                                                                                                                    • Part of subcall function 00007FF751ABD120: Concurrency::details::WorkQueue::IsStructuredEmpty.LIBCMTD ref: 00007FF751ABD20C
                                                                                                                                                                                                                                                                                                                    • Part of subcall function 00007FF751ABD120: shared_ptr.LIBCMTD ref: 00007FF751ABD248
                                                                                                                                                                                                                                                                                                                    • Part of subcall function 00007FF751A61640: Concurrency::details::WorkQueue::IsStructuredEmpty.LIBCMTD ref: 00007FF751A6165D
                                                                                                                                                                                                                                                                                                                    • Part of subcall function 00007FF751ABCC00: shared_ptr.LIBCMTD ref: 00007FF751ABCC33
                                                                                                                                                                                                                                                                                                                    • Part of subcall function 00007FF751ABCC00: shared_ptr.LIBCMTD ref: 00007FF751ABCCBC
                                                                                                                                                                                                                                                                                                                  • Concurrency::details::WorkQueue::IsStructuredEmpty.LIBCMTD ref: 00007FF751B0655C
                                                                                                                                                                                                                                                                                                                    • Part of subcall function 00007FF751B028E0: Concurrency::details::WorkQueue::IsStructuredEmpty.LIBCMTD ref: 00007FF751B02902
                                                                                                                                                                                                                                                                                                                  • Concurrency::details::WorkQueue::IsStructuredEmpty.LIBCMTD ref: 00007FF751B06736
                                                                                                                                                                                                                                                                                                                  • Concurrency::details::WorkQueue::IsStructuredEmpty.LIBCMTD ref: 00007FF751B06937
                                                                                                                                                                                                                                                                                                                  • Concurrency::details::WorkQueue::IsStructuredEmpty.LIBCMTD ref: 00007FF751B069CB
                                                                                                                                                                                                                                                                                                                  • Concurrency::details::WorkQueue::IsStructuredEmpty.LIBCMTD ref: 00007FF751B069E1
                                                                                                                                                                                                                                                                                                                  • Concurrency::details::WorkQueue::IsStructuredEmpty.LIBCMTD ref: 00007FF751B06A23
                                                                                                                                                                                                                                                                                                                    • Part of subcall function 00007FF751B05070: Concurrency::details::VirtualProcessorRoot::GetSchedulerProxy.LIBCMTD ref: 00007FF751B050DA
                                                                                                                                                                                                                                                                                                                  • Concurrency::details::WorkQueue::IsStructuredEmpty.LIBCMTD ref: 00007FF751B06A5C
                                                                                                                                                                                                                                                                                                                  • Concurrency::details::WorkQueue::IsStructuredEmpty.LIBCMTD ref: 00007FF751B06A82
                                                                                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                                                                  • Source File: 0000000C.00000002.3060241232.00007FF751A41000.00000020.00000001.01000000.00000014.sdmp, Offset: 00007FF751A40000, based on PE: true
                                                                                                                                                                                                                                                                                                                  • Associated: 0000000C.00000002.3060132073.00007FF751A40000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 0000000C.00000002.3060819819.00007FF751C94000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 0000000C.00000002.3061160990.00007FF751CDA000.00000004.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 0000000C.00000002.3061264071.00007FF751CDB000.00000008.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 0000000C.00000002.3061350002.00007FF751CF0000.00000004.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 0000000C.00000002.3061425831.00007FF751CF2000.00000008.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 0000000C.00000002.3061583034.00007FF751CF6000.00000004.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 0000000C.00000002.3061583034.00007FF751D00000.00000004.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 0000000C.00000002.3061749541.00007FF751D03000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_12_2_7ff751a40000_PcAppStore.jbxd
                                                                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                                                                  • API ID: Concurrency::details::$EmptyQueue::StructuredWork$shared_ptr$ProcessorProxyRoot::SchedulerVirtualchar_traitstype_info::_name_internal_method
                                                                                                                                                                                                                                                                                                                  • String ID: \HRDR_places.sqlite$\Mozilla\Firefox\Profiles\$\places.sqlite$appdata$temp
                                                                                                                                                                                                                                                                                                                  • API String ID: 2671280029-1746454586
                                                                                                                                                                                                                                                                                                                  • Opcode ID: 2cd3ab96918de08c89aae2553534e05a162396ca0cb2274ad6f4b57fb67ef903
                                                                                                                                                                                                                                                                                                                  • Instruction ID: 62d9fab62af786c50a894cb5d70c8e104002727522bf8dc87d4677bbdd0531e3
                                                                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 2cd3ab96918de08c89aae2553534e05a162396ca0cb2274ad6f4b57fb67ef903
                                                                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 4212D47260EBC290DAB1EB50E4917EFB364EBC4781F845132D68D82B6EEE6CD544CB50
                                                                                                                                                                                                                                                                                                                  Function 00007FF751C27510 Relevance: 23.1, APIs: 11, Strings: 2, Instructions: 307memoryCOMMON
                                                                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                                                                  • Source File: 0000000C.00000002.3060241232.00007FF751A41000.00000020.00000001.01000000.00000014.sdmp, Offset: 00007FF751A40000, based on PE: true
                                                                                                                                                                                                                                                                                                                  • Associated: 0000000C.00000002.3060132073.00007FF751A40000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 0000000C.00000002.3060819819.00007FF751C94000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 0000000C.00000002.3061160990.00007FF751CDA000.00000004.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 0000000C.00000002.3061264071.00007FF751CDB000.00000008.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 0000000C.00000002.3061350002.00007FF751CF0000.00000004.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 0000000C.00000002.3061425831.00007FF751CF2000.00000008.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 0000000C.00000002.3061583034.00007FF751CF6000.00000004.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 0000000C.00000002.3061583034.00007FF751D00000.00000004.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 0000000C.00000002.3061749541.00007FF751D03000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_12_2_7ff751a40000_PcAppStore.jbxd
                                                                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                                                                  • API ID: Heap$Alloc$AdaptersAddressesFreeProcess
                                                                                                                                                                                                                                                                                                                  • String ID: 000000$o
                                                                                                                                                                                                                                                                                                                  • API String ID: 4182983392-359798323
                                                                                                                                                                                                                                                                                                                  • Opcode ID: 27fe2c5c1b78730cc661034e24580789ab8db0ed5604764d6b73af6036641d90
                                                                                                                                                                                                                                                                                                                  • Instruction ID: a461f7e603dd7020ac8cd6a295093045dc96847a5d8e1c359e3585cd4d06d0c9
                                                                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 27fe2c5c1b78730cc661034e24580789ab8db0ed5604764d6b73af6036641d90
                                                                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 6DF10272A1CAC186D760EB25E4807AAF3A0FBC4341F945122E6CE83A6DDFBDD445CB50
                                                                                                                                                                                                                                                                                                                  Function 00007FF751A8B47D Relevance: 21.4, APIs: 11, Strings: 1, Instructions: 385COMMON
                                                                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                                                                    • Part of subcall function 00007FF751A8DFB0: Concurrency::details::WorkQueue::IsStructuredEmpty.LIBCMTD ref: 00007FF751A8DFBE
                                                                                                                                                                                                                                                                                                                  • Concurrency::details::WorkQueue::IsStructuredEmpty.LIBCMTD ref: 00007FF751A8B662
                                                                                                                                                                                                                                                                                                                  • Concurrency::details::ContextBase::GetWorkQueueIdentity.LIBCMTD ref: 00007FF751A8B6D1
                                                                                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                                                                  • Source File: 0000000C.00000002.3060241232.00007FF751A41000.00000020.00000001.01000000.00000014.sdmp, Offset: 00007FF751A40000, based on PE: true
                                                                                                                                                                                                                                                                                                                  • Associated: 0000000C.00000002.3060132073.00007FF751A40000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 0000000C.00000002.3060819819.00007FF751C94000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 0000000C.00000002.3061160990.00007FF751CDA000.00000004.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 0000000C.00000002.3061264071.00007FF751CDB000.00000008.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 0000000C.00000002.3061350002.00007FF751CF0000.00000004.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 0000000C.00000002.3061425831.00007FF751CF2000.00000008.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 0000000C.00000002.3061583034.00007FF751CF6000.00000004.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 0000000C.00000002.3061583034.00007FF751D00000.00000004.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 0000000C.00000002.3061749541.00007FF751D03000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_12_2_7ff751a40000_PcAppStore.jbxd
                                                                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                                                                  • API ID: Concurrency::details::Work$EmptyQueue::Structured$Base::ContextIdentityQueue
                                                                                                                                                                                                                                                                                                                  • String ID: ":
                                                                                                                                                                                                                                                                                                                  • API String ID: 416282553-3662656813
                                                                                                                                                                                                                                                                                                                  • Opcode ID: cc2a17a16e4a2ab23928a6ed498f5b48a6afc8847ee23eaa00da48dde39757ab
                                                                                                                                                                                                                                                                                                                  • Instruction ID: 8f6dc7b52e2256de1ff73064b7407b6d7411b9310fe68434c4287143a9306dfe
                                                                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: cc2a17a16e4a2ab23928a6ed498f5b48a6afc8847ee23eaa00da48dde39757ab
                                                                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 9C220676619BC585DB70EB56E4847AEB3A0F7C8B81F844026DA8E47B69EF7CC040CB50
                                                                                                                                                                                                                                                                                                                  Function 00007FF751A8C408 Relevance: 21.4, APIs: 5, Strings: 7, Instructions: 369COMMON
                                                                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                                                                  • Concurrency::details::WorkQueue::IsStructuredEmpty.LIBCMTD ref: 00007FF751A8C51B
                                                                                                                                                                                                                                                                                                                  • Concurrency::details::HardwareAffinity::operator!=.LIBCMTD ref: 00007FF751A8C636
                                                                                                                                                                                                                                                                                                                  • Concurrency::details::WorkQueue::IsStructuredEmpty.LIBCMTD ref: 00007FF751A8C75A
                                                                                                                                                                                                                                                                                                                  • Concurrency::details::WorkQueue::IsStructuredEmpty.LIBCMTD ref: 00007FF751A8C8D8
                                                                                                                                                                                                                                                                                                                  • Concurrency::details::HardwareAffinity::operator!=.LIBCMTD ref: 00007FF751A8CA3B
                                                                                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                                                                  • Source File: 0000000C.00000002.3060241232.00007FF751A41000.00000020.00000001.01000000.00000014.sdmp, Offset: 00007FF751A40000, based on PE: true
                                                                                                                                                                                                                                                                                                                  • Associated: 0000000C.00000002.3060132073.00007FF751A40000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 0000000C.00000002.3060819819.00007FF751C94000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 0000000C.00000002.3061160990.00007FF751CDA000.00000004.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 0000000C.00000002.3061264071.00007FF751CDB000.00000008.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 0000000C.00000002.3061350002.00007FF751CF0000.00000004.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 0000000C.00000002.3061425831.00007FF751CF2000.00000008.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 0000000C.00000002.3061583034.00007FF751CF6000.00000004.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 0000000C.00000002.3061583034.00007FF751D00000.00000004.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 0000000C.00000002.3061749541.00007FF751D03000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_12_2_7ff751a40000_PcAppStore.jbxd
                                                                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                                                                  • API ID: Concurrency::details::$EmptyQueue::StructuredWork$Affinity::operator!=Hardware
                                                                                                                                                                                                                                                                                                                  • String ID: "bytes": [$"subtype": $],$],"subtype":$null$null}${"bytes":[
                                                                                                                                                                                                                                                                                                                  • API String ID: 2268291814-3853568864
                                                                                                                                                                                                                                                                                                                  • Opcode ID: 4d03236c1cc426d7a49e32645d9154a6e47ad987c9b96f79fada081029e35656
                                                                                                                                                                                                                                                                                                                  • Instruction ID: a27ba04b9aad8c820e56992d342e12989e4e7303ab48fe4ad4db68a9ae891f9e
                                                                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 4d03236c1cc426d7a49e32645d9154a6e47ad987c9b96f79fada081029e35656
                                                                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 3112F576609BC585EB71EB56E4907AEB3A0FBC9B81F844036DB8D43B69DF6CC0408B54
                                                                                                                                                                                                                                                                                                                  Function 00007FF751AEF6F0 Relevance: 21.4, APIs: 7, Strings: 5, Instructions: 356COMMON
                                                                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                                                                  • Source File: 0000000C.00000002.3060241232.00007FF751A41000.00000020.00000001.01000000.00000014.sdmp, Offset: 00007FF751A40000, based on PE: true
                                                                                                                                                                                                                                                                                                                  • Associated: 0000000C.00000002.3060132073.00007FF751A40000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 0000000C.00000002.3060819819.00007FF751C94000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 0000000C.00000002.3061160990.00007FF751CDA000.00000004.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 0000000C.00000002.3061264071.00007FF751CDB000.00000008.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 0000000C.00000002.3061350002.00007FF751CF0000.00000004.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 0000000C.00000002.3061425831.00007FF751CF2000.00000008.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 0000000C.00000002.3061583034.00007FF751CF6000.00000004.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 0000000C.00000002.3061583034.00007FF751D00000.00000004.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 0000000C.00000002.3061749541.00007FF751D03000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_12_2_7ff751a40000_PcAppStore.jbxd
                                                                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                                                                  • API ID: Decorator::getTableType$std::ios_base::good$Concurrency::details::_CriticalHandleLock::_ReentrantScoped_lockScoped_lock::~_
                                                                                                                                                                                                                                                                                                                  • String ID: HKEY_CLASSES_ROOT$HKEY_CURRENT_CONFIG$HKEY_CURRENT_USER$HKEY_LOCAL_MACHINE$HKEY_USERS
                                                                                                                                                                                                                                                                                                                  • API String ID: 4075672052-3507829934
                                                                                                                                                                                                                                                                                                                  • Opcode ID: f9f0cf8a6e7f46df9aebd046747186d9469684594f9f0809c02031f4b8cfaa1b
                                                                                                                                                                                                                                                                                                                  • Instruction ID: 127084aa9f41bd94231009aa3ce87102b2ba94ec5e906e23d2a6c75b1df82acf
                                                                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: f9f0cf8a6e7f46df9aebd046747186d9469684594f9f0809c02031f4b8cfaa1b
                                                                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 2F022F3260DAC291DB71EB54E4906EAE360FBD4345FC45133E28D82AAEDF6CD549CB50
                                                                                                                                                                                                                                                                                                                  Function 00007FF751C1D5C0 Relevance: 19.6, APIs: 8, Strings: 3, Instructions: 316COMMON
                                                                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                                                                  • Source File: 0000000C.00000002.3060241232.00007FF751A41000.00000020.00000001.01000000.00000014.sdmp, Offset: 00007FF751A40000, based on PE: true
                                                                                                                                                                                                                                                                                                                  • Associated: 0000000C.00000002.3060132073.00007FF751A40000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 0000000C.00000002.3060819819.00007FF751C94000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 0000000C.00000002.3061160990.00007FF751CDA000.00000004.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 0000000C.00000002.3061264071.00007FF751CDB000.00000008.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 0000000C.00000002.3061350002.00007FF751CF0000.00000004.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 0000000C.00000002.3061425831.00007FF751CF2000.00000008.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 0000000C.00000002.3061583034.00007FF751CF6000.00000004.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 0000000C.00000002.3061583034.00007FF751D00000.00000004.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 0000000C.00000002.3061749541.00007FF751D03000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_12_2_7ff751a40000_PcAppStore.jbxd
                                                                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                                                                  • API ID: Concurrency::details::$EmptyQueue::StructuredWork$Decorator::getTableType$Affinity::operator!=Concurrency::details::_CriticalFac_nodeFac_node::_HandleHardwareLock::_ReentrantScoped_lockScoped_lock::~_bool_shared_ptrstd::_
                                                                                                                                                                                                                                                                                                                  • String ID: add$delete$update
                                                                                                                                                                                                                                                                                                                  • API String ID: 1249101262-4173115130
                                                                                                                                                                                                                                                                                                                  • Opcode ID: 4e1d4c32b8589c99c24f33778795a8e296efd49312aebb10deba9a90a016b6fc
                                                                                                                                                                                                                                                                                                                  • Instruction ID: cfb1964c854d2672081cd9b2f3184ae17e7c083bb0270b684e6a57781756ee2f
                                                                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 4e1d4c32b8589c99c24f33778795a8e296efd49312aebb10deba9a90a016b6fc
                                                                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 9DF10572A4DAC290DB71EB54E4906EFA360FBC4341F844132E68D83AAEEF6CD545CB50
                                                                                                                                                                                                                                                                                                                  Function 00007FF751A7B410 Relevance: 19.6, APIs: 5, Strings: 6, Instructions: 302windowCOMMON
                                                                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                                                                  • Source File: 0000000C.00000002.3060241232.00007FF751A41000.00000020.00000001.01000000.00000014.sdmp, Offset: 00007FF751A40000, based on PE: true
                                                                                                                                                                                                                                                                                                                  • Associated: 0000000C.00000002.3060132073.00007FF751A40000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 0000000C.00000002.3060819819.00007FF751C94000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 0000000C.00000002.3061160990.00007FF751CDA000.00000004.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 0000000C.00000002.3061264071.00007FF751CDB000.00000008.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 0000000C.00000002.3061350002.00007FF751CF0000.00000004.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 0000000C.00000002.3061425831.00007FF751CF2000.00000008.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 0000000C.00000002.3061583034.00007FF751CF6000.00000004.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 0000000C.00000002.3061583034.00007FF751D00000.00000004.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 0000000C.00000002.3061749541.00007FF751D03000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_12_2_7ff751a40000_PcAppStore.jbxd
                                                                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                                                                  • API ID: MessagePostProcWindow$Quit
                                                                                                                                                                                                                                                                                                                  • String ID: msg=resume_suspend$msg=suspend$product$product$system_event$system_event
                                                                                                                                                                                                                                                                                                                  • API String ID: 3552470998-2520652036
                                                                                                                                                                                                                                                                                                                  • Opcode ID: 76750a6c5199a67237d72011e105f7ae16df0575834be2b3322a2da0b4a13fc8
                                                                                                                                                                                                                                                                                                                  • Instruction ID: f4abb9d6f10acd54f07b98a507b8dbd01a5e098436c67d4534de86dac4aa9fbc
                                                                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 76750a6c5199a67237d72011e105f7ae16df0575834be2b3322a2da0b4a13fc8
                                                                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 0AF1D472A0DAC191DBB2AB54E4917EAB364FBC8341F841132D68D43B6EEFACD544CB50
                                                                                                                                                                                                                                                                                                                  Function 00007FF751AA93B0 Relevance: 18.0, APIs: 2, Strings: 8, Instructions: 468sleepsynchronizationCOMMON
                                                                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                                                                    • Part of subcall function 00007FF751A620A0: _WChar_traits.LIBCPMTD ref: 00007FF751A620CD
                                                                                                                                                                                                                                                                                                                    • Part of subcall function 00007FF751ABCF20: type_info::_name_internal_method.LIBCMTD ref: 00007FF751ABCFB0
                                                                                                                                                                                                                                                                                                                    • Part of subcall function 00007FF751ABCF20: Concurrency::details::WorkQueue::IsStructuredEmpty.LIBCMTD ref: 00007FF751ABCFDD
                                                                                                                                                                                                                                                                                                                    • Part of subcall function 00007FF751ABCF20: shared_ptr.LIBCMTD ref: 00007FF751ABD013
                                                                                                                                                                                                                                                                                                                    • Part of subcall function 00007FF751ABCF20: Concurrency::details::WorkQueue::IsStructuredEmpty.LIBCMTD ref: 00007FF751ABD0AE
                                                                                                                                                                                                                                                                                                                  • WaitForSingleObject.KERNEL32 ref: 00007FF751AA9DCE
                                                                                                                                                                                                                                                                                                                    • Part of subcall function 00007FF751A61F00: Concurrency::details::WorkQueue::IsStructuredEmpty.LIBCMTD ref: 00007FF751A61F1D
                                                                                                                                                                                                                                                                                                                    • Part of subcall function 00007FF751A86F90: Concurrency::details::WorkQueue::IsStructuredEmpty.LIBCMTD ref: 00007FF751A87219
                                                                                                                                                                                                                                                                                                                  • Sleep.KERNEL32 ref: 00007FF751AA9D95
                                                                                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                                                                  • Source File: 0000000C.00000002.3060241232.00007FF751A41000.00000020.00000001.01000000.00000014.sdmp, Offset: 00007FF751A40000, based on PE: true
                                                                                                                                                                                                                                                                                                                  • Associated: 0000000C.00000002.3060132073.00007FF751A40000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 0000000C.00000002.3060819819.00007FF751C94000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 0000000C.00000002.3061160990.00007FF751CDA000.00000004.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 0000000C.00000002.3061264071.00007FF751CDB000.00000008.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 0000000C.00000002.3061350002.00007FF751CF0000.00000004.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 0000000C.00000002.3061425831.00007FF751CF2000.00000008.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 0000000C.00000002.3061583034.00007FF751CF6000.00000004.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 0000000C.00000002.3061583034.00007FF751D00000.00000004.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 0000000C.00000002.3061749541.00007FF751D03000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_12_2_7ff751a40000_PcAppStore.jbxd
                                                                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                                                                  • API ID: Concurrency::details::EmptyQueue::StructuredWork$Char_traitsObjectSingleSleepWaitshared_ptrtype_info::_name_internal_method
                                                                                                                                                                                                                                                                                                                  • String ID: bh_lv_date$bhist$chrome$edge$engine$firefox$pcdetails$searches
                                                                                                                                                                                                                                                                                                                  • API String ID: 996376012-1168393571
                                                                                                                                                                                                                                                                                                                  • Opcode ID: 31d1c79fcdd9bfa0cc13af7078cec16b086d031c8a7fdce7d29bc820f5ffb5f9
                                                                                                                                                                                                                                                                                                                  • Instruction ID: 4ad04052dc6961c2eca850ed74272254b543262fcff6b86e19f7df69043f2819
                                                                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 31d1c79fcdd9bfa0cc13af7078cec16b086d031c8a7fdce7d29bc820f5ffb5f9
                                                                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: E642D472A0DAC191DB72AB51E4907EBB364FBC4381F845132D68D82BAEEF6CD544CB50
                                                                                                                                                                                                                                                                                                                  Function 00007FF751B120F0 Relevance: 17.9, APIs: 6, Strings: 4, Instructions: 446COMMON
                                                                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                                                                    • Part of subcall function 00007FF751A61730: char_traits.LIBCPMTD ref: 00007FF751A6175D
                                                                                                                                                                                                                                                                                                                    • Part of subcall function 00007FF751ABD120: type_info::_name_internal_method.LIBCMTD ref: 00007FF751ABD1D1
                                                                                                                                                                                                                                                                                                                    • Part of subcall function 00007FF751ABD120: Concurrency::details::WorkQueue::IsStructuredEmpty.LIBCMTD ref: 00007FF751ABD20C
                                                                                                                                                                                                                                                                                                                    • Part of subcall function 00007FF751ABD120: shared_ptr.LIBCMTD ref: 00007FF751ABD248
                                                                                                                                                                                                                                                                                                                    • Part of subcall function 00007FF751A61640: Concurrency::details::WorkQueue::IsStructuredEmpty.LIBCMTD ref: 00007FF751A6165D
                                                                                                                                                                                                                                                                                                                    • Part of subcall function 00007FF751ABCC00: shared_ptr.LIBCMTD ref: 00007FF751ABCC33
                                                                                                                                                                                                                                                                                                                    • Part of subcall function 00007FF751ABCC00: shared_ptr.LIBCMTD ref: 00007FF751ABCCBC
                                                                                                                                                                                                                                                                                                                    • Part of subcall function 00007FF751A620A0: _WChar_traits.LIBCPMTD ref: 00007FF751A620CD
                                                                                                                                                                                                                                                                                                                    • Part of subcall function 00007FF751AB7550: Concurrency::details::WorkQueue::IsStructuredEmpty.LIBCMTD ref: 00007FF751AB75C8
                                                                                                                                                                                                                                                                                                                  • std::_Fac_node::_Fac_node.LIBCPMTD ref: 00007FF751B12331
                                                                                                                                                                                                                                                                                                                  • std::_Fac_node::_Fac_node.LIBCPMTD ref: 00007FF751B12481
                                                                                                                                                                                                                                                                                                                  • std::_Fac_node::_Fac_node.LIBCPMTD ref: 00007FF751B125D1
                                                                                                                                                                                                                                                                                                                  • std::_Fac_node::_Fac_node.LIBCPMTD ref: 00007FF751B12721
                                                                                                                                                                                                                                                                                                                  • std::_Fac_node::_Fac_node.LIBCPMTD ref: 00007FF751B12871
                                                                                                                                                                                                                                                                                                                  • std::_Fac_node::_Fac_node.LIBCPMTD ref: 00007FF751B128BC
                                                                                                                                                                                                                                                                                                                    • Part of subcall function 00007FF751A60F90: Concurrency::details::_Scheduler::_Scheduler.LIBCMTD ref: 00007FF751A610F1
                                                                                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                                                                  • Source File: 0000000C.00000002.3060241232.00007FF751A41000.00000020.00000001.01000000.00000014.sdmp, Offset: 00007FF751A40000, based on PE: true
                                                                                                                                                                                                                                                                                                                  • Associated: 0000000C.00000002.3060132073.00007FF751A40000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 0000000C.00000002.3060819819.00007FF751C94000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 0000000C.00000002.3061160990.00007FF751CDA000.00000004.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 0000000C.00000002.3061264071.00007FF751CDB000.00000008.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 0000000C.00000002.3061350002.00007FF751CF0000.00000004.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 0000000C.00000002.3061425831.00007FF751CF2000.00000008.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 0000000C.00000002.3061583034.00007FF751CF6000.00000004.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 0000000C.00000002.3061583034.00007FF751D00000.00000004.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 0000000C.00000002.3061749541.00007FF751D03000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_12_2_7ff751a40000_PcAppStore.jbxd
                                                                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                                                                  • API ID: Fac_nodeFac_node::_std::_$Concurrency::details::EmptyQueue::StructuredWorkshared_ptr$Char_traitsConcurrency::details::_SchedulerScheduler::_char_traitsswaptype_info::_name_internal_method
                                                                                                                                                                                                                                                                                                                  • String ID: description$name$path$version
                                                                                                                                                                                                                                                                                                                  • API String ID: 853198932-2718969892
                                                                                                                                                                                                                                                                                                                  • Opcode ID: 8182e7b27c8b5a91f20da4f2d2e391c06853218d5fd98101c128e61b1a719ec4
                                                                                                                                                                                                                                                                                                                  • Instruction ID: 3b436e0aa12ca4cab2e12b729b835315cd5cedce7fb0cf1240dc53b439fa60a8
                                                                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 8182e7b27c8b5a91f20da4f2d2e391c06853218d5fd98101c128e61b1a719ec4
                                                                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: A0320A7261DAC691DB71EB50E4907EBA365FBC4381F845032D68D83BAEEE6CD504CB50
                                                                                                                                                                                                                                                                                                                  Function 00007FF751A762A0 Relevance: 17.9, APIs: 5, Strings: 5, Instructions: 439COMMON
                                                                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                                                                  • Source File: 0000000C.00000002.3060241232.00007FF751A41000.00000020.00000001.01000000.00000014.sdmp, Offset: 00007FF751A40000, based on PE: true
                                                                                                                                                                                                                                                                                                                  • Associated: 0000000C.00000002.3060132073.00007FF751A40000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 0000000C.00000002.3060819819.00007FF751C94000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 0000000C.00000002.3061160990.00007FF751CDA000.00000004.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 0000000C.00000002.3061264071.00007FF751CDB000.00000008.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 0000000C.00000002.3061350002.00007FF751CF0000.00000004.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 0000000C.00000002.3061425831.00007FF751CF2000.00000008.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 0000000C.00000002.3061583034.00007FF751CF6000.00000004.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 0000000C.00000002.3061583034.00007FF751D00000.00000004.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 0000000C.00000002.3061749541.00007FF751D03000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_12_2_7ff751a40000_PcAppStore.jbxd
                                                                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                                                                  • API ID: ChildEnumWindows$Concurrency::details::EmptyQueue::StructuredWork$Char_traitsClassNameTextWindowshared_ptrtype_info::_name_internal_method
                                                                                                                                                                                                                                                                                                                  • String ID: =====> %ws FOUND <=====$Shell_TrayWnd$Start$TrayButton$TrayDummySearchControl
                                                                                                                                                                                                                                                                                                                  • API String ID: 1535316472-2840285642
                                                                                                                                                                                                                                                                                                                  • Opcode ID: 1aef93e5f012a685686fccdd4daceabe54635868a6b890d9b825c07920069936
                                                                                                                                                                                                                                                                                                                  • Instruction ID: 3cc2b9b7cf7ee19b497d2157e3269c15c40d9bd5f7b38341974592c1e34784be
                                                                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 1aef93e5f012a685686fccdd4daceabe54635868a6b890d9b825c07920069936
                                                                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 1432E732A0DAC195EB71AB50E4507EBF3A4FBC4341F844136E68D82AADEF6CD545CB50
                                                                                                                                                                                                                                                                                                                  Function 00007FF751AAA2B0 Relevance: 17.8, APIs: 3, Strings: 7, Instructions: 303sleepsynchronizationCOMMON
                                                                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                                                                    • Part of subcall function 00007FF751A620A0: _WChar_traits.LIBCPMTD ref: 00007FF751A620CD
                                                                                                                                                                                                                                                                                                                    • Part of subcall function 00007FF751ABCF20: type_info::_name_internal_method.LIBCMTD ref: 00007FF751ABCFB0
                                                                                                                                                                                                                                                                                                                    • Part of subcall function 00007FF751ABCF20: Concurrency::details::WorkQueue::IsStructuredEmpty.LIBCMTD ref: 00007FF751ABCFDD
                                                                                                                                                                                                                                                                                                                    • Part of subcall function 00007FF751ABCF20: shared_ptr.LIBCMTD ref: 00007FF751ABD013
                                                                                                                                                                                                                                                                                                                    • Part of subcall function 00007FF751ABCF20: Concurrency::details::WorkQueue::IsStructuredEmpty.LIBCMTD ref: 00007FF751ABD0AE
                                                                                                                                                                                                                                                                                                                  • Sleep.KERNEL32 ref: 00007FF751AAA449
                                                                                                                                                                                                                                                                                                                  • Concurrency::details::WorkQueue::IsStructuredEmpty.LIBCMTD ref: 00007FF751AAA550
                                                                                                                                                                                                                                                                                                                    • Part of subcall function 00007FF751ABC510: shared_ptr.LIBCMTD ref: 00007FF751ABC585
                                                                                                                                                                                                                                                                                                                    • Part of subcall function 00007FF751ABC510: shared_ptr.LIBCMTD ref: 00007FF751ABC60E
                                                                                                                                                                                                                                                                                                                    • Part of subcall function 00007FF751ABC510: Concurrency::details::WorkQueue::IsStructuredEmpty.LIBCMTD ref: 00007FF751ABC810
                                                                                                                                                                                                                                                                                                                    • Part of subcall function 00007FF751AB8E50: bool_.LIBCPMTD ref: 00007FF751AB8EAC
                                                                                                                                                                                                                                                                                                                    • Part of subcall function 00007FF751AB8E50: Concurrency::details::WorkQueue::IsStructuredEmpty.LIBCMTD ref: 00007FF751AB8F1F
                                                                                                                                                                                                                                                                                                                    • Part of subcall function 00007FF751AB8E50: std::ios_base::good.LIBCPMTD ref: 00007FF751AB8F99
                                                                                                                                                                                                                                                                                                                    • Part of subcall function 00007FF751AB8E50: Concurrency::task_continuation_context::task_continuation_context.LIBCPMTD ref: 00007FF751AB8FAC
                                                                                                                                                                                                                                                                                                                    • Part of subcall function 00007FF751AB8E50: UnDecorator::getVbTableType.LIBCMTD ref: 00007FF751AB8FBC
                                                                                                                                                                                                                                                                                                                  • WaitForSingleObject.KERNEL32 ref: 00007FF751AAA958
                                                                                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                                                                  • Source File: 0000000C.00000002.3060241232.00007FF751A41000.00000020.00000001.01000000.00000014.sdmp, Offset: 00007FF751A40000, based on PE: true
                                                                                                                                                                                                                                                                                                                  • Associated: 0000000C.00000002.3060132073.00007FF751A40000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 0000000C.00000002.3060819819.00007FF751C94000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 0000000C.00000002.3061160990.00007FF751CDA000.00000004.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 0000000C.00000002.3061264071.00007FF751CDB000.00000008.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 0000000C.00000002.3061350002.00007FF751CF0000.00000004.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 0000000C.00000002.3061425831.00007FF751CF2000.00000008.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 0000000C.00000002.3061583034.00007FF751CF6000.00000004.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 0000000C.00000002.3061583034.00007FF751D00000.00000004.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 0000000C.00000002.3061749541.00007FF751D03000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_12_2_7ff751a40000_PcAppStore.jbxd
                                                                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                                                                  • API ID: Concurrency::details::EmptyQueue::StructuredWork$shared_ptr$Char_traitsConcurrency::task_continuation_context::task_continuation_contextDecorator::getObjectSingleSleepTableTypeWaitbool_std::ios_base::goodtype_info::_name_internal_method
                                                                                                                                                                                                                                                                                                                  • String ID: connected_spot=%ws$gmac$pcdetails$spots$spots_list_is_empty$subs$wlanspots
                                                                                                                                                                                                                                                                                                                  • API String ID: 1968395708-2707124708
                                                                                                                                                                                                                                                                                                                  • Opcode ID: b2d16248a7cdc4bb8edafa0572017727369bfb466be4a7321f459bc833de06b7
                                                                                                                                                                                                                                                                                                                  • Instruction ID: 711a58d7544c6d55a7cb249c2005d498342ebd582cbece88788d48e52b243839
                                                                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: b2d16248a7cdc4bb8edafa0572017727369bfb466be4a7321f459bc833de06b7
                                                                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 3AF1D072A0DAC291DBB1AB54E4907EAB364FBC4341F801132D68D83B6EEF6CD548CB50
                                                                                                                                                                                                                                                                                                                  Function 00007FF751AF0020 Relevance: 17.6, APIs: 7, Strings: 3, Instructions: 140registryCOMMON
                                                                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                                                                  • Source File: 0000000C.00000002.3060241232.00007FF751A41000.00000020.00000001.01000000.00000014.sdmp, Offset: 00007FF751A40000, based on PE: true
                                                                                                                                                                                                                                                                                                                  • Associated: 0000000C.00000002.3060132073.00007FF751A40000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 0000000C.00000002.3060819819.00007FF751C94000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 0000000C.00000002.3061160990.00007FF751CDA000.00000004.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 0000000C.00000002.3061264071.00007FF751CDB000.00000008.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 0000000C.00000002.3061350002.00007FF751CF0000.00000004.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 0000000C.00000002.3061425831.00007FF751CF2000.00000008.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 0000000C.00000002.3061583034.00007FF751CF6000.00000004.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 0000000C.00000002.3061583034.00007FF751D00000.00000004.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 0000000C.00000002.3061749541.00007FF751D03000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_12_2_7ff751a40000_PcAppStore.jbxd
                                                                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                                                                  • API ID: CloseConcurrency::details::EmptyQueue::StructuredWorktype_info::_name_internal_method$Char_traitsOpenQueryValueshared_ptr
                                                                                                                                                                                                                                                                                                                  • String ID: AppParam$Software\PCAppStore$default
                                                                                                                                                                                                                                                                                                                  • API String ID: 569003908-3084650451
                                                                                                                                                                                                                                                                                                                  • Opcode ID: e9a3dd9140ba460193bccad5f1c73cbfb01c1999a9a3f6ab14bf24697fcc024c
                                                                                                                                                                                                                                                                                                                  • Instruction ID: 7a4f4ca98a49d82350e2da53c38af486bf473650fb4510b4fcbf6273bdd2e1e2
                                                                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: e9a3dd9140ba460193bccad5f1c73cbfb01c1999a9a3f6ab14bf24697fcc024c
                                                                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 77711932A1DAC185D761EB50E4917EBF364FBC4381F845132E68D42AAEEF6CD448CB50
                                                                                                                                                                                                                                                                                                                  Function 00007FF751A71520 Relevance: 17.0, APIs: 2, Strings: 9, Instructions: 481COMMON
                                                                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                                                                    • Part of subcall function 00007FF751A620A0: _WChar_traits.LIBCPMTD ref: 00007FF751A620CD
                                                                                                                                                                                                                                                                                                                    • Part of subcall function 00007FF751ABCF20: type_info::_name_internal_method.LIBCMTD ref: 00007FF751ABCFB0
                                                                                                                                                                                                                                                                                                                    • Part of subcall function 00007FF751ABCF20: Concurrency::details::WorkQueue::IsStructuredEmpty.LIBCMTD ref: 00007FF751ABCFDD
                                                                                                                                                                                                                                                                                                                    • Part of subcall function 00007FF751ABCF20: shared_ptr.LIBCMTD ref: 00007FF751ABD013
                                                                                                                                                                                                                                                                                                                    • Part of subcall function 00007FF751ABCF20: Concurrency::details::WorkQueue::IsStructuredEmpty.LIBCMTD ref: 00007FF751ABD0AE
                                                                                                                                                                                                                                                                                                                    • Part of subcall function 00007FF751ABC510: shared_ptr.LIBCMTD ref: 00007FF751ABC585
                                                                                                                                                                                                                                                                                                                    • Part of subcall function 00007FF751ABC510: shared_ptr.LIBCMTD ref: 00007FF751ABC60E
                                                                                                                                                                                                                                                                                                                    • Part of subcall function 00007FF751ABC510: Concurrency::details::WorkQueue::IsStructuredEmpty.LIBCMTD ref: 00007FF751ABC810
                                                                                                                                                                                                                                                                                                                  • CloseHandle.KERNEL32 ref: 00007FF751A71F6C
                                                                                                                                                                                                                                                                                                                  • CloseHandle.KERNEL32 ref: 00007FF751A71F82
                                                                                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                                                                  • Source File: 0000000C.00000002.3060241232.00007FF751A41000.00000020.00000001.01000000.00000014.sdmp, Offset: 00007FF751A40000, based on PE: true
                                                                                                                                                                                                                                                                                                                  • Associated: 0000000C.00000002.3060132073.00007FF751A40000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 0000000C.00000002.3060819819.00007FF751C94000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 0000000C.00000002.3061160990.00007FF751CDA000.00000004.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 0000000C.00000002.3061264071.00007FF751CDB000.00000008.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 0000000C.00000002.3061350002.00007FF751CF0000.00000004.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 0000000C.00000002.3061425831.00007FF751CF2000.00000008.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 0000000C.00000002.3061583034.00007FF751CF6000.00000004.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 0000000C.00000002.3061583034.00007FF751D00000.00000004.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 0000000C.00000002.3061749541.00007FF751D03000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_12_2_7ff751a40000_PcAppStore.jbxd
                                                                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                                                                  • API ID: Concurrency::details::EmptyQueue::StructuredWorkshared_ptr$CloseHandle$Char_traitstype_info::_name_internal_method
                                                                                                                                                                                                                                                                                                                  • String ID: error$exec_winget$installed$none$product$success$wnd_name=%s&state=%ws&cmd=%ws&%ws${"app":{"%ws":{"app_status":{"name":"%ws","status":"%ws"}}}}${"app":{"%ws":{"msstore_download_result":{"status":"%d"}}}}
                                                                                                                                                                                                                                                                                                                  • API String ID: 4080031052-118872756
                                                                                                                                                                                                                                                                                                                  • Opcode ID: 564e589c6c90c6963a5dec7b8cd7915b412c9f439846443b03bd30d8ebf71af9
                                                                                                                                                                                                                                                                                                                  • Instruction ID: 3dd6e3980401fb6018eb193787d67a26e1f5e2ec3defef6d73717d2b18d15679
                                                                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 564e589c6c90c6963a5dec7b8cd7915b412c9f439846443b03bd30d8ebf71af9
                                                                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 8E42D072609FC595DBB1AB55E4906EAB3A4FBC8781F801122DA8D83B6DEF78C544CB10
                                                                                                                                                                                                                                                                                                                  Function 00007FF751B17260 Relevance: 16.0, APIs: 3, Strings: 6, Instructions: 266comCOMMON
                                                                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                                                                    • Part of subcall function 00007FF751A620A0: _WChar_traits.LIBCPMTD ref: 00007FF751A620CD
                                                                                                                                                                                                                                                                                                                    • Part of subcall function 00007FF751AA2E00: _Subatomic.LIBCONCRTD ref: 00007FF751AA2E6E
                                                                                                                                                                                                                                                                                                                    • Part of subcall function 00007FF751ABCF20: type_info::_name_internal_method.LIBCMTD ref: 00007FF751ABCFB0
                                                                                                                                                                                                                                                                                                                    • Part of subcall function 00007FF751ABCF20: Concurrency::details::WorkQueue::IsStructuredEmpty.LIBCMTD ref: 00007FF751ABCFDD
                                                                                                                                                                                                                                                                                                                    • Part of subcall function 00007FF751ABCF20: shared_ptr.LIBCMTD ref: 00007FF751ABD013
                                                                                                                                                                                                                                                                                                                    • Part of subcall function 00007FF751ABCF20: Concurrency::details::WorkQueue::IsStructuredEmpty.LIBCMTD ref: 00007FF751ABD0AE
                                                                                                                                                                                                                                                                                                                  • CoInitialize.OLE32 ref: 00007FF751B17773
                                                                                                                                                                                                                                                                                                                  • CoCreateInstance.OLE32 ref: 00007FF751B177A4
                                                                                                                                                                                                                                                                                                                  • shared_ptr.LIBCMTD ref: 00007FF751B177DA
                                                                                                                                                                                                                                                                                                                    • Part of subcall function 00007FF751ABC510: shared_ptr.LIBCMTD ref: 00007FF751ABC585
                                                                                                                                                                                                                                                                                                                    • Part of subcall function 00007FF751ABC510: shared_ptr.LIBCMTD ref: 00007FF751ABC60E
                                                                                                                                                                                                                                                                                                                    • Part of subcall function 00007FF751ABC510: Concurrency::details::WorkQueue::IsStructuredEmpty.LIBCMTD ref: 00007FF751ABC810
                                                                                                                                                                                                                                                                                                                    • Part of subcall function 00007FF751B19C90: Concurrency::details::_CriticalNonReentrantLock::_Scoped_lock::~_Scoped_lock.LIBCMTD ref: 00007FF751B19D0B
                                                                                                                                                                                                                                                                                                                    • Part of subcall function 00007FF751B19C90: HandleT.LIBCPMTD ref: 00007FF751B19D1A
                                                                                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                                                                  • Source File: 0000000C.00000002.3060241232.00007FF751A41000.00000020.00000001.01000000.00000014.sdmp, Offset: 00007FF751A40000, based on PE: true
                                                                                                                                                                                                                                                                                                                  • Associated: 0000000C.00000002.3060132073.00007FF751A40000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 0000000C.00000002.3060819819.00007FF751C94000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 0000000C.00000002.3061160990.00007FF751CDA000.00000004.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 0000000C.00000002.3061264071.00007FF751CDB000.00000008.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 0000000C.00000002.3061350002.00007FF751CF0000.00000004.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 0000000C.00000002.3061425831.00007FF751CF2000.00000008.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 0000000C.00000002.3061583034.00007FF751CF6000.00000004.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 0000000C.00000002.3061583034.00007FF751D00000.00000004.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 0000000C.00000002.3061749541.00007FF751D03000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_12_2_7ff751a40000_PcAppStore.jbxd
                                                                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                                                                  • API ID: shared_ptr$Concurrency::details::EmptyQueue::StructuredWork$Char_traitsConcurrency::details::_CreateCriticalHandleInitializeInstanceLock::_ReentrantScoped_lockScoped_lock::~_Subatomictype_info::_name_internal_method
                                                                                                                                                                                                                                                                                                                  • String ID: SearchApp.exe$SearchHost.exe$SearchUI.exe$ShellExperienceHost.exe$StartMenuExperienceHost.exe$explorer.exe
                                                                                                                                                                                                                                                                                                                  • API String ID: 1408288539-3335880049
                                                                                                                                                                                                                                                                                                                  • Opcode ID: e5cfb1a2ca0c4b92716ef7a7696fac59c126a1745568ea0bb3d6da0d3f823ffe
                                                                                                                                                                                                                                                                                                                  • Instruction ID: 860a91921c4a63a1e4756dec2aea107e8fa6b1f8734c4a2a55215c3167d00084
                                                                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: e5cfb1a2ca0c4b92716ef7a7696fac59c126a1745568ea0bb3d6da0d3f823ffe
                                                                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: E2E1F276609BC190DBA1AB55E4903EAB361FBC4781F855032DA8D43B6EEFBCC548CB50
                                                                                                                                                                                                                                                                                                                  Function 00007FF751C01650 Relevance: 15.9, APIs: 8, Strings: 1, Instructions: 190registryCOMMON
                                                                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                                                                  • Source File: 0000000C.00000002.3060241232.00007FF751A41000.00000020.00000001.01000000.00000014.sdmp, Offset: 00007FF751A40000, based on PE: true
                                                                                                                                                                                                                                                                                                                  • Associated: 0000000C.00000002.3060132073.00007FF751A40000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 0000000C.00000002.3060819819.00007FF751C94000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 0000000C.00000002.3061160990.00007FF751CDA000.00000004.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 0000000C.00000002.3061264071.00007FF751CDB000.00000008.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 0000000C.00000002.3061350002.00007FF751CF0000.00000004.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 0000000C.00000002.3061425831.00007FF751CF2000.00000008.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 0000000C.00000002.3061583034.00007FF751CF6000.00000004.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 0000000C.00000002.3061583034.00007FF751D00000.00000004.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 0000000C.00000002.3061749541.00007FF751D03000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_12_2_7ff751a40000_PcAppStore.jbxd
                                                                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                                                                  • API ID: List$ClassCursorLoadRegister
                                                                                                                                                                                                                                                                                                                  • String ID: StartReplace
                                                                                                                                                                                                                                                                                                                  • API String ID: 1846139413-3907892786
                                                                                                                                                                                                                                                                                                                  • Opcode ID: fea9658d91945ac0eecf29b6dc659dad1c4709736d75d71321c71b57a5fa5b30
                                                                                                                                                                                                                                                                                                                  • Instruction ID: 015dcb6454d5127d8bef9662c35931c3fae83096f8b07944ad4aee1559a71f7d
                                                                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: fea9658d91945ac0eecf29b6dc659dad1c4709736d75d71321c71b57a5fa5b30
                                                                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: E0A1FF72608BC585DB61EB15E4907EAB7A0FBC8B81F944032DA8D83B69DF7DD448CB50
                                                                                                                                                                                                                                                                                                                  Function 00007FF751AB9BE0 Relevance: 15.9, APIs: 5, Strings: 4, Instructions: 186COMMON
                                                                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                                                                    • Part of subcall function 00007FF751A61640: Concurrency::details::WorkQueue::IsStructuredEmpty.LIBCMTD ref: 00007FF751A6165D
                                                                                                                                                                                                                                                                                                                    • Part of subcall function 00007FF751AB7550: Concurrency::details::WorkQueue::IsStructuredEmpty.LIBCMTD ref: 00007FF751AB75C8
                                                                                                                                                                                                                                                                                                                  • std::_Fac_node::_Fac_node.LIBCPMTD ref: 00007FF751AB9C8B
                                                                                                                                                                                                                                                                                                                  • std::_Fac_node::_Fac_node.LIBCPMTD ref: 00007FF751AB9D44
                                                                                                                                                                                                                                                                                                                  • std::_Fac_node::_Fac_node.LIBCPMTD ref: 00007FF751AB9DC1
                                                                                                                                                                                                                                                                                                                  • std::_Fac_node::_Fac_node.LIBCPMTD ref: 00007FF751AB9E3E
                                                                                                                                                                                                                                                                                                                  • std::_Fac_node::_Fac_node.LIBCPMTD ref: 00007FF751AB9E89
                                                                                                                                                                                                                                                                                                                    • Part of subcall function 00007FF751A60F90: Concurrency::details::_Scheduler::_Scheduler.LIBCMTD ref: 00007FF751A610F1
                                                                                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                                                                  • Source File: 0000000C.00000002.3060241232.00007FF751A41000.00000020.00000001.01000000.00000014.sdmp, Offset: 00007FF751A40000, based on PE: true
                                                                                                                                                                                                                                                                                                                  • Associated: 0000000C.00000002.3060132073.00007FF751A40000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 0000000C.00000002.3060819819.00007FF751C94000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 0000000C.00000002.3061160990.00007FF751CDA000.00000004.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 0000000C.00000002.3061264071.00007FF751CDB000.00000008.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 0000000C.00000002.3061350002.00007FF751CF0000.00000004.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 0000000C.00000002.3061425831.00007FF751CF2000.00000008.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 0000000C.00000002.3061583034.00007FF751CF6000.00000004.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 0000000C.00000002.3061583034.00007FF751D00000.00000004.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 0000000C.00000002.3061749541.00007FF751D03000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_12_2_7ff751a40000_PcAppStore.jbxd
                                                                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                                                                  • API ID: Fac_nodeFac_node::_std::_$Concurrency::details::EmptyQueue::StructuredWork$Concurrency::details::_SchedulerScheduler::_swap
                                                                                                                                                                                                                                                                                                                  • String ID: last_visit$title$url$visit_count
                                                                                                                                                                                                                                                                                                                  • API String ID: 3419026931-3535738862
                                                                                                                                                                                                                                                                                                                  • Opcode ID: be4d46e9915b58789d1b6944a3c14443339453292486abb1dd0e0e5a6ab1e53d
                                                                                                                                                                                                                                                                                                                  • Instruction ID: da4f5d6a4aabc0ef4a41f1c88ef8c5b8456738b13d361e001bf89725c5c65775
                                                                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: be4d46e9915b58789d1b6944a3c14443339453292486abb1dd0e0e5a6ab1e53d
                                                                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 82814F62619AC691DB31EB50E4907EBE361FBD4381F845032D68D43BAEEEACD604CB50
                                                                                                                                                                                                                                                                                                                  Function 00007FF751AE96D0 Relevance: 15.9, APIs: 5, Strings: 4, Instructions: 182processCOMMON
                                                                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                                                                  • Source File: 0000000C.00000002.3060241232.00007FF751A41000.00000020.00000001.01000000.00000014.sdmp, Offset: 00007FF751A40000, based on PE: true
                                                                                                                                                                                                                                                                                                                  • Associated: 0000000C.00000002.3060132073.00007FF751A40000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 0000000C.00000002.3060819819.00007FF751C94000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 0000000C.00000002.3061160990.00007FF751CDA000.00000004.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 0000000C.00000002.3061264071.00007FF751CDB000.00000008.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 0000000C.00000002.3061350002.00007FF751CF0000.00000004.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 0000000C.00000002.3061425831.00007FF751CF2000.00000008.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 0000000C.00000002.3061583034.00007FF751CF6000.00000004.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 0000000C.00000002.3061583034.00007FF751D00000.00000004.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 0000000C.00000002.3061749541.00007FF751D03000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_12_2_7ff751a40000_PcAppStore.jbxd
                                                                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                                                                  • API ID: CloseHandle$Char_traitsCreateProcess
                                                                                                                                                                                                                                                                                                                  • String ID: ClosingEvent$[A-Za-z0-9\\]{2,16}(\.[A-Za-z0-9.]*)*$h$winget list --disable-interactivity --accept-source-agreements
                                                                                                                                                                                                                                                                                                                  • API String ID: 172086237-720509041
                                                                                                                                                                                                                                                                                                                  • Opcode ID: bf3a4fd1d19e246f250de37db098803a181b772d447f0bc39aeb719d5e992341
                                                                                                                                                                                                                                                                                                                  • Instruction ID: f0d3871afc050cd9eac0772dbbdd072a800d722225f4be4afdb12e332b9fcf1e
                                                                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: bf3a4fd1d19e246f250de37db098803a181b772d447f0bc39aeb719d5e992341
                                                                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: D091F73260CAC195DB61EB64E4907EAB3A1FBC4781F844136D68D43AADEFBCD548CB50
                                                                                                                                                                                                                                                                                                                  Function 00007FF751B11610 Relevance: 15.9, APIs: 4, Strings: 5, Instructions: 173windowCOMMON
                                                                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                                                                  • ShellExecuteW.SHELL32 ref: 00007FF751B11679
                                                                                                                                                                                                                                                                                                                  • GetLastError.KERNEL32 ref: 00007FF751B1168F
                                                                                                                                                                                                                                                                                                                    • Part of subcall function 00007FF751A620A0: _WChar_traits.LIBCPMTD ref: 00007FF751A620CD
                                                                                                                                                                                                                                                                                                                    • Part of subcall function 00007FF751ABCF20: type_info::_name_internal_method.LIBCMTD ref: 00007FF751ABCFB0
                                                                                                                                                                                                                                                                                                                    • Part of subcall function 00007FF751ABCF20: Concurrency::details::WorkQueue::IsStructuredEmpty.LIBCMTD ref: 00007FF751ABCFDD
                                                                                                                                                                                                                                                                                                                    • Part of subcall function 00007FF751ABCF20: shared_ptr.LIBCMTD ref: 00007FF751ABD013
                                                                                                                                                                                                                                                                                                                    • Part of subcall function 00007FF751ABCF20: Concurrency::details::WorkQueue::IsStructuredEmpty.LIBCMTD ref: 00007FF751ABD0AE
                                                                                                                                                                                                                                                                                                                    • Part of subcall function 00007FF751ABC510: shared_ptr.LIBCMTD ref: 00007FF751ABC585
                                                                                                                                                                                                                                                                                                                    • Part of subcall function 00007FF751ABC510: shared_ptr.LIBCMTD ref: 00007FF751ABC60E
                                                                                                                                                                                                                                                                                                                    • Part of subcall function 00007FF751A5F5F0: UnDecorator::getVbTableType.LIBCMTD ref: 00007FF751A5F631
                                                                                                                                                                                                                                                                                                                    • Part of subcall function 00007FF751ABC510: Concurrency::details::WorkQueue::IsStructuredEmpty.LIBCMTD ref: 00007FF751ABC810
                                                                                                                                                                                                                                                                                                                    • Part of subcall function 00007FF751B119E0: ShellExecuteW.SHELL32 ref: 00007FF751B11A84
                                                                                                                                                                                                                                                                                                                    • Part of subcall function 00007FF751B119E0: GetLastError.KERNEL32 ref: 00007FF751B11AA0
                                                                                                                                                                                                                                                                                                                  • SetForegroundWindow.USER32 ref: 00007FF751B1199F
                                                                                                                                                                                                                                                                                                                  • SetFocus.USER32 ref: 00007FF751B119AA
                                                                                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                                                                  • Source File: 0000000C.00000002.3060241232.00007FF751A41000.00000020.00000001.01000000.00000014.sdmp, Offset: 00007FF751A40000, based on PE: true
                                                                                                                                                                                                                                                                                                                  • Associated: 0000000C.00000002.3060132073.00007FF751A40000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 0000000C.00000002.3060819819.00007FF751C94000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 0000000C.00000002.3061160990.00007FF751CDA000.00000004.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 0000000C.00000002.3061264071.00007FF751CDB000.00000008.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 0000000C.00000002.3061350002.00007FF751CF0000.00000004.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 0000000C.00000002.3061425831.00007FF751CF2000.00000008.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 0000000C.00000002.3061583034.00007FF751CF6000.00000004.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 0000000C.00000002.3061583034.00007FF751D00000.00000004.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 0000000C.00000002.3061749541.00007FF751D03000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_12_2_7ff751a40000_PcAppStore.jbxd
                                                                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                                                                  • API ID: Concurrency::details::EmptyQueue::StructuredWorkshared_ptr$ErrorExecuteLastShell$Char_traitsDecorator::getFocusForegroundTableTypeWindowtype_info::_name_internal_method
                                                                                                                                                                                                                                                                                                                  • String ID: $&eCode=%lu&br=%ws$open$product$showInCurrentBrowser_error
                                                                                                                                                                                                                                                                                                                  • API String ID: 376287392-1600046415
                                                                                                                                                                                                                                                                                                                  • Opcode ID: 6c8e8dafc89f30cd58cf6edad19c5bfa1f2ed329a1f24ffda8485ec3ab653eda
                                                                                                                                                                                                                                                                                                                  • Instruction ID: 5ce8ab045ef566daff20a9ef9a6c3be150d139e45176a9b66e513f0dcebb48f5
                                                                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 6c8e8dafc89f30cd58cf6edad19c5bfa1f2ed329a1f24ffda8485ec3ab653eda
                                                                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: D791F572A0DAC191DB61AB50E4907EAB361FBC4381F855132E68D43B6EEFBCD548CB50
                                                                                                                                                                                                                                                                                                                  Function 00007FF751C29AD0 Relevance: 15.9, APIs: 5, Strings: 4, Instructions: 156COMMON
                                                                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                                                                  • Source File: 0000000C.00000002.3060241232.00007FF751A41000.00000020.00000001.01000000.00000014.sdmp, Offset: 00007FF751A40000, based on PE: true
                                                                                                                                                                                                                                                                                                                  • Associated: 0000000C.00000002.3060132073.00007FF751A40000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 0000000C.00000002.3060819819.00007FF751C94000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 0000000C.00000002.3061160990.00007FF751CDA000.00000004.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 0000000C.00000002.3061264071.00007FF751CDB000.00000008.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 0000000C.00000002.3061350002.00007FF751CF0000.00000004.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 0000000C.00000002.3061425831.00007FF751CF2000.00000008.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 0000000C.00000002.3061583034.00007FF751CF6000.00000004.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 0000000C.00000002.3061583034.00007FF751D00000.00000004.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 0000000C.00000002.3061749541.00007FF751D03000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_12_2_7ff751a40000_PcAppStore.jbxd
                                                                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                                                                  • API ID: Fac_nodeFac_node::_std::_$Concurrency::details::_SchedulerScheduler::_swap
                                                                                                                                                                                                                                                                                                                  • String ID: gmac$lmac$static_subs$subs
                                                                                                                                                                                                                                                                                                                  • API String ID: 1154989954-2161031053
                                                                                                                                                                                                                                                                                                                  • Opcode ID: 02b758086eae2016bc40bf239ec836b1a0e704b6b531f7d5647d3b294da4347a
                                                                                                                                                                                                                                                                                                                  • Instruction ID: b693b1d85479cf38fc5385b0b87655921e353e808c38821d05a9e5b32a5c7947
                                                                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 02b758086eae2016bc40bf239ec836b1a0e704b6b531f7d5647d3b294da4347a
                                                                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 0361626161DAC691DB21EB50E4513EAE321FBD4381FC45433DA8D43BAEEEACDA05CB10
                                                                                                                                                                                                                                                                                                                  Function 00007FF751ADB950 Relevance: 15.8, APIs: 8, Strings: 1, Instructions: 83windowCOMMON
                                                                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                                                                  • Source File: 0000000C.00000002.3060241232.00007FF751A41000.00000020.00000001.01000000.00000014.sdmp, Offset: 00007FF751A40000, based on PE: true
                                                                                                                                                                                                                                                                                                                  • Associated: 0000000C.00000002.3060132073.00007FF751A40000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 0000000C.00000002.3060819819.00007FF751C94000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 0000000C.00000002.3061160990.00007FF751CDA000.00000004.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 0000000C.00000002.3061264071.00007FF751CDB000.00000008.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 0000000C.00000002.3061350002.00007FF751CF0000.00000004.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 0000000C.00000002.3061425831.00007FF751CF2000.00000008.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 0000000C.00000002.3061583034.00007FF751CF6000.00000004.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 0000000C.00000002.3061583034.00007FF751D00000.00000004.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 0000000C.00000002.3061749541.00007FF751D03000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_12_2_7ff751a40000_PcAppStore.jbxd
                                                                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                                                                  • API ID: CompatibleCreateObjectSelect$BitmapConcurrency::details::_DeleteSchedulerScheduler::_
                                                                                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                                                                                  • API String ID: 2453095338-3916222277
                                                                                                                                                                                                                                                                                                                  • Opcode ID: 4a157430e549a642b0fe56f8a03242225d90b18dd2dcf83f4e9151f7f8dd8fa3
                                                                                                                                                                                                                                                                                                                  • Instruction ID: ea59aa03ae3a6f08be49d6919e0b3128dfd3d3bdd02a134881d1e4b9db008124
                                                                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 4a157430e549a642b0fe56f8a03242225d90b18dd2dcf83f4e9151f7f8dd8fa3
                                                                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 0841B336608B8586D760DB59F4807AAF7A0F7C9795F544026EA8D83B6CDF7CE844CB00
                                                                                                                                                                                                                                                                                                                  Function 00007FF751A6DAD0 Relevance: 14.4, APIs: 4, Strings: 4, Instructions: 394windowCOMMON
                                                                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                                                                  • SHAppBarMessage.SHELL32 ref: 00007FF751A6DD18
                                                                                                                                                                                                                                                                                                                    • Part of subcall function 00007FF751A620A0: _WChar_traits.LIBCPMTD ref: 00007FF751A620CD
                                                                                                                                                                                                                                                                                                                    • Part of subcall function 00007FF751ABCF20: type_info::_name_internal_method.LIBCMTD ref: 00007FF751ABCFB0
                                                                                                                                                                                                                                                                                                                    • Part of subcall function 00007FF751ABCF20: Concurrency::details::WorkQueue::IsStructuredEmpty.LIBCMTD ref: 00007FF751ABCFDD
                                                                                                                                                                                                                                                                                                                    • Part of subcall function 00007FF751ABCF20: shared_ptr.LIBCMTD ref: 00007FF751ABD013
                                                                                                                                                                                                                                                                                                                    • Part of subcall function 00007FF751ABCF20: Concurrency::details::WorkQueue::IsStructuredEmpty.LIBCMTD ref: 00007FF751ABD0AE
                                                                                                                                                                                                                                                                                                                    • Part of subcall function 00007FF751A5F5F0: UnDecorator::getVbTableType.LIBCMTD ref: 00007FF751A5F631
                                                                                                                                                                                                                                                                                                                    • Part of subcall function 00007FF751ABC510: shared_ptr.LIBCMTD ref: 00007FF751ABC585
                                                                                                                                                                                                                                                                                                                    • Part of subcall function 00007FF751ABC510: shared_ptr.LIBCMTD ref: 00007FF751ABC60E
                                                                                                                                                                                                                                                                                                                    • Part of subcall function 00007FF751ABC510: Concurrency::details::WorkQueue::IsStructuredEmpty.LIBCMTD ref: 00007FF751ABC810
                                                                                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                                                                  • Source File: 0000000C.00000002.3060241232.00007FF751A41000.00000020.00000001.01000000.00000014.sdmp, Offset: 00007FF751A40000, based on PE: true
                                                                                                                                                                                                                                                                                                                  • Associated: 0000000C.00000002.3060132073.00007FF751A40000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 0000000C.00000002.3060819819.00007FF751C94000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 0000000C.00000002.3061160990.00007FF751CDA000.00000004.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 0000000C.00000002.3061264071.00007FF751CDB000.00000008.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 0000000C.00000002.3061350002.00007FF751CF0000.00000004.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 0000000C.00000002.3061425831.00007FF751CF2000.00000008.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 0000000C.00000002.3061583034.00007FF751CF6000.00000004.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 0000000C.00000002.3061583034.00007FF751D00000.00000004.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 0000000C.00000002.3061749541.00007FF751D03000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_12_2_7ff751a40000_PcAppStore.jbxd
                                                                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                                                                  • API ID: Concurrency::details::EmptyQueue::StructuredWorkshared_ptr$Char_traitsDecorator::getMessageTableTypetype_info::_name_internal_method
                                                                                                                                                                                                                                                                                                                  • String ID: product$start_button_not_created$startbutton_skip_win11_autohide_panel$system_panel_not_found
                                                                                                                                                                                                                                                                                                                  • API String ID: 2049050782-76959595
                                                                                                                                                                                                                                                                                                                  • Opcode ID: d9ede8a2a8732b523d74f471932ab08814856ca00d2d845c9d9da81c4cacd035
                                                                                                                                                                                                                                                                                                                  • Instruction ID: dfa688ef4094000e41b9fb6d51e69de8a180efab143aa74b67e410381f541edf
                                                                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: d9ede8a2a8732b523d74f471932ab08814856ca00d2d845c9d9da81c4cacd035
                                                                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 8822E172A0DAC6A1DB71AB50E4907EAB360FBC4341F845132D68D83B6EEF6CD548CB50
                                                                                                                                                                                                                                                                                                                  Function 00007FF751A5BBB0 Relevance: 14.2, APIs: 6, Strings: 2, Instructions: 174COMMON
                                                                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                                                                  • Source File: 0000000C.00000002.3060241232.00007FF751A41000.00000020.00000001.01000000.00000014.sdmp, Offset: 00007FF751A40000, based on PE: true
                                                                                                                                                                                                                                                                                                                  • Associated: 0000000C.00000002.3060132073.00007FF751A40000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 0000000C.00000002.3060819819.00007FF751C94000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 0000000C.00000002.3061160990.00007FF751CDA000.00000004.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 0000000C.00000002.3061264071.00007FF751CDB000.00000008.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 0000000C.00000002.3061350002.00007FF751CF0000.00000004.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 0000000C.00000002.3061425831.00007FF751CF2000.00000008.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 0000000C.00000002.3061583034.00007FF751CF6000.00000004.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 0000000C.00000002.3061583034.00007FF751D00000.00000004.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 0000000C.00000002.3061749541.00007FF751D03000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_12_2_7ff751a40000_PcAppStore.jbxd
                                                                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                                                                  • API ID: shared_ptr$Decorator::getTableType
                                                                                                                                                                                                                                                                                                                  • String ID: 00010203040506070809101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899$d
                                                                                                                                                                                                                                                                                                                  • API String ID: 2700986858-2578503166
                                                                                                                                                                                                                                                                                                                  • Opcode ID: d51764334f926be7653f8378bfa4d67afcaddd17c08319c29395c766aec0f3fe
                                                                                                                                                                                                                                                                                                                  • Instruction ID: 0b2c7d2023930191cd3966d786438275905c889aeaa747068c568b0204a19465
                                                                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: d51764334f926be7653f8378bfa4d67afcaddd17c08319c29395c766aec0f3fe
                                                                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 75817122A1DBC185D721EB65E09076FF7A1EBC9781F984032E6CE4376EDE6CD5408B50
                                                                                                                                                                                                                                                                                                                  Function 00007FF751A5B8B0 Relevance: 14.2, APIs: 6, Strings: 2, Instructions: 167COMMON
                                                                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                                                                  • Source File: 0000000C.00000002.3060241232.00007FF751A41000.00000020.00000001.01000000.00000014.sdmp, Offset: 00007FF751A40000, based on PE: true
                                                                                                                                                                                                                                                                                                                  • Associated: 0000000C.00000002.3060132073.00007FF751A40000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 0000000C.00000002.3060819819.00007FF751C94000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 0000000C.00000002.3061160990.00007FF751CDA000.00000004.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 0000000C.00000002.3061264071.00007FF751CDB000.00000008.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 0000000C.00000002.3061350002.00007FF751CF0000.00000004.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 0000000C.00000002.3061425831.00007FF751CF2000.00000008.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 0000000C.00000002.3061583034.00007FF751CF6000.00000004.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 0000000C.00000002.3061583034.00007FF751D00000.00000004.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 0000000C.00000002.3061749541.00007FF751D03000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_12_2_7ff751a40000_PcAppStore.jbxd
                                                                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                                                                  • API ID: shared_ptr$Decorator::getTableType
                                                                                                                                                                                                                                                                                                                  • String ID: 00010203040506070809101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899$d
                                                                                                                                                                                                                                                                                                                  • API String ID: 2700986858-2578503166
                                                                                                                                                                                                                                                                                                                  • Opcode ID: 5dd419523b0cdca759efb859af36a7eda277eb830749c342967ed5e8aea3b7b9
                                                                                                                                                                                                                                                                                                                  • Instruction ID: 30c50fb175fdec6a452f554b4886b67e5a0d7a99fbd1d8591ea7bdd809796aee
                                                                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 5dd419523b0cdca759efb859af36a7eda277eb830749c342967ed5e8aea3b7b9
                                                                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 49816226A1DBC185D721EB65E09066FF7A1EBC5781F984032E6CE83B6EDE6CD500CB50
                                                                                                                                                                                                                                                                                                                  Function 00007FF751A5BED0 Relevance: 14.2, APIs: 6, Strings: 2, Instructions: 165COMMON
                                                                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                                                                  • Source File: 0000000C.00000002.3060241232.00007FF751A41000.00000020.00000001.01000000.00000014.sdmp, Offset: 00007FF751A40000, based on PE: true
                                                                                                                                                                                                                                                                                                                  • Associated: 0000000C.00000002.3060132073.00007FF751A40000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 0000000C.00000002.3060819819.00007FF751C94000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 0000000C.00000002.3061160990.00007FF751CDA000.00000004.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 0000000C.00000002.3061264071.00007FF751CDB000.00000008.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 0000000C.00000002.3061350002.00007FF751CF0000.00000004.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 0000000C.00000002.3061425831.00007FF751CF2000.00000008.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 0000000C.00000002.3061583034.00007FF751CF6000.00000004.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 0000000C.00000002.3061583034.00007FF751D00000.00000004.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 0000000C.00000002.3061749541.00007FF751D03000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_12_2_7ff751a40000_PcAppStore.jbxd
                                                                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                                                                  • API ID: shared_ptr$Decorator::getTableType
                                                                                                                                                                                                                                                                                                                  • String ID: 00010203040506070809101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899unordered_map/set too long$d
                                                                                                                                                                                                                                                                                                                  • API String ID: 2700986858-408903877
                                                                                                                                                                                                                                                                                                                  • Opcode ID: f2a3baa06432960142e500b164f9da7cbcff0ad2310113b3a3cab22557a1a0bd
                                                                                                                                                                                                                                                                                                                  • Instruction ID: ccca1957185138b7db635e369caa6d7954605439f9c7b6781b7f777754c9f5bf
                                                                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: f2a3baa06432960142e500b164f9da7cbcff0ad2310113b3a3cab22557a1a0bd
                                                                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: C8816122A1DBC185D721EB65E45076FF7A1EBC5B81F944032E6CE43B6EDE6CD4048B50
                                                                                                                                                                                                                                                                                                                  Function 00007FF751C23670 Relevance: 14.1, APIs: 4, Strings: 4, Instructions: 113COMMON
                                                                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                                                                  • UnDecorator::getVbTableType.LIBCMTD ref: 00007FF751C23707
                                                                                                                                                                                                                                                                                                                  • UnDecorator::getVbTableType.LIBCMTD ref: 00007FF751C2376B
                                                                                                                                                                                                                                                                                                                  • UnDecorator::getVbTableType.LIBCMTD ref: 00007FF751C237EA
                                                                                                                                                                                                                                                                                                                    • Part of subcall function 00007FF751A620A0: _WChar_traits.LIBCPMTD ref: 00007FF751A620CD
                                                                                                                                                                                                                                                                                                                    • Part of subcall function 00007FF751ABCF20: type_info::_name_internal_method.LIBCMTD ref: 00007FF751ABCFB0
                                                                                                                                                                                                                                                                                                                    • Part of subcall function 00007FF751ABCF20: Concurrency::details::WorkQueue::IsStructuredEmpty.LIBCMTD ref: 00007FF751ABCFDD
                                                                                                                                                                                                                                                                                                                    • Part of subcall function 00007FF751ABCF20: shared_ptr.LIBCMTD ref: 00007FF751ABD013
                                                                                                                                                                                                                                                                                                                    • Part of subcall function 00007FF751ABCF20: Concurrency::details::WorkQueue::IsStructuredEmpty.LIBCMTD ref: 00007FF751ABD0AE
                                                                                                                                                                                                                                                                                                                  • UnDecorator::getVbTableType.LIBCMTD ref: 00007FF751C23866
                                                                                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                                                                  • Source File: 0000000C.00000002.3060241232.00007FF751A41000.00000020.00000001.01000000.00000014.sdmp, Offset: 00007FF751A40000, based on PE: true
                                                                                                                                                                                                                                                                                                                  • Associated: 0000000C.00000002.3060132073.00007FF751A40000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 0000000C.00000002.3060819819.00007FF751C94000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 0000000C.00000002.3061160990.00007FF751CDA000.00000004.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 0000000C.00000002.3061264071.00007FF751CDB000.00000008.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 0000000C.00000002.3061350002.00007FF751CF0000.00000004.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 0000000C.00000002.3061425831.00007FF751CF2000.00000008.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 0000000C.00000002.3061583034.00007FF751CF6000.00000004.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 0000000C.00000002.3061583034.00007FF751D00000.00000004.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 0000000C.00000002.3061749541.00007FF751D03000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_12_2_7ff751a40000_PcAppStore.jbxd
                                                                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                                                                  • API ID: Decorator::getTableType$Concurrency::details::EmptyQueue::StructuredWork$Char_traitsshared_ptrtype_info::_name_internal_method
                                                                                                                                                                                                                                                                                                                  • String ID: hardware$invalid$printers$software
                                                                                                                                                                                                                                                                                                                  • API String ID: 2563449217-2681358197
                                                                                                                                                                                                                                                                                                                  • Opcode ID: 7fa1f37ce8de4c1ba5410aea7a6d127785409c1411ff86dcd309331fa9725909
                                                                                                                                                                                                                                                                                                                  • Instruction ID: 8fec794cc06678d1942665ab6e0b7adb50aed8507c8f5ade1607368789b51f23
                                                                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 7fa1f37ce8de4c1ba5410aea7a6d127785409c1411ff86dcd309331fa9725909
                                                                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: D3511472A0DAC185DB61AB10E4807AAB3A1FBC8381F845132E6CD43B6DDFBDD548CB50
                                                                                                                                                                                                                                                                                                                  Function 00007FF751AEA1D0 Relevance: 14.1, APIs: 6, Strings: 2, Instructions: 76COMMON
                                                                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                                                                  • Source File: 0000000C.00000002.3060241232.00007FF751A41000.00000020.00000001.01000000.00000014.sdmp, Offset: 00007FF751A40000, based on PE: true
                                                                                                                                                                                                                                                                                                                  • Associated: 0000000C.00000002.3060132073.00007FF751A40000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 0000000C.00000002.3060819819.00007FF751C94000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 0000000C.00000002.3061160990.00007FF751CDA000.00000004.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 0000000C.00000002.3061264071.00007FF751CDB000.00000008.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 0000000C.00000002.3061350002.00007FF751CF0000.00000004.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 0000000C.00000002.3061425831.00007FF751CF2000.00000008.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 0000000C.00000002.3061583034.00007FF751CF6000.00000004.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 0000000C.00000002.3061583034.00007FF751D00000.00000004.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 0000000C.00000002.3061749541.00007FF751D03000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_12_2_7ff751a40000_PcAppStore.jbxd
                                                                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                                                                  • API ID: Concurrency::details::Decorator::getEmptyQueue::StructuredTableTypeWork$Concurrency::task_continuation_context::task_continuation_contextbool_std::ios_base::good
                                                                                                                                                                                                                                                                                                                  • String ID: %5D=$s%5B
                                                                                                                                                                                                                                                                                                                  • API String ID: 2106438023-2722900981
                                                                                                                                                                                                                                                                                                                  • Opcode ID: f4897e33dbe00fae1d831188248e34d7fc0d0da920ff9373ff43d1ae7edde789
                                                                                                                                                                                                                                                                                                                  • Instruction ID: 6f2933bef684d669aab985e651c21601bc1bba53efbe73ac13a25b44d301c6e1
                                                                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: f4897e33dbe00fae1d831188248e34d7fc0d0da920ff9373ff43d1ae7edde789
                                                                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: DB31A462A1CA8291DB51FB91E4905BEE360FBC1781F845033F68D83B6EEEACD504CB10
                                                                                                                                                                                                                                                                                                                  Function 00007FF751AAB4E0 Relevance: 12.7, APIs: 2, Strings: 5, Instructions: 435synchronizationCOMMON
                                                                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                                                                    • Part of subcall function 00007FF751A620A0: _WChar_traits.LIBCPMTD ref: 00007FF751A620CD
                                                                                                                                                                                                                                                                                                                    • Part of subcall function 00007FF751ABCF20: type_info::_name_internal_method.LIBCMTD ref: 00007FF751ABCFB0
                                                                                                                                                                                                                                                                                                                    • Part of subcall function 00007FF751ABCF20: Concurrency::details::WorkQueue::IsStructuredEmpty.LIBCMTD ref: 00007FF751ABCFDD
                                                                                                                                                                                                                                                                                                                    • Part of subcall function 00007FF751ABCF20: shared_ptr.LIBCMTD ref: 00007FF751ABD013
                                                                                                                                                                                                                                                                                                                    • Part of subcall function 00007FF751ABCF20: Concurrency::details::WorkQueue::IsStructuredEmpty.LIBCMTD ref: 00007FF751ABD0AE
                                                                                                                                                                                                                                                                                                                  • WaitForSingleObject.KERNEL32 ref: 00007FF751AAB63C
                                                                                                                                                                                                                                                                                                                    • Part of subcall function 00007FF751ABC510: shared_ptr.LIBCMTD ref: 00007FF751ABC585
                                                                                                                                                                                                                                                                                                                    • Part of subcall function 00007FF751ABC510: shared_ptr.LIBCMTD ref: 00007FF751ABC60E
                                                                                                                                                                                                                                                                                                                    • Part of subcall function 00007FF751ABC510: Concurrency::details::WorkQueue::IsStructuredEmpty.LIBCMTD ref: 00007FF751ABC810
                                                                                                                                                                                                                                                                                                                    • Part of subcall function 00007FF751B114D0: Concurrency::details::_CriticalNonReentrantLock::_Scoped_lock::~_Scoped_lock.LIBCMTD ref: 00007FF751B114F7
                                                                                                                                                                                                                                                                                                                    • Part of subcall function 00007FF751B114D0: HandleT.LIBCPMTD ref: 00007FF751B11506
                                                                                                                                                                                                                                                                                                                    • Part of subcall function 00007FF751B114D0: std::ios_base::good.LIBCPMTD ref: 00007FF751B11542
                                                                                                                                                                                                                                                                                                                    • Part of subcall function 00007FF751B114D0: std::ios_base::good.LIBCPMTD ref: 00007FF751B11556
                                                                                                                                                                                                                                                                                                                  • WaitForSingleObject.KERNEL32 ref: 00007FF751AABF1D
                                                                                                                                                                                                                                                                                                                    • Part of subcall function 00007FF751A5AFB0: _Ptr_base.LIBCMTD ref: 00007FF751A5B032
                                                                                                                                                                                                                                                                                                                    • Part of subcall function 00007FF751A5AFB0: Concurrency::details::_CriticalNonReentrantLock::_Scoped_lock::~_Scoped_lock.LIBCMTD ref: 00007FF751A5B071
                                                                                                                                                                                                                                                                                                                    • Part of subcall function 00007FF751A5AFB0: HandleT.LIBCPMTD ref: 00007FF751A5B080
                                                                                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                                                                  • Source File: 0000000C.00000002.3060241232.00007FF751A41000.00000020.00000001.01000000.00000014.sdmp, Offset: 00007FF751A40000, based on PE: true
                                                                                                                                                                                                                                                                                                                  • Associated: 0000000C.00000002.3060132073.00007FF751A40000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 0000000C.00000002.3060819819.00007FF751C94000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 0000000C.00000002.3061160990.00007FF751CDA000.00000004.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 0000000C.00000002.3061264071.00007FF751CDB000.00000008.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 0000000C.00000002.3061350002.00007FF751CF0000.00000004.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 0000000C.00000002.3061425831.00007FF751CF2000.00000008.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 0000000C.00000002.3061583034.00007FF751CF6000.00000004.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 0000000C.00000002.3061583034.00007FF751D00000.00000004.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 0000000C.00000002.3061749541.00007FF751D03000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_12_2_7ff751a40000_PcAppStore.jbxd
                                                                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                                                                  • API ID: Concurrency::details::EmptyQueue::StructuredWorkshared_ptr$Concurrency::details::_CriticalHandleLock::_ObjectReentrantScoped_lockScoped_lock::~_SingleWaitstd::ios_base::good$Char_traitsPtr_basetype_info::_name_internal_method
                                                                                                                                                                                                                                                                                                                  • String ID: /p.gif$ev.pcapp.store$pcdetails$process_add$process_delete
                                                                                                                                                                                                                                                                                                                  • API String ID: 154154597-3242555254
                                                                                                                                                                                                                                                                                                                  • Opcode ID: 587183cac12abb71eee5b833e4e46d49c6dec3cd9c305389e0cd0ab4d4a1ecf3
                                                                                                                                                                                                                                                                                                                  • Instruction ID: ddb75698656fb3f1732f0e53b2e71a5a52374221e1961bcc277f8fb74e275185
                                                                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 587183cac12abb71eee5b833e4e46d49c6dec3cd9c305389e0cd0ab4d4a1ecf3
                                                                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: F742B07260EBC591DBB2AB50E4906EAB3A4FBC4741F801126D68D83B6EEF7CD544CB50
                                                                                                                                                                                                                                                                                                                  Function 00007FF751ADD4D0 Relevance: 12.5, APIs: 5, Strings: 2, Instructions: 212registryCOMMON
                                                                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                                                                    • Part of subcall function 00007FF751A620A0: _WChar_traits.LIBCPMTD ref: 00007FF751A620CD
                                                                                                                                                                                                                                                                                                                    • Part of subcall function 00007FF751ABCF20: type_info::_name_internal_method.LIBCMTD ref: 00007FF751ABCFB0
                                                                                                                                                                                                                                                                                                                    • Part of subcall function 00007FF751ABCF20: Concurrency::details::WorkQueue::IsStructuredEmpty.LIBCMTD ref: 00007FF751ABCFDD
                                                                                                                                                                                                                                                                                                                    • Part of subcall function 00007FF751ABCF20: shared_ptr.LIBCMTD ref: 00007FF751ABD013
                                                                                                                                                                                                                                                                                                                    • Part of subcall function 00007FF751ABCF20: Concurrency::details::WorkQueue::IsStructuredEmpty.LIBCMTD ref: 00007FF751ABD0AE
                                                                                                                                                                                                                                                                                                                    • Part of subcall function 00007FF751A61F00: Concurrency::details::WorkQueue::IsStructuredEmpty.LIBCMTD ref: 00007FF751A61F1D
                                                                                                                                                                                                                                                                                                                    • Part of subcall function 00007FF751AF4F70: RegCreateKeyW.ADVAPI32 ref: 00007FF751AF4F9A
                                                                                                                                                                                                                                                                                                                    • Part of subcall function 00007FF751AF4F70: RegDeleteValueW.ADVAPI32(?,?,?,?,?,?,?,?,00007FF751ADD69F), ref: 00007FF751AF4FCB
                                                                                                                                                                                                                                                                                                                    • Part of subcall function 00007FF751AF4F70: RegCloseKey.ADVAPI32(?,?,?,?,?,?,?,?,00007FF751ADD69F), ref: 00007FF751AF4FDA
                                                                                                                                                                                                                                                                                                                    • Part of subcall function 00007FF751AF4F70: RegCloseKey.ADVAPI32(?,?,?,?,?,?,?,?,00007FF751ADD69F), ref: 00007FF751AF5006
                                                                                                                                                                                                                                                                                                                  • RegOpenKeyExW.ADVAPI32 ref: 00007FF751ADD81E
                                                                                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                                                                                  • Software\Microsoft\Windows\CurrentVersion\Run, xrefs: 00007FF751ADD4F3
                                                                                                                                                                                                                                                                                                                  • Software\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\Run, xrefs: 00007FF751ADD55A
                                                                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                                                                  • Source File: 0000000C.00000002.3060241232.00007FF751A41000.00000020.00000001.01000000.00000014.sdmp, Offset: 00007FF751A40000, based on PE: true
                                                                                                                                                                                                                                                                                                                  • Associated: 0000000C.00000002.3060132073.00007FF751A40000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 0000000C.00000002.3060819819.00007FF751C94000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 0000000C.00000002.3061160990.00007FF751CDA000.00000004.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 0000000C.00000002.3061264071.00007FF751CDB000.00000008.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 0000000C.00000002.3061350002.00007FF751CF0000.00000004.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 0000000C.00000002.3061425831.00007FF751CF2000.00000008.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 0000000C.00000002.3061583034.00007FF751CF6000.00000004.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 0000000C.00000002.3061583034.00007FF751D00000.00000004.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 0000000C.00000002.3061749541.00007FF751D03000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_12_2_7ff751a40000_PcAppStore.jbxd
                                                                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                                                                  • API ID: Concurrency::details::EmptyQueue::StructuredWork$Close$Char_traitsCreateDeleteOpenValueshared_ptrtype_info::_name_internal_method
                                                                                                                                                                                                                                                                                                                  • String ID: Software\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\Run$Software\Microsoft\Windows\CurrentVersion\Run
                                                                                                                                                                                                                                                                                                                  • API String ID: 1230779726-377293507
                                                                                                                                                                                                                                                                                                                  • Opcode ID: 830968e17e419bf37e1e69099c3d9feba708ebd71e5a271540706b690ce920e2
                                                                                                                                                                                                                                                                                                                  • Instruction ID: 99cca614c8a2ffbff6449e8d4caeab47ba01687337a714cc607d39acde42ceba
                                                                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 830968e17e419bf37e1e69099c3d9feba708ebd71e5a271540706b690ce920e2
                                                                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 36C1E23260DAC185DBB1AB51E4907EBB3A4EBC9781F845122EACD83B6DDF6DC544CB10
                                                                                                                                                                                                                                                                                                                  Function 00007FF751B19130 Relevance: 12.5, APIs: 4, Strings: 3, Instructions: 209COMMON
                                                                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                                                                    • Part of subcall function 00007FF751A620A0: _WChar_traits.LIBCPMTD ref: 00007FF751A620CD
                                                                                                                                                                                                                                                                                                                    • Part of subcall function 00007FF751ABCF20: type_info::_name_internal_method.LIBCMTD ref: 00007FF751ABCFB0
                                                                                                                                                                                                                                                                                                                    • Part of subcall function 00007FF751ABCF20: Concurrency::details::WorkQueue::IsStructuredEmpty.LIBCMTD ref: 00007FF751ABCFDD
                                                                                                                                                                                                                                                                                                                    • Part of subcall function 00007FF751ABCF20: shared_ptr.LIBCMTD ref: 00007FF751ABD013
                                                                                                                                                                                                                                                                                                                    • Part of subcall function 00007FF751ABCF20: Concurrency::details::WorkQueue::IsStructuredEmpty.LIBCMTD ref: 00007FF751ABD0AE
                                                                                                                                                                                                                                                                                                                  • SysFreeString.OLEAUT32 ref: 00007FF751B1927B
                                                                                                                                                                                                                                                                                                                    • Part of subcall function 00007FF751AA2E00: _Subatomic.LIBCONCRTD ref: 00007FF751AA2E6E
                                                                                                                                                                                                                                                                                                                    • Part of subcall function 00007FF751B19C20: _WChar_traits.LIBCPMTD ref: 00007FF751B19C38
                                                                                                                                                                                                                                                                                                                  • Concurrency::details::_Scheduler::_Scheduler.LIBCMTD ref: 00007FF751B19301
                                                                                                                                                                                                                                                                                                                  • Concurrency::details::HardwareAffinity::operator!=.LIBCMTD ref: 00007FF751B1931B
                                                                                                                                                                                                                                                                                                                    • Part of subcall function 00007FF751B16E40: type_info::_name_internal_method.LIBCMTD ref: 00007FF751B16E58
                                                                                                                                                                                                                                                                                                                  • Concurrency::details::WorkQueue::IsStructuredEmpty.LIBCMTD ref: 00007FF751B19382
                                                                                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                                                                  • Source File: 0000000C.00000002.3060241232.00007FF751A41000.00000020.00000001.01000000.00000014.sdmp, Offset: 00007FF751A40000, based on PE: true
                                                                                                                                                                                                                                                                                                                  • Associated: 0000000C.00000002.3060132073.00007FF751A40000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 0000000C.00000002.3060819819.00007FF751C94000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 0000000C.00000002.3061160990.00007FF751CDA000.00000004.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 0000000C.00000002.3061264071.00007FF751CDB000.00000008.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 0000000C.00000002.3061350002.00007FF751CF0000.00000004.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 0000000C.00000002.3061425831.00007FF751CF2000.00000008.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 0000000C.00000002.3061583034.00007FF751CF6000.00000004.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 0000000C.00000002.3061583034.00007FF751D00000.00000004.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 0000000C.00000002.3061749541.00007FF751D03000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_12_2_7ff751a40000_PcAppStore.jbxd
                                                                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                                                                  • API ID: Concurrency::details::$EmptyQueue::StructuredWork$Char_traitstype_info::_name_internal_method$Affinity::operator!=Concurrency::details::_FreeHardwareSchedulerScheduler::_StringSubatomicshared_ptr
                                                                                                                                                                                                                                                                                                                  • String ID: \u%0.4x${"app": {"hide_window": "menu_search"}}${"app": {"menu_search" : {"search_request":"%ws", "page":"a"}}}
                                                                                                                                                                                                                                                                                                                  • API String ID: 4145472168-1521549704
                                                                                                                                                                                                                                                                                                                  • Opcode ID: b3e70db6f84c5b9a58feb2e2c201f0a6799b0a1b8f5d5347173183d1ad810f12
                                                                                                                                                                                                                                                                                                                  • Instruction ID: 1a14849365931f6f79e863cb649d900662d8a20b92dbf28cb574437387f3f096
                                                                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: b3e70db6f84c5b9a58feb2e2c201f0a6799b0a1b8f5d5347173183d1ad810f12
                                                                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 5BB1392260CAC191EB61AB55E4907EAF360FBC4381F851132E68D83BAEDF6CD549CB50
                                                                                                                                                                                                                                                                                                                  Function 00007FF751B19DF0 Relevance: 12.4, APIs: 6, Strings: 1, Instructions: 169COMMON
                                                                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                                                                                  • {"app":{"menu_search":{"top":%d,"left":%d,"bottom":%d,"right":%d}}}, xrefs: 00007FF751B1A02A
                                                                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                                                                  • Source File: 0000000C.00000002.3060241232.00007FF751A41000.00000020.00000001.01000000.00000014.sdmp, Offset: 00007FF751A40000, based on PE: true
                                                                                                                                                                                                                                                                                                                  • Associated: 0000000C.00000002.3060132073.00007FF751A40000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 0000000C.00000002.3060819819.00007FF751C94000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 0000000C.00000002.3061160990.00007FF751CDA000.00000004.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 0000000C.00000002.3061264071.00007FF751CDB000.00000008.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 0000000C.00000002.3061350002.00007FF751CF0000.00000004.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 0000000C.00000002.3061425831.00007FF751CF2000.00000008.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 0000000C.00000002.3061583034.00007FF751CF6000.00000004.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 0000000C.00000002.3061583034.00007FF751D00000.00000004.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 0000000C.00000002.3061749541.00007FF751D03000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_12_2_7ff751a40000_PcAppStore.jbxd
                                                                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                                                                  • API ID: Concurrency::details::EmptyQueue::StructuredWork$MetricsSystem$Char_traitsRectWindow
                                                                                                                                                                                                                                                                                                                  • String ID: {"app":{"menu_search":{"top":%d,"left":%d,"bottom":%d,"right":%d}}}
                                                                                                                                                                                                                                                                                                                  • API String ID: 817925545-1772490695
                                                                                                                                                                                                                                                                                                                  • Opcode ID: 12e9d39186d2cb1b263f3ae9f2a5f3ca7d3a643b9f95cfa53cf2bf63a73e07fc
                                                                                                                                                                                                                                                                                                                  • Instruction ID: f1d7ceafd00e9467a42e10c4ff03841be453dc2b90ba6b58133587cfac34743f
                                                                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 12e9d39186d2cb1b263f3ae9f2a5f3ca7d3a643b9f95cfa53cf2bf63a73e07fc
                                                                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 32813832A19AC186D762EB64E4507ABF361FBC5381F805132E68E83A6DEF7CD444CB50
                                                                                                                                                                                                                                                                                                                  Function 00007FF751A63B3E Relevance: 12.4, APIs: 3, Strings: 4, Instructions: 147COMMON
                                                                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                                                                    • Part of subcall function 00007FF751B09D20: OpenEventW.KERNEL32 ref: 00007FF751B09E7D
                                                                                                                                                                                                                                                                                                                    • Part of subcall function 00007FF751C4D228: Concurrency::cancel_current_task.LIBCPMT ref: 00007FF751C4D258
                                                                                                                                                                                                                                                                                                                    • Part of subcall function 00007FF751C4D228: Concurrency::cancel_current_task.LIBCPMT ref: 00007FF751C4D25E
                                                                                                                                                                                                                                                                                                                    • Part of subcall function 00007FF751A89270: Concurrency::details::_Scheduler::_Scheduler.LIBCMTD ref: 00007FF751A892A3
                                                                                                                                                                                                                                                                                                                    • Part of subcall function 00007FF751A89270: Concurrency::details::_Scheduler::_Scheduler.LIBCMTD ref: 00007FF751A89332
                                                                                                                                                                                                                                                                                                                    • Part of subcall function 00007FF751A89270: Concurrency::details::_Scheduler::_Scheduler.LIBCMTD ref: 00007FF751A893E3
                                                                                                                                                                                                                                                                                                                  • CreateDirectoryW.KERNEL32 ref: 00007FF751A63CB9
                                                                                                                                                                                                                                                                                                                    • Part of subcall function 00007FF751A620A0: _WChar_traits.LIBCPMTD ref: 00007FF751A620CD
                                                                                                                                                                                                                                                                                                                    • Part of subcall function 00007FF751ABCF20: type_info::_name_internal_method.LIBCMTD ref: 00007FF751ABCFB0
                                                                                                                                                                                                                                                                                                                    • Part of subcall function 00007FF751ABCF20: Concurrency::details::WorkQueue::IsStructuredEmpty.LIBCMTD ref: 00007FF751ABCFDD
                                                                                                                                                                                                                                                                                                                    • Part of subcall function 00007FF751ABCF20: shared_ptr.LIBCMTD ref: 00007FF751ABD013
                                                                                                                                                                                                                                                                                                                    • Part of subcall function 00007FF751ABCF20: Concurrency::details::WorkQueue::IsStructuredEmpty.LIBCMTD ref: 00007FF751ABD0AE
                                                                                                                                                                                                                                                                                                                    • Part of subcall function 00007FF751A61F00: Concurrency::details::WorkQueue::IsStructuredEmpty.LIBCMTD ref: 00007FF751A61F1D
                                                                                                                                                                                                                                                                                                                  • CreateEventW.KERNEL32 ref: 00007FF751A63DB6
                                                                                                                                                                                                                                                                                                                  • UnDecorator::getVbTableType.LIBCMTD ref: 00007FF751A63E1C
                                                                                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                                                                  • Source File: 0000000C.00000002.3060241232.00007FF751A41000.00000020.00000001.01000000.00000014.sdmp, Offset: 00007FF751A40000, based on PE: true
                                                                                                                                                                                                                                                                                                                  • Associated: 0000000C.00000002.3060132073.00007FF751A40000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 0000000C.00000002.3060819819.00007FF751C94000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 0000000C.00000002.3061160990.00007FF751CDA000.00000004.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 0000000C.00000002.3061264071.00007FF751CDB000.00000008.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 0000000C.00000002.3061350002.00007FF751CF0000.00000004.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 0000000C.00000002.3061425831.00007FF751CF2000.00000008.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 0000000C.00000002.3061583034.00007FF751CF6000.00000004.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 0000000C.00000002.3061583034.00007FF751D00000.00000004.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 0000000C.00000002.3061749541.00007FF751D03000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_12_2_7ff751a40000_PcAppStore.jbxd
                                                                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                                                                  • API ID: Concurrency::details::Concurrency::details::_EmptyQueue::SchedulerScheduler::_StructuredWork$Concurrency::cancel_current_taskCreateEvent$Char_traitsDecorator::getDirectoryOpenTableTypeshared_ptrtype_info::_name_internal_method
                                                                                                                                                                                                                                                                                                                  • String ID: DEBUGSCREEN_EVENT$\download$o/$.
                                                                                                                                                                                                                                                                                                                  • API String ID: 3827159027-3546884877
                                                                                                                                                                                                                                                                                                                  • Opcode ID: 19bcbf85567e2912e321f08c111f658c306c9247c023a44d0cc0c2b1d1f62979
                                                                                                                                                                                                                                                                                                                  • Instruction ID: cd067fd69ccd36d9a9dedf2570e036c285bae2270d6b860cf6a7c3145fd59010
                                                                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 19bcbf85567e2912e321f08c111f658c306c9247c023a44d0cc0c2b1d1f62979
                                                                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 0D71F232A19AC180DB71AB51E4957EEA360FBC4781F844432DA8E43B6EDF6DD544CB60
                                                                                                                                                                                                                                                                                                                  Function 00007FF751C6DFEC Relevance: 12.4, APIs: 5, Strings: 2, Instructions: 117libraryloaderCOMMONLIBRARYCODE
                                                                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                                                                  • FreeLibrary.KERNEL32(?,?,?,00007FF751C6EA38,?,?,?,?,00007FF751C64CBD,?,?,?,?,00007FF751C2A8A8), ref: 00007FF751C6E168
                                                                                                                                                                                                                                                                                                                  • GetProcAddress.KERNEL32(?,?,?,00007FF751C6EA38,?,?,?,?,00007FF751C64CBD,?,?,?,?,00007FF751C2A8A8), ref: 00007FF751C6E174
                                                                                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                                                                  • Source File: 0000000C.00000002.3060241232.00007FF751A41000.00000020.00000001.01000000.00000014.sdmp, Offset: 00007FF751A40000, based on PE: true
                                                                                                                                                                                                                                                                                                                  • Associated: 0000000C.00000002.3060132073.00007FF751A40000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 0000000C.00000002.3060819819.00007FF751C94000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 0000000C.00000002.3061160990.00007FF751CDA000.00000004.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 0000000C.00000002.3061264071.00007FF751CDB000.00000008.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 0000000C.00000002.3061350002.00007FF751CF0000.00000004.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 0000000C.00000002.3061425831.00007FF751CF2000.00000008.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 0000000C.00000002.3061583034.00007FF751CF6000.00000004.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 0000000C.00000002.3061583034.00007FF751D00000.00000004.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 0000000C.00000002.3061749541.00007FF751D03000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_12_2_7ff751a40000_PcAppStore.jbxd
                                                                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                                                                  • API ID: AddressFreeLibraryProc
                                                                                                                                                                                                                                                                                                                  • String ID: api-ms-$ext-ms-
                                                                                                                                                                                                                                                                                                                  • API String ID: 3013587201-537541572
                                                                                                                                                                                                                                                                                                                  • Opcode ID: 1d85757e07993c8bc347a7f606f080e8f87b1f1d8ea1d4e6b2f9cf9ed8136548
                                                                                                                                                                                                                                                                                                                  • Instruction ID: 5f136ff52433afee046944c5ceb1bc2cd7e1cea8a0ae21d0ddf9b0310f460c8e
                                                                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 1d85757e07993c8bc347a7f606f080e8f87b1f1d8ea1d4e6b2f9cf9ed8136548
                                                                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: A8418CB1B09A4281FB15EB9A9C00975A391BF06BD2FAD4136DD0D4774CEFBEE4859320
                                                                                                                                                                                                                                                                                                                  Function 00007FF751AA5CD0 Relevance: 12.4, APIs: 4, Strings: 3, Instructions: 102registryCOMMON
                                                                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                                                                    • Part of subcall function 00007FF751A620A0: _WChar_traits.LIBCPMTD ref: 00007FF751A620CD
                                                                                                                                                                                                                                                                                                                    • Part of subcall function 00007FF751ABCF20: type_info::_name_internal_method.LIBCMTD ref: 00007FF751ABCFB0
                                                                                                                                                                                                                                                                                                                    • Part of subcall function 00007FF751ABCF20: Concurrency::details::WorkQueue::IsStructuredEmpty.LIBCMTD ref: 00007FF751ABCFDD
                                                                                                                                                                                                                                                                                                                    • Part of subcall function 00007FF751ABCF20: shared_ptr.LIBCMTD ref: 00007FF751ABD013
                                                                                                                                                                                                                                                                                                                    • Part of subcall function 00007FF751ABCF20: Concurrency::details::WorkQueue::IsStructuredEmpty.LIBCMTD ref: 00007FF751ABD0AE
                                                                                                                                                                                                                                                                                                                  • GetModuleFileNameW.KERNEL32 ref: 00007FF751AA5DD6
                                                                                                                                                                                                                                                                                                                    • Part of subcall function 00007FF751A61F00: Concurrency::details::WorkQueue::IsStructuredEmpty.LIBCMTD ref: 00007FF751A61F1D
                                                                                                                                                                                                                                                                                                                  • RegOpenKeyExW.ADVAPI32 ref: 00007FF751AA5E51
                                                                                                                                                                                                                                                                                                                  • RegSetValueExW.ADVAPI32 ref: 00007FF751AA5EAA
                                                                                                                                                                                                                                                                                                                  • RegCloseKey.ADVAPI32 ref: 00007FF751AA5ECE
                                                                                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                                                                  • Source File: 0000000C.00000002.3060241232.00007FF751A41000.00000020.00000001.01000000.00000014.sdmp, Offset: 00007FF751A40000, based on PE: true
                                                                                                                                                                                                                                                                                                                  • Associated: 0000000C.00000002.3060132073.00007FF751A40000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 0000000C.00000002.3060819819.00007FF751C94000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 0000000C.00000002.3061160990.00007FF751CDA000.00000004.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 0000000C.00000002.3061264071.00007FF751CDB000.00000008.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 0000000C.00000002.3061350002.00007FF751CF0000.00000004.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 0000000C.00000002.3061425831.00007FF751CF2000.00000008.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 0000000C.00000002.3061583034.00007FF751CF6000.00000004.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 0000000C.00000002.3061583034.00007FF751D00000.00000004.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 0000000C.00000002.3061749541.00007FF751D03000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_12_2_7ff751a40000_PcAppStore.jbxd
                                                                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                                                                  • API ID: Concurrency::details::EmptyQueue::StructuredWork$Char_traitsCloseFileModuleNameOpenValueshared_ptrtype_info::_name_internal_method
                                                                                                                                                                                                                                                                                                                  • String ID: PCAppStore$Software\PCAppStore$status
                                                                                                                                                                                                                                                                                                                  • API String ID: 2919119571-3586994989
                                                                                                                                                                                                                                                                                                                  • Opcode ID: 44ae340ddb1129a80ba8e721adccd8ab948fd3bffe26c46763aaa6c9c5679822
                                                                                                                                                                                                                                                                                                                  • Instruction ID: a93258f20446463a0db46b99f5933e42b4ea59d093258594ca4c26a1496f74a1
                                                                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 44ae340ddb1129a80ba8e721adccd8ab948fd3bffe26c46763aaa6c9c5679822
                                                                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 3F510672A19BC186DB61EB50E4807AAB3A4FBC4781F805132E68D83B6DEF7CD544CB10
                                                                                                                                                                                                                                                                                                                  Function 00007FF751C13ED0 Relevance: 12.2, APIs: 8, Instructions: 233COMMON
                                                                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                                                                  • Source File: 0000000C.00000002.3060241232.00007FF751A41000.00000020.00000001.01000000.00000014.sdmp, Offset: 00007FF751A40000, based on PE: true
                                                                                                                                                                                                                                                                                                                  • Associated: 0000000C.00000002.3060132073.00007FF751A40000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 0000000C.00000002.3060819819.00007FF751C94000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 0000000C.00000002.3061160990.00007FF751CDA000.00000004.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 0000000C.00000002.3061264071.00007FF751CDB000.00000008.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 0000000C.00000002.3061350002.00007FF751CF0000.00000004.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 0000000C.00000002.3061425831.00007FF751CF2000.00000008.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 0000000C.00000002.3061583034.00007FF751CF6000.00000004.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 0000000C.00000002.3061583034.00007FF751D00000.00000004.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 0000000C.00000002.3061749541.00007FF751D03000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_12_2_7ff751a40000_PcAppStore.jbxd
                                                                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                                                                  • API ID: allocator
                                                                                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                                                                                  • API String ID: 3447690668-0
                                                                                                                                                                                                                                                                                                                  • Opcode ID: 87f3e0d182604fd6e21cf6c8169be1b99c9270371829333a6fb891db4741f2a6
                                                                                                                                                                                                                                                                                                                  • Instruction ID: 1eff34e6e8cad08bbb11e1311ac27bbdaf05b6b253daba8812406db84e919290
                                                                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 87f3e0d182604fd6e21cf6c8169be1b99c9270371829333a6fb891db4741f2a6
                                                                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 34B17BA264DB8581DB709B56F08026BE3A0FB89785FA40136EACD43B6DDF7DD440CB90
                                                                                                                                                                                                                                                                                                                  Function 00007FF751A516E0 Relevance: 12.2, APIs: 8, Instructions: 225COMMON
                                                                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                                                                  • Source File: 0000000C.00000002.3060241232.00007FF751A41000.00000020.00000001.01000000.00000014.sdmp, Offset: 00007FF751A40000, based on PE: true
                                                                                                                                                                                                                                                                                                                  • Associated: 0000000C.00000002.3060132073.00007FF751A40000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 0000000C.00000002.3060819819.00007FF751C94000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 0000000C.00000002.3061160990.00007FF751CDA000.00000004.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 0000000C.00000002.3061264071.00007FF751CDB000.00000008.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 0000000C.00000002.3061350002.00007FF751CF0000.00000004.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 0000000C.00000002.3061425831.00007FF751CF2000.00000008.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 0000000C.00000002.3061583034.00007FF751CF6000.00000004.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 0000000C.00000002.3061583034.00007FF751D00000.00000004.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 0000000C.00000002.3061749541.00007FF751D03000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_12_2_7ff751a40000_PcAppStore.jbxd
                                                                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                                                                  • API ID: Concurrency::details::EmptyQueue::StructuredWorkallocator
                                                                                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                                                                                  • API String ID: 1755220593-0
                                                                                                                                                                                                                                                                                                                  • Opcode ID: e7789f2d05bc047ef9c0f926dd3a5f05f4c8c8174b3464fc6e3fa575e9f58018
                                                                                                                                                                                                                                                                                                                  • Instruction ID: c652dd3951fa3c336e52f6c356bb9db51fc3413a8ad6950de2f8c4b43dc6498d
                                                                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: e7789f2d05bc047ef9c0f926dd3a5f05f4c8c8174b3464fc6e3fa575e9f58018
                                                                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 2FB1372660CBC584DB719B56E0903AAE7A0FBC5B85F458022DECD47B6ADFBDC444CB50
                                                                                                                                                                                                                                                                                                                  Function 00007FF751A958E0 Relevance: 12.2, APIs: 8, Instructions: 170COMMON
                                                                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                                                                  • Source File: 0000000C.00000002.3060241232.00007FF751A41000.00000020.00000001.01000000.00000014.sdmp, Offset: 00007FF751A40000, based on PE: true
                                                                                                                                                                                                                                                                                                                  • Associated: 0000000C.00000002.3060132073.00007FF751A40000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 0000000C.00000002.3060819819.00007FF751C94000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 0000000C.00000002.3061160990.00007FF751CDA000.00000004.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 0000000C.00000002.3061264071.00007FF751CDB000.00000008.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 0000000C.00000002.3061350002.00007FF751CF0000.00000004.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 0000000C.00000002.3061425831.00007FF751CF2000.00000008.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 0000000C.00000002.3061583034.00007FF751CF6000.00000004.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 0000000C.00000002.3061583034.00007FF751D00000.00000004.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 0000000C.00000002.3061749541.00007FF751D03000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_12_2_7ff751a40000_PcAppStore.jbxd
                                                                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                                                                  • API ID: Concurrency::details::Concurrency::details::_CriticalEmptyFileHandleLock::_MappedNameOpenProcessQueryQueue::ReentrantScoped_lockScoped_lock::~_StructuredVirtualWork
                                                                                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                                                                                  • API String ID: 898040559-0
                                                                                                                                                                                                                                                                                                                  • Opcode ID: d09c3f56f442d4097cf9366ba55c8868ed0a64263d26db5950305164af757ff6
                                                                                                                                                                                                                                                                                                                  • Instruction ID: c1d270b4e53252210986b0c8fdaf6861b2ac150ad3d4b1e53bd9a41e7bf8e79d
                                                                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: d09c3f56f442d4097cf9366ba55c8868ed0a64263d26db5950305164af757ff6
                                                                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: CF815E2260D68186E761EB54E48176AF3A0FB88795F840137E68D82BADDFBCD5848B50
                                                                                                                                                                                                                                                                                                                  Function 00007FF751AD3AD0 Relevance: 11.0, APIs: 1, Strings: 5, Instructions: 488COMMON
                                                                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                                                                  • Source File: 0000000C.00000002.3060241232.00007FF751A41000.00000020.00000001.01000000.00000014.sdmp, Offset: 00007FF751A40000, based on PE: true
                                                                                                                                                                                                                                                                                                                  • Associated: 0000000C.00000002.3060132073.00007FF751A40000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 0000000C.00000002.3060819819.00007FF751C94000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 0000000C.00000002.3061160990.00007FF751CDA000.00000004.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 0000000C.00000002.3061264071.00007FF751CDB000.00000008.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 0000000C.00000002.3061350002.00007FF751CF0000.00000004.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 0000000C.00000002.3061425831.00007FF751CF2000.00000008.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 0000000C.00000002.3061583034.00007FF751CF6000.00000004.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 0000000C.00000002.3061583034.00007FF751D00000.00000004.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 0000000C.00000002.3061749541.00007FF751D03000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_12_2_7ff751a40000_PcAppStore.jbxd
                                                                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                                                                  • API ID: Func_class
                                                                                                                                                                                                                                                                                                                  • String ID: array$object$object key$object separator$value
                                                                                                                                                                                                                                                                                                                  • API String ID: 1670654298-2448007618
                                                                                                                                                                                                                                                                                                                  • Opcode ID: 5bb3edbd4ab9532af77f8cddad68888096e065c3eaee42d12b7543e38c15322b
                                                                                                                                                                                                                                                                                                                  • Instruction ID: c96bbecbd4fb465eba5348350387badb2ed94b1ee323171bb3792de9e3135f71
                                                                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 5bb3edbd4ab9532af77f8cddad68888096e065c3eaee42d12b7543e38c15322b
                                                                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 7E42266660DBC185DBB2AB51E4906EEB3A4EBC4785F840136E68D87B5EDFBCC540CB10
                                                                                                                                                                                                                                                                                                                  Function 00007FF751AD2410 Relevance: 11.0, APIs: 1, Strings: 5, Instructions: 488COMMON
                                                                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                                                                  • Source File: 0000000C.00000002.3060241232.00007FF751A41000.00000020.00000001.01000000.00000014.sdmp, Offset: 00007FF751A40000, based on PE: true
                                                                                                                                                                                                                                                                                                                  • Associated: 0000000C.00000002.3060132073.00007FF751A40000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 0000000C.00000002.3060819819.00007FF751C94000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 0000000C.00000002.3061160990.00007FF751CDA000.00000004.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 0000000C.00000002.3061264071.00007FF751CDB000.00000008.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 0000000C.00000002.3061350002.00007FF751CF0000.00000004.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 0000000C.00000002.3061425831.00007FF751CF2000.00000008.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 0000000C.00000002.3061583034.00007FF751CF6000.00000004.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 0000000C.00000002.3061583034.00007FF751D00000.00000004.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 0000000C.00000002.3061749541.00007FF751D03000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_12_2_7ff751a40000_PcAppStore.jbxd
                                                                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                                                                  • API ID: Func_class
                                                                                                                                                                                                                                                                                                                  • String ID: array$object$object key$object separator$value
                                                                                                                                                                                                                                                                                                                  • API String ID: 1670654298-2448007618
                                                                                                                                                                                                                                                                                                                  • Opcode ID: 9af421ee5fbbbb33b253e4a913a66caef0e64b56951372928a626809330db9e9
                                                                                                                                                                                                                                                                                                                  • Instruction ID: cb653c89c2ddfcd621b358ea386fa4130612f3ffe03a4a0000a0a650a4c8c9c3
                                                                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 9af421ee5fbbbb33b253e4a913a66caef0e64b56951372928a626809330db9e9
                                                                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 1242466660DBC185DBB2AB91E4806EEB364EBC4785F840136E68D87B5EDFBCC540CB10
                                                                                                                                                                                                                                                                                                                  Function 00007FF751C27C50 Relevance: 10.7, APIs: 4, Strings: 2, Instructions: 241COMMON
                                                                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                                                                  • GetIpNetTable.IPHLPAPI ref: 00007FF751C27CD8
                                                                                                                                                                                                                                                                                                                  • GetIpNetTable.IPHLPAPI ref: 00007FF751C27D2D
                                                                                                                                                                                                                                                                                                                    • Part of subcall function 00007FF751C286C0: Concurrency::details::WorkQueue::IsStructuredEmpty.LIBCMTD ref: 00007FF751C286FD
                                                                                                                                                                                                                                                                                                                    • Part of subcall function 00007FF751C286C0: inet_addr.WS2_32 ref: 00007FF751C28705
                                                                                                                                                                                                                                                                                                                    • Part of subcall function 00007FF751C286C0: SendARP.IPHLPAPI ref: 00007FF751C28719
                                                                                                                                                                                                                                                                                                                    • Part of subcall function 00007FF751C286C0: Concurrency::task_continuation_context::task_continuation_context.LIBCPMTD ref: 00007FF751C28810
                                                                                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                                                                  • Source File: 0000000C.00000002.3060241232.00007FF751A41000.00000020.00000001.01000000.00000014.sdmp, Offset: 00007FF751A40000, based on PE: true
                                                                                                                                                                                                                                                                                                                  • Associated: 0000000C.00000002.3060132073.00007FF751A40000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 0000000C.00000002.3060819819.00007FF751C94000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 0000000C.00000002.3061160990.00007FF751CDA000.00000004.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 0000000C.00000002.3061264071.00007FF751CDB000.00000008.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 0000000C.00000002.3061350002.00007FF751CF0000.00000004.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 0000000C.00000002.3061425831.00007FF751CF2000.00000008.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 0000000C.00000002.3061583034.00007FF751CF6000.00000004.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 0000000C.00000002.3061583034.00007FF751D00000.00000004.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 0000000C.00000002.3061749541.00007FF751D03000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_12_2_7ff751a40000_PcAppStore.jbxd
                                                                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                                                                  • API ID: Table$Concurrency::details::Concurrency::task_continuation_context::task_continuation_contextEmptyQueue::SendStructuredWorkinet_addr
                                                                                                                                                                                                                                                                                                                  • String ID: lNetwork_collection_error$pcdetails
                                                                                                                                                                                                                                                                                                                  • API String ID: 3607897767-947819457
                                                                                                                                                                                                                                                                                                                  • Opcode ID: a85a8c5c0c7d72ed3d684aa6475100f452a146505f64c3ed4e4e4deb0d92f0f4
                                                                                                                                                                                                                                                                                                                  • Instruction ID: f7a4ab460592a036385231fdd85d773517da248876c9b02522207a069096fd7b
                                                                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: a85a8c5c0c7d72ed3d684aa6475100f452a146505f64c3ed4e4e4deb0d92f0f4
                                                                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: DEC1267260DAC292DB61EB54E4807EEA360FBC4781F945032E68D87BADDFADD544CB10
                                                                                                                                                                                                                                                                                                                  Function 00007FF751C28170 Relevance: 10.7, APIs: 2, Strings: 4, Instructions: 231COMMON
                                                                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                                                                    • Part of subcall function 00007FF751A620A0: _WChar_traits.LIBCPMTD ref: 00007FF751A620CD
                                                                                                                                                                                                                                                                                                                    • Part of subcall function 00007FF751ABCF20: type_info::_name_internal_method.LIBCMTD ref: 00007FF751ABCFB0
                                                                                                                                                                                                                                                                                                                    • Part of subcall function 00007FF751ABCF20: Concurrency::details::WorkQueue::IsStructuredEmpty.LIBCMTD ref: 00007FF751ABCFDD
                                                                                                                                                                                                                                                                                                                    • Part of subcall function 00007FF751ABCF20: shared_ptr.LIBCMTD ref: 00007FF751ABD013
                                                                                                                                                                                                                                                                                                                    • Part of subcall function 00007FF751ABCF20: Concurrency::details::WorkQueue::IsStructuredEmpty.LIBCMTD ref: 00007FF751ABD0AE
                                                                                                                                                                                                                                                                                                                    • Part of subcall function 00007FF751C27C50: GetIpNetTable.IPHLPAPI ref: 00007FF751C27CD8
                                                                                                                                                                                                                                                                                                                    • Part of subcall function 00007FF751C27C50: GetIpNetTable.IPHLPAPI ref: 00007FF751C27D2D
                                                                                                                                                                                                                                                                                                                    • Part of subcall function 00007FF751ABC510: shared_ptr.LIBCMTD ref: 00007FF751ABC585
                                                                                                                                                                                                                                                                                                                    • Part of subcall function 00007FF751ABC510: shared_ptr.LIBCMTD ref: 00007FF751ABC60E
                                                                                                                                                                                                                                                                                                                  • Concurrency::details::_CriticalNonReentrantLock::_Scoped_lock::~_Scoped_lock.LIBCMTD ref: 00007FF751C2834A
                                                                                                                                                                                                                                                                                                                  • HandleT.LIBCPMTD ref: 00007FF751C28359
                                                                                                                                                                                                                                                                                                                    • Part of subcall function 00007FF751A5F5F0: UnDecorator::getVbTableType.LIBCMTD ref: 00007FF751A5F631
                                                                                                                                                                                                                                                                                                                    • Part of subcall function 00007FF751ABC510: Concurrency::details::WorkQueue::IsStructuredEmpty.LIBCMTD ref: 00007FF751ABC810
                                                                                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                                                                  • Source File: 0000000C.00000002.3060241232.00007FF751A41000.00000020.00000001.01000000.00000014.sdmp, Offset: 00007FF751A40000, based on PE: true
                                                                                                                                                                                                                                                                                                                  • Associated: 0000000C.00000002.3060132073.00007FF751A40000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 0000000C.00000002.3060819819.00007FF751C94000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 0000000C.00000002.3061160990.00007FF751CDA000.00000004.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 0000000C.00000002.3061264071.00007FF751CDB000.00000008.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 0000000C.00000002.3061350002.00007FF751CF0000.00000004.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 0000000C.00000002.3061425831.00007FF751CF2000.00000008.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 0000000C.00000002.3061583034.00007FF751CF6000.00000004.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 0000000C.00000002.3061583034.00007FF751D00000.00000004.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 0000000C.00000002.3061749541.00007FF751D03000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_12_2_7ff751a40000_PcAppStore.jbxd
                                                                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                                                                  • API ID: Concurrency::details::EmptyQueue::StructuredTableWorkshared_ptr$Char_traitsConcurrency::details::_CriticalDecorator::getHandleLock::_ReentrantScoped_lockScoped_lock::~_Typetype_info::_name_internal_method
                                                                                                                                                                                                                                                                                                                  • String ID: addon=$lNetwork_is_empty$nfamily2$pcdetails
                                                                                                                                                                                                                                                                                                                  • API String ID: 718836504-649101667
                                                                                                                                                                                                                                                                                                                  • Opcode ID: 7f94aab712203bd88723932e8506cfb9888a157668aca0c0993877db1a6f9123
                                                                                                                                                                                                                                                                                                                  • Instruction ID: a9d29c2bd1ac0c331d37307757106bd6a184332b9e18babe6aa90a667fc76e88
                                                                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 7f94aab712203bd88723932e8506cfb9888a157668aca0c0993877db1a6f9123
                                                                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: E4C1F372A0DAC291DB71EB54E4906EAB3A4FBC8340F845532D68D83B6EEF6CD544CB50
                                                                                                                                                                                                                                                                                                                  Function 00007FF751A598F2 Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 147COMMON
                                                                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                                                                  • Source File: 0000000C.00000002.3060241232.00007FF751A41000.00000020.00000001.01000000.00000014.sdmp, Offset: 00007FF751A40000, based on PE: true
                                                                                                                                                                                                                                                                                                                  • Associated: 0000000C.00000002.3060132073.00007FF751A40000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 0000000C.00000002.3060819819.00007FF751C94000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 0000000C.00000002.3061160990.00007FF751CDA000.00000004.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 0000000C.00000002.3061264071.00007FF751CDB000.00000008.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 0000000C.00000002.3061350002.00007FF751CF0000.00000004.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 0000000C.00000002.3061425831.00007FF751CF2000.00000008.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 0000000C.00000002.3061583034.00007FF751CF6000.00000004.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 0000000C.00000002.3061583034.00007FF751D00000.00000004.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 0000000C.00000002.3061749541.00007FF751D03000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_12_2_7ff751a40000_PcAppStore.jbxd
                                                                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                                                                  • API ID: Mailbox
                                                                                                                                                                                                                                                                                                                  • String ID: 5
                                                                                                                                                                                                                                                                                                                  • API String ID: 1763892119-2226203566
                                                                                                                                                                                                                                                                                                                  • Opcode ID: bc75f9c5e8dc118e23fafe836bd8015b4ec506f4111864bc9ff950c671904bbc
                                                                                                                                                                                                                                                                                                                  • Instruction ID: 23a8c747f34eef839756113443779a4274874fd4b1a35652d8ed88334a407fad
                                                                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: bc75f9c5e8dc118e23fafe836bd8015b4ec506f4111864bc9ff950c671904bbc
                                                                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 0D616C3260CAC585DB61DA55E4507ABA7A0F7C8784F840236EACD87FACEFACC545CB00
                                                                                                                                                                                                                                                                                                                  Function 00007FF751C01BF0 Relevance: 10.6, APIs: 7, Instructions: 118sleepwindowCOMMON
                                                                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                                                                  • Source File: 0000000C.00000002.3060241232.00007FF751A41000.00000020.00000001.01000000.00000014.sdmp, Offset: 00007FF751A40000, based on PE: true
                                                                                                                                                                                                                                                                                                                  • Associated: 0000000C.00000002.3060132073.00007FF751A40000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 0000000C.00000002.3060819819.00007FF751C94000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 0000000C.00000002.3061160990.00007FF751CDA000.00000004.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 0000000C.00000002.3061264071.00007FF751CDB000.00000008.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 0000000C.00000002.3061350002.00007FF751CF0000.00000004.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 0000000C.00000002.3061425831.00007FF751CF2000.00000008.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 0000000C.00000002.3061583034.00007FF751CF6000.00000004.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 0000000C.00000002.3061583034.00007FF751D00000.00000004.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 0000000C.00000002.3061749541.00007FF751D03000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_12_2_7ff751a40000_PcAppStore.jbxd
                                                                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                                                                  • API ID: CompatibleCreateListObject$BitmapDeleteReleaseSelectSleep
                                                                                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                                                                                  • API String ID: 1446415516-0
                                                                                                                                                                                                                                                                                                                  • Opcode ID: 47d71481013b1be867d4336326a2ff739bbc6966a64f5f48a9b75f29d6b0d725
                                                                                                                                                                                                                                                                                                                  • Instruction ID: fe1a6ca7822153b5d8f674dc8c36760b1037afc61d2d90c7ae6ff48a793d5c77
                                                                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 47d71481013b1be867d4336326a2ff739bbc6966a64f5f48a9b75f29d6b0d725
                                                                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 5351F776609B85C1EB60EB15E8903AEA7B0F7C8B95F540131DA8E43BA8DF7DD445CB10
                                                                                                                                                                                                                                                                                                                  Function 00007FF751A89270 Relevance: 10.6, APIs: 3, Strings: 3, Instructions: 97COMMON
                                                                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                                                                  • Concurrency::details::_Scheduler::_Scheduler.LIBCMTD ref: 00007FF751A892A3
                                                                                                                                                                                                                                                                                                                    • Part of subcall function 00007FF751A5F5F0: UnDecorator::getVbTableType.LIBCMTD ref: 00007FF751A5F631
                                                                                                                                                                                                                                                                                                                  • Concurrency::details::_Scheduler::_Scheduler.LIBCMTD ref: 00007FF751A89332
                                                                                                                                                                                                                                                                                                                    • Part of subcall function 00007FF751C0FB40: AppendMenuW.USER32 ref: 00007FF751C0FE47
                                                                                                                                                                                                                                                                                                                  • Concurrency::details::_Scheduler::_Scheduler.LIBCMTD ref: 00007FF751A893E3
                                                                                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                                                                  • Source File: 0000000C.00000002.3060241232.00007FF751A41000.00000020.00000001.01000000.00000014.sdmp, Offset: 00007FF751A40000, based on PE: true
                                                                                                                                                                                                                                                                                                                  • Associated: 0000000C.00000002.3060132073.00007FF751A40000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 0000000C.00000002.3060819819.00007FF751C94000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 0000000C.00000002.3061160990.00007FF751CDA000.00000004.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 0000000C.00000002.3061264071.00007FF751CDB000.00000008.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 0000000C.00000002.3061350002.00007FF751CF0000.00000004.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 0000000C.00000002.3061425831.00007FF751CF2000.00000008.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 0000000C.00000002.3061583034.00007FF751CF6000.00000004.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 0000000C.00000002.3061583034.00007FF751D00000.00000004.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 0000000C.00000002.3061749541.00007FF751D03000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_12_2_7ff751a40000_PcAppStore.jbxd
                                                                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                                                                  • API ID: Concurrency::details::_SchedulerScheduler::_$AppendDecorator::getMenuTableType
                                                                                                                                                                                                                                                                                                                  • String ID: Exit$My Account$Settings
                                                                                                                                                                                                                                                                                                                  • API String ID: 3946477610-1629594250
                                                                                                                                                                                                                                                                                                                  • Opcode ID: 6429cf4835536c662b36860c8ed173ec02c0a5213dbb205f388e0878240fe50c
                                                                                                                                                                                                                                                                                                                  • Instruction ID: b2c97b9222b88ca63b119a85a54ed9b1d806fb75879d10402d1e317417da0826
                                                                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 6429cf4835536c662b36860c8ed173ec02c0a5213dbb205f388e0878240fe50c
                                                                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 0C410372619A8185EB60AB15E49079BF3A0FBC5780F944032EACD43B6EEF7CD544CB40
                                                                                                                                                                                                                                                                                                                  Function 00007FF751A89A60 Relevance: 9.3, APIs: 6, Instructions: 251COMMON
                                                                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                                                                  • Source File: 0000000C.00000002.3060241232.00007FF751A41000.00000020.00000001.01000000.00000014.sdmp, Offset: 00007FF751A40000, based on PE: true
                                                                                                                                                                                                                                                                                                                  • Associated: 0000000C.00000002.3060132073.00007FF751A40000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 0000000C.00000002.3060819819.00007FF751C94000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 0000000C.00000002.3061160990.00007FF751CDA000.00000004.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 0000000C.00000002.3061264071.00007FF751CDB000.00000008.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 0000000C.00000002.3061350002.00007FF751CF0000.00000004.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 0000000C.00000002.3061425831.00007FF751CF2000.00000008.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 0000000C.00000002.3061583034.00007FF751CF6000.00000004.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 0000000C.00000002.3061583034.00007FF751D00000.00000004.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 0000000C.00000002.3061749541.00007FF751D03000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_12_2_7ff751a40000_PcAppStore.jbxd
                                                                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                                                                  • API ID: Decorator::getTableTypebool_shared_ptr$Concurrency::details::EmptyQueue::StructuredWork
                                                                                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                                                                                  • API String ID: 2631667939-0
                                                                                                                                                                                                                                                                                                                  • Opcode ID: c904623a3ce403e14681a4e87aaac23377394260031c806bc5547b4a44b5b08b
                                                                                                                                                                                                                                                                                                                  • Instruction ID: ce327cea4c7ff6be74a0a7d8f18b6e7723ffe9e185f536699c590ed6da0ad853
                                                                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: c904623a3ce403e14681a4e87aaac23377394260031c806bc5547b4a44b5b08b
                                                                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 86C1332260DAC590EB62EB55E4906FEE360FBC5781F844033E68D47BAEDEACD544CB50
                                                                                                                                                                                                                                                                                                                  Function 00007FF751C32118 Relevance: 9.2, APIs: 6, Instructions: 206COMMONLIBRARYCODE
                                                                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                                                                  • Source File: 0000000C.00000002.3060241232.00007FF751A41000.00000020.00000001.01000000.00000014.sdmp, Offset: 00007FF751A40000, based on PE: true
                                                                                                                                                                                                                                                                                                                  • Associated: 0000000C.00000002.3060132073.00007FF751A40000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 0000000C.00000002.3060819819.00007FF751C94000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 0000000C.00000002.3061160990.00007FF751CDA000.00000004.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 0000000C.00000002.3061264071.00007FF751CDB000.00000008.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 0000000C.00000002.3061350002.00007FF751CF0000.00000004.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 0000000C.00000002.3061425831.00007FF751CF2000.00000008.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 0000000C.00000002.3061583034.00007FF751CF6000.00000004.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 0000000C.00000002.3061583034.00007FF751D00000.00000004.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 0000000C.00000002.3061749541.00007FF751D03000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_12_2_7ff751a40000_PcAppStore.jbxd
                                                                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                                                                  • API ID: ByteCharMultiStringWide
                                                                                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                                                                                  • API String ID: 2829165498-0
                                                                                                                                                                                                                                                                                                                  • Opcode ID: 01ed220b028cff9f51bf204e5416cc27fd06cd8da5fe255f055c0b2484d135b1
                                                                                                                                                                                                                                                                                                                  • Instruction ID: 0f2e43c2fdbc8ec935b48cc412e138eff195c61b3842a9c110ce0bc17eb0fd48
                                                                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 01ed220b028cff9f51bf204e5416cc27fd06cd8da5fe255f055c0b2484d135b1
                                                                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: BF81E4B2A0874586EF609F51A840279F295FB54BE9FA80231EA5E47BDCEFBDD4008710
                                                                                                                                                                                                                                                                                                                  Function 00007FF751AFB5D0 Relevance: 9.1, APIs: 6, Instructions: 122COMMON
                                                                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                                                                  • Source File: 0000000C.00000002.3060241232.00007FF751A41000.00000020.00000001.01000000.00000014.sdmp, Offset: 00007FF751A40000, based on PE: true
                                                                                                                                                                                                                                                                                                                  • Associated: 0000000C.00000002.3060132073.00007FF751A40000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 0000000C.00000002.3060819819.00007FF751C94000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 0000000C.00000002.3061160990.00007FF751CDA000.00000004.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 0000000C.00000002.3061264071.00007FF751CDB000.00000008.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 0000000C.00000002.3061350002.00007FF751CF0000.00000004.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 0000000C.00000002.3061425831.00007FF751CF2000.00000008.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 0000000C.00000002.3061583034.00007FF751CF6000.00000004.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 0000000C.00000002.3061583034.00007FF751D00000.00000004.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 0000000C.00000002.3061749541.00007FF751D03000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_12_2_7ff751a40000_PcAppStore.jbxd
                                                                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                                                                  • API ID: Concurrency::details::EmptyQueue::StructuredWork$task$Is_slash_oper::operatorstd::_
                                                                                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                                                                                  • API String ID: 486407804-0
                                                                                                                                                                                                                                                                                                                  • Opcode ID: 85d1fdf79d362c350cadb97b458a5a1ffe7a4fd5dfff044f727837e34d9eeaac
                                                                                                                                                                                                                                                                                                                  • Instruction ID: 87ba96d8d71750fa2a3ae833edd61424809ea612a91e12c8f6013a31e4e02609
                                                                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 85d1fdf79d362c350cadb97b458a5a1ffe7a4fd5dfff044f727837e34d9eeaac
                                                                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: F351132661DB8581DB61EB56E49066EE3A0F7C4B81F984037EECD87B6DDE7CD0418B10
                                                                                                                                                                                                                                                                                                                  Function 00007FF751C2BBEC Relevance: 9.1, APIs: 6, Instructions: 94threadCOMMONLIBRARYCODE
                                                                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                                                                  • GetCurrentThreadId.KERNEL32 ref: 00007FF751C2BC3D
                                                                                                                                                                                                                                                                                                                  • AcquireSRWLockExclusive.KERNEL32(?,?,?,?,?,?,?,00007FF751AA1C2B,?,?,?,?,00007FF751A62838), ref: 00007FF751C2BC5C
                                                                                                                                                                                                                                                                                                                  • AcquireSRWLockExclusive.KERNEL32(?,?,?,?,?,?,?,00007FF751AA1C2B,?,?,?,?,00007FF751A62838), ref: 00007FF751C2BC7E
                                                                                                                                                                                                                                                                                                                  • sys_get_time.LIBCPMT ref: 00007FF751C2BC99
                                                                                                                                                                                                                                                                                                                  • TryAcquireSRWLockExclusive.KERNEL32(?,?,?,?,?,?,?,00007FF751AA1C2B,?,?,?,?,00007FF751A62838), ref: 00007FF751C2BCBF
                                                                                                                                                                                                                                                                                                                  • TryAcquireSRWLockExclusive.KERNEL32(?,?,?,?,?,?,?,00007FF751AA1C2B,?,?,?,?,00007FF751A62838), ref: 00007FF751C2BCD7
                                                                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                                                                  • Source File: 0000000C.00000002.3060241232.00007FF751A41000.00000020.00000001.01000000.00000014.sdmp, Offset: 00007FF751A40000, based on PE: true
                                                                                                                                                                                                                                                                                                                  • Associated: 0000000C.00000002.3060132073.00007FF751A40000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 0000000C.00000002.3060819819.00007FF751C94000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 0000000C.00000002.3061160990.00007FF751CDA000.00000004.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 0000000C.00000002.3061264071.00007FF751CDB000.00000008.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 0000000C.00000002.3061350002.00007FF751CF0000.00000004.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 0000000C.00000002.3061425831.00007FF751CF2000.00000008.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 0000000C.00000002.3061583034.00007FF751CF6000.00000004.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 0000000C.00000002.3061583034.00007FF751D00000.00000004.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 0000000C.00000002.3061749541.00007FF751D03000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_12_2_7ff751a40000_PcAppStore.jbxd
                                                                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                                                                  • API ID: AcquireExclusiveLock$CurrentThreadsys_get_time
                                                                                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                                                                                  • API String ID: 184115430-0
                                                                                                                                                                                                                                                                                                                  • Opcode ID: 28675dba11d3331f56ef89b0485d7da9becbe311d57fd935fc2a797e05da8544
                                                                                                                                                                                                                                                                                                                  • Instruction ID: 0b954a555831bd1c84e805572a5c3633eae937cce57942063964cbe4540e6633
                                                                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 28675dba11d3331f56ef89b0485d7da9becbe311d57fd935fc2a797e05da8544
                                                                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 3F4160B2A18A46C7E724AF14E480378B360FB14B46FA84071D69D4369DDFBFE891C711
                                                                                                                                                                                                                                                                                                                  Function 00007FF751A7F5D0 Relevance: 8.9, APIs: 4, Strings: 1, Instructions: 184COMMON
                                                                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                                                                  • Source File: 0000000C.00000002.3060241232.00007FF751A41000.00000020.00000001.01000000.00000014.sdmp, Offset: 00007FF751A40000, based on PE: true
                                                                                                                                                                                                                                                                                                                  • Associated: 0000000C.00000002.3060132073.00007FF751A40000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 0000000C.00000002.3060819819.00007FF751C94000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 0000000C.00000002.3061160990.00007FF751CDA000.00000004.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 0000000C.00000002.3061264071.00007FF751CDB000.00000008.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 0000000C.00000002.3061350002.00007FF751CF0000.00000004.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 0000000C.00000002.3061425831.00007FF751CF2000.00000008.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 0000000C.00000002.3061583034.00007FF751CF6000.00000004.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 0000000C.00000002.3061583034.00007FF751D00000.00000004.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 0000000C.00000002.3061749541.00007FF751D03000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_12_2_7ff751a40000_PcAppStore.jbxd
                                                                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                                                                  • API ID: Affinity::operator!=Concurrency::details::Hardware$Concurrency::details::_Min_valueSchedulerScheduler::_shared_ptr
                                                                                                                                                                                                                                                                                                                  • String ID: invalid hash bucket count
                                                                                                                                                                                                                                                                                                                  • API String ID: 122474871-1101463472
                                                                                                                                                                                                                                                                                                                  • Opcode ID: 14be2dd4a8355187ab81cc5bbb3d9a86b459486a37cba0d257b503f501cc16c8
                                                                                                                                                                                                                                                                                                                  • Instruction ID: 1142bcb224168fc5321020050fa4180a99a048afbe56031cb06959fab59149bb
                                                                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 14be2dd4a8355187ab81cc5bbb3d9a86b459486a37cba0d257b503f501cc16c8
                                                                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: E1911A2660DB8581DB61EB55F4906AAF3A0FBC4781F940032EACD83BADDF6CD605CB50
                                                                                                                                                                                                                                                                                                                  Function 00007FF751C19530 Relevance: 8.9, APIs: 4, Strings: 1, Instructions: 184COMMON
                                                                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                                                                  • Source File: 0000000C.00000002.3060241232.00007FF751A41000.00000020.00000001.01000000.00000014.sdmp, Offset: 00007FF751A40000, based on PE: true
                                                                                                                                                                                                                                                                                                                  • Associated: 0000000C.00000002.3060132073.00007FF751A40000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 0000000C.00000002.3060819819.00007FF751C94000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 0000000C.00000002.3061160990.00007FF751CDA000.00000004.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 0000000C.00000002.3061264071.00007FF751CDB000.00000008.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 0000000C.00000002.3061350002.00007FF751CF0000.00000004.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 0000000C.00000002.3061425831.00007FF751CF2000.00000008.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 0000000C.00000002.3061583034.00007FF751CF6000.00000004.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 0000000C.00000002.3061583034.00007FF751D00000.00000004.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 0000000C.00000002.3061749541.00007FF751D03000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_12_2_7ff751a40000_PcAppStore.jbxd
                                                                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                                                                  • API ID: Affinity::operator!=Concurrency::details::Hardware$Concurrency::details::_Min_valueSchedulerScheduler::_shared_ptr
                                                                                                                                                                                                                                                                                                                  • String ID: invalid hash bucket count
                                                                                                                                                                                                                                                                                                                  • API String ID: 122474871-1101463472
                                                                                                                                                                                                                                                                                                                  • Opcode ID: 9962eb86e294d4f7c48d6b97ed4a1d06016537a93ff7ba95a456898fe5de1956
                                                                                                                                                                                                                                                                                                                  • Instruction ID: a14bb159618a8ccc29569674ab5f1453126ed17dca7dde8ac4cff66dafd20749
                                                                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 9962eb86e294d4f7c48d6b97ed4a1d06016537a93ff7ba95a456898fe5de1956
                                                                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 3F91196660DB8581DB60EB55E4902AEF3A0FBC8781F940032EACE47BADDF6CD545CB50
                                                                                                                                                                                                                                                                                                                  Function 00007FF751A962D0 Relevance: 8.9, APIs: 3, Strings: 2, Instructions: 120registryCOMMON
                                                                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                                                                    • Part of subcall function 00007FF751A620A0: _WChar_traits.LIBCPMTD ref: 00007FF751A620CD
                                                                                                                                                                                                                                                                                                                    • Part of subcall function 00007FF751ABCF20: type_info::_name_internal_method.LIBCMTD ref: 00007FF751ABCFB0
                                                                                                                                                                                                                                                                                                                    • Part of subcall function 00007FF751ABCF20: Concurrency::details::WorkQueue::IsStructuredEmpty.LIBCMTD ref: 00007FF751ABCFDD
                                                                                                                                                                                                                                                                                                                    • Part of subcall function 00007FF751ABCF20: shared_ptr.LIBCMTD ref: 00007FF751ABD013
                                                                                                                                                                                                                                                                                                                    • Part of subcall function 00007FF751ABCF20: Concurrency::details::WorkQueue::IsStructuredEmpty.LIBCMTD ref: 00007FF751ABD0AE
                                                                                                                                                                                                                                                                                                                    • Part of subcall function 00007FF751A61F00: Concurrency::details::WorkQueue::IsStructuredEmpty.LIBCMTD ref: 00007FF751A61F1D
                                                                                                                                                                                                                                                                                                                  • RegOpenKeyExW.ADVAPI32 ref: 00007FF751A9644E
                                                                                                                                                                                                                                                                                                                  • RegQueryValueExW.ADVAPI32 ref: 00007FF751A96507
                                                                                                                                                                                                                                                                                                                  • RegCloseKey.ADVAPI32 ref: 00007FF751A96533
                                                                                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                                                                  • Source File: 0000000C.00000002.3060241232.00007FF751A41000.00000020.00000001.01000000.00000014.sdmp, Offset: 00007FF751A40000, based on PE: true
                                                                                                                                                                                                                                                                                                                  • Associated: 0000000C.00000002.3060132073.00007FF751A40000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 0000000C.00000002.3060819819.00007FF751C94000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 0000000C.00000002.3061160990.00007FF751CDA000.00000004.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 0000000C.00000002.3061264071.00007FF751CDB000.00000008.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 0000000C.00000002.3061350002.00007FF751CF0000.00000004.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 0000000C.00000002.3061425831.00007FF751CF2000.00000008.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 0000000C.00000002.3061583034.00007FF751CF6000.00000004.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 0000000C.00000002.3061583034.00007FF751D00000.00000004.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 0000000C.00000002.3061749541.00007FF751D03000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_12_2_7ff751a40000_PcAppStore.jbxd
                                                                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                                                                  • API ID: Concurrency::details::EmptyQueue::StructuredWork$Char_traitsCloseOpenQueryValueshared_ptrtype_info::_name_internal_method
                                                                                                                                                                                                                                                                                                                  • String ID: Software\PCAppStore$status
                                                                                                                                                                                                                                                                                                                  • API String ID: 2952970082-3794422696
                                                                                                                                                                                                                                                                                                                  • Opcode ID: 8824e1f5e7690f4ebb0312f02aa6628d7b4166fa6654e07b2f30b5956763ae28
                                                                                                                                                                                                                                                                                                                  • Instruction ID: aff1840f0230a12f80d3bcd5b401d9617603f26c356d55570ac712495172aff7
                                                                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 8824e1f5e7690f4ebb0312f02aa6628d7b4166fa6654e07b2f30b5956763ae28
                                                                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: CA61D232A19AC185DB61EB50E4907ABB3A4FBC4781F805136E68D42B6DEF7DD448CB50
                                                                                                                                                                                                                                                                                                                  Function 00007FF751A6D6F0 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 98COMMON
                                                                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                                                                    • Part of subcall function 00007FF751A620A0: _WChar_traits.LIBCPMTD ref: 00007FF751A620CD
                                                                                                                                                                                                                                                                                                                    • Part of subcall function 00007FF751ABCF20: type_info::_name_internal_method.LIBCMTD ref: 00007FF751ABCFB0
                                                                                                                                                                                                                                                                                                                    • Part of subcall function 00007FF751ABCF20: Concurrency::details::WorkQueue::IsStructuredEmpty.LIBCMTD ref: 00007FF751ABCFDD
                                                                                                                                                                                                                                                                                                                    • Part of subcall function 00007FF751ABCF20: shared_ptr.LIBCMTD ref: 00007FF751ABD013
                                                                                                                                                                                                                                                                                                                    • Part of subcall function 00007FF751ABCF20: Concurrency::details::WorkQueue::IsStructuredEmpty.LIBCMTD ref: 00007FF751ABD0AE
                                                                                                                                                                                                                                                                                                                    • Part of subcall function 00007FF751ABC510: shared_ptr.LIBCMTD ref: 00007FF751ABC585
                                                                                                                                                                                                                                                                                                                    • Part of subcall function 00007FF751ABC510: shared_ptr.LIBCMTD ref: 00007FF751ABC60E
                                                                                                                                                                                                                                                                                                                    • Part of subcall function 00007FF751A61F00: Concurrency::details::WorkQueue::IsStructuredEmpty.LIBCMTD ref: 00007FF751A61F1D
                                                                                                                                                                                                                                                                                                                  • type_info::_name_internal_method.LIBCMTD ref: 00007FF751A6D873
                                                                                                                                                                                                                                                                                                                  • type_info::_name_internal_method.LIBCMTD ref: 00007FF751A6D8A5
                                                                                                                                                                                                                                                                                                                  • Concurrency::details::WorkQueue::IsStructuredEmpty.LIBCMTD ref: 00007FF751A6D8B2
                                                                                                                                                                                                                                                                                                                    • Part of subcall function 00007FF751B11610: ShellExecuteW.SHELL32 ref: 00007FF751B11679
                                                                                                                                                                                                                                                                                                                    • Part of subcall function 00007FF751B11610: GetLastError.KERNEL32 ref: 00007FF751B1168F
                                                                                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                                                                  • Source File: 0000000C.00000002.3060241232.00007FF751A41000.00000020.00000001.01000000.00000014.sdmp, Offset: 00007FF751A40000, based on PE: true
                                                                                                                                                                                                                                                                                                                  • Associated: 0000000C.00000002.3060132073.00007FF751A40000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 0000000C.00000002.3060819819.00007FF751C94000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 0000000C.00000002.3061160990.00007FF751CDA000.00000004.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 0000000C.00000002.3061264071.00007FF751CDB000.00000008.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 0000000C.00000002.3061350002.00007FF751CF0000.00000004.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 0000000C.00000002.3061425831.00007FF751CF2000.00000008.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 0000000C.00000002.3061583034.00007FF751CF6000.00000004.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 0000000C.00000002.3061583034.00007FF751D00000.00000004.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 0000000C.00000002.3061749541.00007FF751D03000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_12_2_7ff751a40000_PcAppStore.jbxd
                                                                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                                                                  • API ID: Concurrency::details::EmptyQueue::StructuredWork$shared_ptrtype_info::_name_internal_method$Char_traitsErrorExecuteLastShell
                                                                                                                                                                                                                                                                                                                  • String ID: ?guid=$https://pcapp.store/account/login
                                                                                                                                                                                                                                                                                                                  • API String ID: 4082085952-2754287439
                                                                                                                                                                                                                                                                                                                  • Opcode ID: fe330731374d1f478bf9f1141378ff02c8fdf084ae4969e71066abfe3407a18f
                                                                                                                                                                                                                                                                                                                  • Instruction ID: 1aa8b3019459506ec39129eef19ed5cf9e077206571b16ac989af052c88c7a01
                                                                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: fe330731374d1f478bf9f1141378ff02c8fdf084ae4969e71066abfe3407a18f
                                                                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: E3410622A1DAC191DB61EB51E4917EBF361FBC4381F844032E68D83B6EEE6CD504CB50
                                                                                                                                                                                                                                                                                                                  Function 00007FF751A8B5EB Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 85COMMON
                                                                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                                                                  • shared_ptr.LIBCMTD ref: 00007FF751A8B5FD
                                                                                                                                                                                                                                                                                                                    • Part of subcall function 00007FF751AA8BF0: Concurrency::details::WorkQueue::IsStructuredEmpty.LIBCMTD ref: 00007FF751AA8BFE
                                                                                                                                                                                                                                                                                                                  • Concurrency::details::WorkQueue::IsStructuredEmpty.LIBCMTD ref: 00007FF751A8B662
                                                                                                                                                                                                                                                                                                                  • Concurrency::details::ContextBase::GetWorkQueueIdentity.LIBCMTD ref: 00007FF751A8B6D1
                                                                                                                                                                                                                                                                                                                  • Concurrency::details::ContextBase::GetWorkQueueIdentity.LIBCMTD ref: 00007FF751A8B73F
                                                                                                                                                                                                                                                                                                                  • Concurrency::details::WorkQueue::IsStructuredEmpty.LIBCMTD ref: 00007FF751A8B808
                                                                                                                                                                                                                                                                                                                  • Concurrency::details::ContextBase::GetWorkQueueIdentity.LIBCMTD ref: 00007FF751A8B877
                                                                                                                                                                                                                                                                                                                  • Concurrency::details::ContextBase::GetWorkQueueIdentity.LIBCMTD ref: 00007FF751A8B8E5
                                                                                                                                                                                                                                                                                                                  • Concurrency::details::WorkQueue::IsStructuredEmpty.LIBCMTD ref: 00007FF751A8B99C
                                                                                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                                                                  • Source File: 0000000C.00000002.3060241232.00007FF751A41000.00000020.00000001.01000000.00000014.sdmp, Offset: 00007FF751A40000, based on PE: true
                                                                                                                                                                                                                                                                                                                  • Associated: 0000000C.00000002.3060132073.00007FF751A40000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 0000000C.00000002.3060819819.00007FF751C94000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 0000000C.00000002.3061160990.00007FF751CDA000.00000004.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 0000000C.00000002.3061264071.00007FF751CDB000.00000008.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 0000000C.00000002.3061350002.00007FF751CF0000.00000004.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 0000000C.00000002.3061425831.00007FF751CF2000.00000008.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 0000000C.00000002.3061583034.00007FF751CF6000.00000004.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 0000000C.00000002.3061583034.00007FF751D00000.00000004.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 0000000C.00000002.3061749541.00007FF751D03000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_12_2_7ff751a40000_PcAppStore.jbxd
                                                                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                                                                  • API ID: Concurrency::details::Work$Base::ContextEmptyIdentityQueueQueue::Structured$shared_ptr
                                                                                                                                                                                                                                                                                                                  • String ID: ":
                                                                                                                                                                                                                                                                                                                  • API String ID: 1420614328-3662656813
                                                                                                                                                                                                                                                                                                                  • Opcode ID: 5cac9e314f0c1019c7b49336cf87b7bfc2f4f0237bc12d4e0d2a2bce5741a1f2
                                                                                                                                                                                                                                                                                                                  • Instruction ID: 0f8f717542e5cad368e2b0a3819130b5a018752e2ccb63553731d5a1b4bb1657
                                                                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 5cac9e314f0c1019c7b49336cf87b7bfc2f4f0237bc12d4e0d2a2bce5741a1f2
                                                                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 7441F776619BC585DB70EB56E4847AEB3A0F7C9B81F844026DA8E43B69DF7CC4408B04
                                                                                                                                                                                                                                                                                                                  Function 00007FF751AB1700 Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 69COMMON
                                                                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                                                                  • __ExceptionPtrDestroy.LIBCMTD ref: 00007FF751AB1748
                                                                                                                                                                                                                                                                                                                  • __ExceptionPtrDestroy.LIBCMTD ref: 00007FF751AB1766
                                                                                                                                                                                                                                                                                                                  • __ExceptionPtrDestroy.LIBCMTD ref: 00007FF751AB1784
                                                                                                                                                                                                                                                                                                                    • Part of subcall function 00007FF751A61730: char_traits.LIBCPMTD ref: 00007FF751A6175D
                                                                                                                                                                                                                                                                                                                    • Part of subcall function 00007FF751A89160: Concurrency::details::WorkQueue::IsStructuredEmpty.LIBCMTD ref: 00007FF751A891E8
                                                                                                                                                                                                                                                                                                                    • Part of subcall function 00007FF751C4E4A4: RtlPcToFileHeader.KERNEL32(?,?,?,?,?,?,?,?,?,00007FF751A849CF), ref: 00007FF751C4E4F4
                                                                                                                                                                                                                                                                                                                    • Part of subcall function 00007FF751C4E4A4: RaiseException.KERNEL32(?,?,?,?,?,?,?,?,?,00007FF751A849CF), ref: 00007FF751C4E535
                                                                                                                                                                                                                                                                                                                  • __ExceptionPtrDestroy.LIBCMTD ref: 00007FF751AB17A4
                                                                                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                                                                  • Source File: 0000000C.00000002.3060241232.00007FF751A41000.00000020.00000001.01000000.00000014.sdmp, Offset: 00007FF751A40000, based on PE: true
                                                                                                                                                                                                                                                                                                                  • Associated: 0000000C.00000002.3060132073.00007FF751A40000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 0000000C.00000002.3060819819.00007FF751C94000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 0000000C.00000002.3061160990.00007FF751CDA000.00000004.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 0000000C.00000002.3061264071.00007FF751CDB000.00000008.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 0000000C.00000002.3061350002.00007FF751CF0000.00000004.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 0000000C.00000002.3061425831.00007FF751CF2000.00000008.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 0000000C.00000002.3061583034.00007FF751CF6000.00000004.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 0000000C.00000002.3061583034.00007FF751D00000.00000004.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 0000000C.00000002.3061749541.00007FF751D03000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_12_2_7ff751a40000_PcAppStore.jbxd
                                                                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                                                                  • API ID: Exception$Destroy$Concurrency::details::EmptyFileHeaderQueue::RaiseStructuredWorkchar_traits
                                                                                                                                                                                                                                                                                                                  • String ID: type must be number, but is
                                                                                                                                                                                                                                                                                                                  • API String ID: 1470042880-1272216085
                                                                                                                                                                                                                                                                                                                  • Opcode ID: a0b452b43b4defc1145cc2f08a393440204c8e2e6aa2cac09833edf3518a03de
                                                                                                                                                                                                                                                                                                                  • Instruction ID: 4b6c6debd2e17061a3dcd4a5b2e274f8d232a43b194f6ab825ee77965f684c09
                                                                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: a0b452b43b4defc1145cc2f08a393440204c8e2e6aa2cac09833edf3518a03de
                                                                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: B8314E6290CAC185E762FBA1E4507AEB760FBC4785F944033E68E4766DDF6CD845CB20
                                                                                                                                                                                                                                                                                                                  Function 00007FF751A884C0 Relevance: 8.8, APIs: 2, Strings: 3, Instructions: 54COMMONLIBRARYCODE
                                                                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                                                                  • std::make_error_code.LIBCPMTD ref: 00007FF751A88578
                                                                                                                                                                                                                                                                                                                  • std::ios_base::failure::failure.LIBCPMTD ref: 00007FF751A8858A
                                                                                                                                                                                                                                                                                                                    • Part of subcall function 00007FF751C4E4A4: RtlPcToFileHeader.KERNEL32(?,?,?,?,?,?,?,?,?,00007FF751A849CF), ref: 00007FF751C4E4F4
                                                                                                                                                                                                                                                                                                                    • Part of subcall function 00007FF751C4E4A4: RaiseException.KERNEL32(?,?,?,?,?,?,?,?,?,00007FF751A849CF), ref: 00007FF751C4E535
                                                                                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                                                                  • Source File: 0000000C.00000002.3060241232.00007FF751A41000.00000020.00000001.01000000.00000014.sdmp, Offset: 00007FF751A40000, based on PE: true
                                                                                                                                                                                                                                                                                                                  • Associated: 0000000C.00000002.3060132073.00007FF751A40000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 0000000C.00000002.3060819819.00007FF751C94000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 0000000C.00000002.3061160990.00007FF751CDA000.00000004.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 0000000C.00000002.3061264071.00007FF751CDB000.00000008.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 0000000C.00000002.3061350002.00007FF751CF0000.00000004.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 0000000C.00000002.3061425831.00007FF751CF2000.00000008.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 0000000C.00000002.3061583034.00007FF751CF6000.00000004.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 0000000C.00000002.3061583034.00007FF751D00000.00000004.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 0000000C.00000002.3061749541.00007FF751D03000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_12_2_7ff751a40000_PcAppStore.jbxd
                                                                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                                                                  • API ID: ExceptionFileHeaderRaisestd::ios_base::failure::failurestd::make_error_code
                                                                                                                                                                                                                                                                                                                  • String ID: ios_base::badbit set$ios_base::eofbit set$ios_base::failbit set
                                                                                                                                                                                                                                                                                                                  • API String ID: 1846417002-1866435925
                                                                                                                                                                                                                                                                                                                  • Opcode ID: 77d08acfb0cd9039b1a27af462bc25a5b01a44e354fee11d03e0a1dcea2c99de
                                                                                                                                                                                                                                                                                                                  • Instruction ID: 33a4f86413208ad6418a74414d1bc0a4e3f274e12d9875f232f39d3a67b45f29
                                                                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 77d08acfb0cd9039b1a27af462bc25a5b01a44e354fee11d03e0a1dcea2c99de
                                                                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 5C215E72A0C6819AE775EB24E44176EB7A0F784341F984036E68D83B5DEF7CD544CB20
                                                                                                                                                                                                                                                                                                                  Function 00007FF751AA60B0 Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 42windowCOMMON
                                                                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                                                                  • Source File: 0000000C.00000002.3060241232.00007FF751A41000.00000020.00000001.01000000.00000014.sdmp, Offset: 00007FF751A40000, based on PE: true
                                                                                                                                                                                                                                                                                                                  • Associated: 0000000C.00000002.3060132073.00007FF751A40000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 0000000C.00000002.3060819819.00007FF751C94000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 0000000C.00000002.3061160990.00007FF751CDA000.00000004.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 0000000C.00000002.3061264071.00007FF751CDB000.00000008.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 0000000C.00000002.3061350002.00007FF751CF0000.00000004.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 0000000C.00000002.3061425831.00007FF751CF2000.00000008.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 0000000C.00000002.3061583034.00007FF751CF6000.00000004.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 0000000C.00000002.3061583034.00007FF751D00000.00000004.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 0000000C.00000002.3061749541.00007FF751D03000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_12_2_7ff751a40000_PcAppStore.jbxd
                                                                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                                                                  • API ID: Message$FromMetricsMonitorPointSystem
                                                                                                                                                                                                                                                                                                                  • String ID: 0
                                                                                                                                                                                                                                                                                                                  • API String ID: 3043705201-4108050209
                                                                                                                                                                                                                                                                                                                  • Opcode ID: 40591b2752136fcc2e4175a737b242f571d16ef91cc967ac0e7a31e81d0d6263
                                                                                                                                                                                                                                                                                                                  • Instruction ID: 34b5b801ea9bf4ada0a51d211d794f7aabdd19ab407fb2b5cc65f60f746d36d5
                                                                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 40591b2752136fcc2e4175a737b242f571d16ef91cc967ac0e7a31e81d0d6263
                                                                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 14112E726086408BE3259F28F15421FFBB1F789794F644229E78E82A68EF7DD584CF00
                                                                                                                                                                                                                                                                                                                  Function 00007FF751C25940 Relevance: 7.7, APIs: 5, Instructions: 198COMMON
                                                                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                                                                  • Source File: 0000000C.00000002.3060241232.00007FF751A41000.00000020.00000001.01000000.00000014.sdmp, Offset: 00007FF751A40000, based on PE: true
                                                                                                                                                                                                                                                                                                                  • Associated: 0000000C.00000002.3060132073.00007FF751A40000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 0000000C.00000002.3060819819.00007FF751C94000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 0000000C.00000002.3061160990.00007FF751CDA000.00000004.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 0000000C.00000002.3061264071.00007FF751CDB000.00000008.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 0000000C.00000002.3061350002.00007FF751CF0000.00000004.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 0000000C.00000002.3061425831.00007FF751CF2000.00000008.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 0000000C.00000002.3061583034.00007FF751CF6000.00000004.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 0000000C.00000002.3061583034.00007FF751D00000.00000004.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 0000000C.00000002.3061749541.00007FF751D03000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_12_2_7ff751a40000_PcAppStore.jbxd
                                                                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                                                                  • API ID: Concurrency::details::_CriticalHandleLock::_Ptr_baseReentrantScoped_lockScoped_lock::~_
                                                                                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                                                                                  • API String ID: 831620384-0
                                                                                                                                                                                                                                                                                                                  • Opcode ID: d28ff5afe224c9f80b23af6fb401fffc349098a54cf2af4bf84aa92463fa37ec
                                                                                                                                                                                                                                                                                                                  • Instruction ID: 5f4c9b7fd6c018874c31ed7b7e74fdde832b70f406063289693959d0adb20d9b
                                                                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: d28ff5afe224c9f80b23af6fb401fffc349098a54cf2af4bf84aa92463fa37ec
                                                                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 71A15B3260DAC191EB61AB50E4917EBE360FBD5380F845132E6CD83AAEDFACD544CB50
                                                                                                                                                                                                                                                                                                                  Function 00007FF751C16060 Relevance: 7.7, APIs: 5, Instructions: 198COMMON
                                                                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                                                                  • Source File: 0000000C.00000002.3060241232.00007FF751A41000.00000020.00000001.01000000.00000014.sdmp, Offset: 00007FF751A40000, based on PE: true
                                                                                                                                                                                                                                                                                                                  • Associated: 0000000C.00000002.3060132073.00007FF751A40000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 0000000C.00000002.3060819819.00007FF751C94000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 0000000C.00000002.3061160990.00007FF751CDA000.00000004.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 0000000C.00000002.3061264071.00007FF751CDB000.00000008.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 0000000C.00000002.3061350002.00007FF751CF0000.00000004.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 0000000C.00000002.3061425831.00007FF751CF2000.00000008.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 0000000C.00000002.3061583034.00007FF751CF6000.00000004.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 0000000C.00000002.3061583034.00007FF751D00000.00000004.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 0000000C.00000002.3061749541.00007FF751D03000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_12_2_7ff751a40000_PcAppStore.jbxd
                                                                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                                                                  • API ID: Concurrency::details::_CriticalHandleLock::_Ptr_baseReentrantScoped_lockScoped_lock::~_
                                                                                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                                                                                  • API String ID: 831620384-0
                                                                                                                                                                                                                                                                                                                  • Opcode ID: 1f432b6c6f1ead5cb69406d49a1495221c2fd8c45f56d60bf3ab7bb36cf3f45c
                                                                                                                                                                                                                                                                                                                  • Instruction ID: afb60fdffaabed067f9539d173d0ce1af4dc47fc3d786e4bc7968724a5d33620
                                                                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 1f432b6c6f1ead5cb69406d49a1495221c2fd8c45f56d60bf3ab7bb36cf3f45c
                                                                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 4EA15B3264DAC191EB61AB50E4907EBE360FBD5380F945032E68D83AAEDFBCD544CB50
                                                                                                                                                                                                                                                                                                                  Function 00007FF751C6D324 Relevance: 7.7, APIs: 5, Instructions: 196COMMONLIBRARYCODE
                                                                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                                                                  • Source File: 0000000C.00000002.3060241232.00007FF751A41000.00000020.00000001.01000000.00000014.sdmp, Offset: 00007FF751A40000, based on PE: true
                                                                                                                                                                                                                                                                                                                  • Associated: 0000000C.00000002.3060132073.00007FF751A40000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 0000000C.00000002.3060819819.00007FF751C94000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 0000000C.00000002.3061160990.00007FF751CDA000.00000004.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 0000000C.00000002.3061264071.00007FF751CDB000.00000008.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 0000000C.00000002.3061350002.00007FF751CF0000.00000004.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 0000000C.00000002.3061425831.00007FF751CF2000.00000008.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 0000000C.00000002.3061583034.00007FF751CF6000.00000004.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 0000000C.00000002.3061583034.00007FF751D00000.00000004.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 0000000C.00000002.3061749541.00007FF751D03000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_12_2_7ff751a40000_PcAppStore.jbxd
                                                                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                                                                  • API ID: _set_statfp
                                                                                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                                                                                  • API String ID: 1156100317-0
                                                                                                                                                                                                                                                                                                                  • Opcode ID: c1247ce23a110a5ef679c7990346896d7eea82a65a7ac9c824b67c57caf965e9
                                                                                                                                                                                                                                                                                                                  • Instruction ID: a0f290a5d39bf1421b7747fc0aeefd09f93f25ff89c0228d00b1ef6ac3c793cd
                                                                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: c1247ce23a110a5ef679c7990346896d7eea82a65a7ac9c824b67c57caf965e9
                                                                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 2D81FDD690CAD645F332AF3D940037AE760AF5535AFAC4231E9CD1699CDFBEE8818610
                                                                                                                                                                                                                                                                                                                  Function 00007FF751ABDDB0 Relevance: 7.6, APIs: 5, Instructions: 132COMMON
                                                                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                                                                  • Source File: 0000000C.00000002.3060241232.00007FF751A41000.00000020.00000001.01000000.00000014.sdmp, Offset: 00007FF751A40000, based on PE: true
                                                                                                                                                                                                                                                                                                                  • Associated: 0000000C.00000002.3060132073.00007FF751A40000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 0000000C.00000002.3060819819.00007FF751C94000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 0000000C.00000002.3061160990.00007FF751CDA000.00000004.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 0000000C.00000002.3061264071.00007FF751CDB000.00000008.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 0000000C.00000002.3061350002.00007FF751CF0000.00000004.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 0000000C.00000002.3061425831.00007FF751CF2000.00000008.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 0000000C.00000002.3061583034.00007FF751CF6000.00000004.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 0000000C.00000002.3061583034.00007FF751D00000.00000004.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 0000000C.00000002.3061749541.00007FF751D03000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_12_2_7ff751a40000_PcAppStore.jbxd
                                                                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                                                                  • API ID: Decorator::getTableType$shared_ptr$Concurrency::details::EmptyEventOpenQueue::StructuredWork
                                                                                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                                                                                  • API String ID: 2612416502-0
                                                                                                                                                                                                                                                                                                                  • Opcode ID: f7a053d2d8927376e3b4ca1d5fde6b07a4f8d9ad455440b5a5c4455bb1f4d31a
                                                                                                                                                                                                                                                                                                                  • Instruction ID: 43f61ad570f73afc1e6fa564608cc47810a700da752151adccef0bc96077f772
                                                                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: f7a053d2d8927376e3b4ca1d5fde6b07a4f8d9ad455440b5a5c4455bb1f4d31a
                                                                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: BD611762A09BC181DB60EB99F4917AFA360FBC5780F804036DA8D57B6EDE7CC0158B60
                                                                                                                                                                                                                                                                                                                  Function 00007FF751C0FF40 Relevance: 7.6, APIs: 5, Instructions: 67windowCOMMON
                                                                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                                                                  • Source File: 0000000C.00000002.3060241232.00007FF751A41000.00000020.00000001.01000000.00000014.sdmp, Offset: 00007FF751A40000, based on PE: true
                                                                                                                                                                                                                                                                                                                  • Associated: 0000000C.00000002.3060132073.00007FF751A40000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 0000000C.00000002.3060819819.00007FF751C94000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 0000000C.00000002.3061160990.00007FF751CDA000.00000004.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 0000000C.00000002.3061264071.00007FF751CDB000.00000008.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 0000000C.00000002.3061350002.00007FF751CF0000.00000004.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 0000000C.00000002.3061425831.00007FF751CF2000.00000008.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 0000000C.00000002.3061583034.00007FF751CF6000.00000004.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 0000000C.00000002.3061583034.00007FF751D00000.00000004.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 0000000C.00000002.3061749541.00007FF751D03000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_12_2_7ff751a40000_PcAppStore.jbxd
                                                                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                                                                  • API ID: Menu$Concurrency::details::_CountCriticalHandleInsertItemLock::_ReentrantRemoveScoped_lockScoped_lock::~_
                                                                                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                                                                                  • API String ID: 623932097-0
                                                                                                                                                                                                                                                                                                                  • Opcode ID: edfdc98a2aa1af186c810ffe502bb95008fd533c1bfb054dbfacb6e27f261d00
                                                                                                                                                                                                                                                                                                                  • Instruction ID: 4cba9ab0921cd6444554b86f44b63188332081de7a337b960d41acf05f9c384d
                                                                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: edfdc98a2aa1af186c810ffe502bb95008fd533c1bfb054dbfacb6e27f261d00
                                                                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 0631F836A19B8586D750EB15F48032EB7A4F7C9B81F540036FA8E83B29DF7DD4508B40
                                                                                                                                                                                                                                                                                                                  Function 00007FF751C2BD6C Relevance: 7.6, APIs: 5, Instructions: 65threadCOMMON
                                                                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                                                                  • Source File: 0000000C.00000002.3060241232.00007FF751A41000.00000020.00000001.01000000.00000014.sdmp, Offset: 00007FF751A40000, based on PE: true
                                                                                                                                                                                                                                                                                                                  • Associated: 0000000C.00000002.3060132073.00007FF751A40000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 0000000C.00000002.3060819819.00007FF751C94000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 0000000C.00000002.3061160990.00007FF751CDA000.00000004.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 0000000C.00000002.3061264071.00007FF751CDB000.00000008.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 0000000C.00000002.3061350002.00007FF751CF0000.00000004.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 0000000C.00000002.3061425831.00007FF751CF2000.00000008.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 0000000C.00000002.3061583034.00007FF751CF6000.00000004.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 0000000C.00000002.3061583034.00007FF751D00000.00000004.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 0000000C.00000002.3061749541.00007FF751D03000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_12_2_7ff751a40000_PcAppStore.jbxd
                                                                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                                                                  • API ID: ConditionSleepVariablesys_get_time$CurrentThread
                                                                                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                                                                                  • API String ID: 3518244923-0
                                                                                                                                                                                                                                                                                                                  • Opcode ID: 3f50b3bc38e3ae614828ba30160a9a1cc1a58d48b135fe94ebc2d504de743e7f
                                                                                                                                                                                                                                                                                                                  • Instruction ID: e08328e5d044cf050003f588afe238a48d2f12f53d25f68bf905099b3ee2b054
                                                                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 3f50b3bc38e3ae614828ba30160a9a1cc1a58d48b135fe94ebc2d504de743e7f
                                                                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 9B2125F3B1460283EB24BB259482279A360FF44B96FA84171DE6D43699EE7FD902C610
                                                                                                                                                                                                                                                                                                                  Function 00007FF751C5BF74 Relevance: 7.6, APIs: 5, Instructions: 60threadCOMMON
                                                                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                                                                  • Source File: 0000000C.00000002.3060241232.00007FF751A41000.00000020.00000001.01000000.00000014.sdmp, Offset: 00007FF751A40000, based on PE: true
                                                                                                                                                                                                                                                                                                                  • Associated: 0000000C.00000002.3060132073.00007FF751A40000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 0000000C.00000002.3060819819.00007FF751C94000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 0000000C.00000002.3061160990.00007FF751CDA000.00000004.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 0000000C.00000002.3061264071.00007FF751CDB000.00000008.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 0000000C.00000002.3061350002.00007FF751CF0000.00000004.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 0000000C.00000002.3061425831.00007FF751CF2000.00000008.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 0000000C.00000002.3061583034.00007FF751CF6000.00000004.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 0000000C.00000002.3061583034.00007FF751D00000.00000004.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 0000000C.00000002.3061749541.00007FF751D03000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_12_2_7ff751a40000_PcAppStore.jbxd
                                                                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                                                                  • API ID: CloseCreateErrorFreeHandleLastLibraryThread_invalid_parameter_noinfo
                                                                                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                                                                                  • API String ID: 2067211477-0
                                                                                                                                                                                                                                                                                                                  • Opcode ID: 2ab407fe397ccc5ec297da76beff0984f8fcf965011328017db1f6e75d136708
                                                                                                                                                                                                                                                                                                                  • Instruction ID: c5538e2243cef8df76c5a090a13ad5b9c92935ae54a8eecb99f670f2762eb26a
                                                                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 2ab407fe397ccc5ec297da76beff0984f8fcf965011328017db1f6e75d136708
                                                                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 9B21A1A5A0AB4285EF14EB65A460179E3A4AF89FC1FAD0531DE4D0375DDEBEE4008624
                                                                                                                                                                                                                                                                                                                  Function 00007FF751C6B15C Relevance: 7.6, APIs: 5, Instructions: 54COMMON
                                                                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                                                                  • Source File: 0000000C.00000002.3060241232.00007FF751A41000.00000020.00000001.01000000.00000014.sdmp, Offset: 00007FF751A40000, based on PE: true
                                                                                                                                                                                                                                                                                                                  • Associated: 0000000C.00000002.3060132073.00007FF751A40000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 0000000C.00000002.3060819819.00007FF751C94000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 0000000C.00000002.3061160990.00007FF751CDA000.00000004.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 0000000C.00000002.3061264071.00007FF751CDB000.00000008.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 0000000C.00000002.3061350002.00007FF751CF0000.00000004.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 0000000C.00000002.3061425831.00007FF751CF2000.00000008.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 0000000C.00000002.3061583034.00007FF751CF6000.00000004.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 0000000C.00000002.3061583034.00007FF751D00000.00000004.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 0000000C.00000002.3061749541.00007FF751D03000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_12_2_7ff751a40000_PcAppStore.jbxd
                                                                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                                                                  • API ID: Value
                                                                                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                                                                                  • API String ID: 3702945584-0
                                                                                                                                                                                                                                                                                                                  • Opcode ID: 95d5d938d631b67881bf808d6a8594962d0326810ed1177f3947d47e30158900
                                                                                                                                                                                                                                                                                                                  • Instruction ID: 52266961757c683a8fd1857a4e6d85fd7e3753523175d1660215f45d3dc10496
                                                                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 95d5d938d631b67881bf808d6a8594962d0326810ed1177f3947d47e30158900
                                                                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: A51160A0F082C681FB58B3BA9592239D2815F447F6EEC4735D83E066DDDEAEB4414621
                                                                                                                                                                                                                                                                                                                  Function 00007FF751AC3175 Relevance: 7.5, APIs: 5, Instructions: 39COMMON
                                                                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                                                                  • Source File: 0000000C.00000002.3060241232.00007FF751A41000.00000020.00000001.01000000.00000014.sdmp, Offset: 00007FF751A40000, based on PE: true
                                                                                                                                                                                                                                                                                                                  • Associated: 0000000C.00000002.3060132073.00007FF751A40000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 0000000C.00000002.3060819819.00007FF751C94000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 0000000C.00000002.3061160990.00007FF751CDA000.00000004.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 0000000C.00000002.3061264071.00007FF751CDB000.00000008.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 0000000C.00000002.3061350002.00007FF751CF0000.00000004.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 0000000C.00000002.3061425831.00007FF751CF2000.00000008.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 0000000C.00000002.3061583034.00007FF751CF6000.00000004.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 0000000C.00000002.3061583034.00007FF751D00000.00000004.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 0000000C.00000002.3061749541.00007FF751D03000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_12_2_7ff751a40000_PcAppStore.jbxd
                                                                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                                                                  • API ID: shared_ptr$allocator$Affinity::operator!=Concurrency::details::Hardware
                                                                                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                                                                                  • API String ID: 1053258265-0
                                                                                                                                                                                                                                                                                                                  • Opcode ID: e8df07af7fef638ce1b38c269fd17f54daae8f5e8b2cbde938a423ecff804efc
                                                                                                                                                                                                                                                                                                                  • Instruction ID: 82dea21c6364788c607a8fa08e8e9b58d02bc09adbabc7096a8c966be9475b70
                                                                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: e8df07af7fef638ce1b38c269fd17f54daae8f5e8b2cbde938a423ecff804efc
                                                                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 62012A2260CE8181DBA1AB55F4516AFA361FBC47C1F888032EACD47B5EDE6CD4418B50
                                                                                                                                                                                                                                                                                                                  Function 00007FF751AA9E60 Relevance: 7.5, APIs: 5, Instructions: 39windowsynchronizationCOMMON
                                                                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                                                                  • Source File: 0000000C.00000002.3060241232.00007FF751A41000.00000020.00000001.01000000.00000014.sdmp, Offset: 00007FF751A40000, based on PE: true
                                                                                                                                                                                                                                                                                                                  • Associated: 0000000C.00000002.3060132073.00007FF751A40000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 0000000C.00000002.3060819819.00007FF751C94000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 0000000C.00000002.3061160990.00007FF751CDA000.00000004.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 0000000C.00000002.3061264071.00007FF751CDB000.00000008.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 0000000C.00000002.3061350002.00007FF751CF0000.00000004.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 0000000C.00000002.3061425831.00007FF751CF2000.00000008.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 0000000C.00000002.3061583034.00007FF751CF6000.00000004.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 0000000C.00000002.3061583034.00007FF751D00000.00000004.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 0000000C.00000002.3061749541.00007FF751D03000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_12_2_7ff751a40000_PcAppStore.jbxd
                                                                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                                                                  • API ID: Message$DispatchEventHookObjectPeekSingleTranslateWait
                                                                                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                                                                                  • API String ID: 836725691-0
                                                                                                                                                                                                                                                                                                                  • Opcode ID: f5e8f3b94cdbaf191fc409ccf53278d6852648560c7380f71341306cdf8323cf
                                                                                                                                                                                                                                                                                                                  • Instruction ID: 3ffae4ed7f8a28b806b8d27799907f6cca289090e957e28d3734ddfeed9ec04b
                                                                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: f5e8f3b94cdbaf191fc409ccf53278d6852648560c7380f71341306cdf8323cf
                                                                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 73118F7191868287E320AF50F45476EB7A4FB8134AFE84035E68D42A98DFBED908CF50
                                                                                                                                                                                                                                                                                                                  Function 00007FF751A6A470 Relevance: 7.5, APIs: 5, Instructions: 38COMMON
                                                                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                                                                  • Source File: 0000000C.00000002.3060241232.00007FF751A41000.00000020.00000001.01000000.00000014.sdmp, Offset: 00007FF751A40000, based on PE: true
                                                                                                                                                                                                                                                                                                                  • Associated: 0000000C.00000002.3060132073.00007FF751A40000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 0000000C.00000002.3060819819.00007FF751C94000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 0000000C.00000002.3061160990.00007FF751CDA000.00000004.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 0000000C.00000002.3061264071.00007FF751CDB000.00000008.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 0000000C.00000002.3061350002.00007FF751CF0000.00000004.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 0000000C.00000002.3061425831.00007FF751CF2000.00000008.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 0000000C.00000002.3061583034.00007FF751CF6000.00000004.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 0000000C.00000002.3061583034.00007FF751D00000.00000004.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 0000000C.00000002.3061749541.00007FF751D03000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_12_2_7ff751a40000_PcAppStore.jbxd
                                                                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                                                                  • API ID: Decorator::getTableType
                                                                                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                                                                                  • API String ID: 4116345634-0
                                                                                                                                                                                                                                                                                                                  • Opcode ID: 0ae5fad9f60f40abfcc668206775ad2f0fc0b8a0aa96e2e442b757dc347d31ac
                                                                                                                                                                                                                                                                                                                  • Instruction ID: 5859a2f86c41aa9ed621bb766f0e33a822f476d7cf3f66eac92e9025d678c471
                                                                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 0ae5fad9f60f40abfcc668206775ad2f0fc0b8a0aa96e2e442b757dc347d31ac
                                                                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: C4019E61F2968582DF40EB4AF09551FA760EFD5BC5B406426FA8F4F75ACE2CC0518B44
                                                                                                                                                                                                                                                                                                                  Function 00007FF751AA3E00 Relevance: 7.3, APIs: 1, Strings: 3, Instructions: 288COMMON
                                                                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                                                                    • Part of subcall function 00007FF751AE9640: SHQueryUserNotificationState.SHELL32 ref: 00007FF751AE9649
                                                                                                                                                                                                                                                                                                                    • Part of subcall function 00007FF751B0EF80: Concurrency::details::HardwareAffinity::operator!=.LIBCMTD ref: 00007FF751B0F038
                                                                                                                                                                                                                                                                                                                    • Part of subcall function 00007FF751A61F00: Concurrency::details::WorkQueue::IsStructuredEmpty.LIBCMTD ref: 00007FF751A61F1D
                                                                                                                                                                                                                                                                                                                  • type_info::_name_internal_method.LIBCMTD ref: 00007FF751AA4294
                                                                                                                                                                                                                                                                                                                    • Part of subcall function 00007FF751ABC510: shared_ptr.LIBCMTD ref: 00007FF751ABC585
                                                                                                                                                                                                                                                                                                                    • Part of subcall function 00007FF751ABC510: shared_ptr.LIBCMTD ref: 00007FF751ABC60E
                                                                                                                                                                                                                                                                                                                    • Part of subcall function 00007FF751ABC510: Concurrency::details::WorkQueue::IsStructuredEmpty.LIBCMTD ref: 00007FF751ABC810
                                                                                                                                                                                                                                                                                                                    • Part of subcall function 00007FF751AF53C0: RegCreateKeyW.ADVAPI32 ref: 00007FF751AF53EE
                                                                                                                                                                                                                                                                                                                    • Part of subcall function 00007FF751AF53C0: RegSetValueExW.ADVAPI32 ref: 00007FF751AF543A
                                                                                                                                                                                                                                                                                                                    • Part of subcall function 00007FF751AF53C0: RegCloseKey.ADVAPI32 ref: 00007FF751AF5449
                                                                                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                                                                  • Source File: 0000000C.00000002.3060241232.00007FF751A41000.00000020.00000001.01000000.00000014.sdmp, Offset: 00007FF751A40000, based on PE: true
                                                                                                                                                                                                                                                                                                                  • Associated: 0000000C.00000002.3060132073.00007FF751A40000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 0000000C.00000002.3060819819.00007FF751C94000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 0000000C.00000002.3061160990.00007FF751CDA000.00000004.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 0000000C.00000002.3061264071.00007FF751CDB000.00000008.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 0000000C.00000002.3061350002.00007FF751CF0000.00000004.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 0000000C.00000002.3061425831.00007FF751CF2000.00000008.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 0000000C.00000002.3061583034.00007FF751CF6000.00000004.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 0000000C.00000002.3061583034.00007FF751D00000.00000004.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 0000000C.00000002.3061749541.00007FF751D03000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_12_2_7ff751a40000_PcAppStore.jbxd
                                                                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                                                                  • API ID: Concurrency::details::$EmptyQueue::StructuredWorkshared_ptr$Affinity::operator!=CloseCreateHardwareNotificationQueryStateUserValuetype_info::_name_internal_method
                                                                                                                                                                                                                                                                                                                  • String ID: LastTimeContextual$contextual${"app":{"offer":{"offerInfo":{"oid":%d,"otype":"contextual"}},"show_window":"offer"}}
                                                                                                                                                                                                                                                                                                                  • API String ID: 509597096-2961508877
                                                                                                                                                                                                                                                                                                                  • Opcode ID: 9d9d1c293c38f4e74275c036fb9db9c9a29b81af3eeea05b4bdedc28401e516f
                                                                                                                                                                                                                                                                                                                  • Instruction ID: 3078945c0b8fbaba5530bc2c6c309db68185ec1e39d0702d058ca36e6550e6c6
                                                                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 9d9d1c293c38f4e74275c036fb9db9c9a29b81af3eeea05b4bdedc28401e516f
                                                                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 03F1B23260DAC195DB72AB51E4907EAB3A4FBC8781F844132EA8D43B6EDF6CD544CB50
                                                                                                                                                                                                                                                                                                                  Function 00007FF751AA55A0 Relevance: 7.3, APIs: 1, Strings: 3, Instructions: 273COMMON
                                                                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                                                                    • Part of subcall function 00007FF751A620A0: _WChar_traits.LIBCPMTD ref: 00007FF751A620CD
                                                                                                                                                                                                                                                                                                                    • Part of subcall function 00007FF751ABCF20: type_info::_name_internal_method.LIBCMTD ref: 00007FF751ABCFB0
                                                                                                                                                                                                                                                                                                                    • Part of subcall function 00007FF751ABCF20: Concurrency::details::WorkQueue::IsStructuredEmpty.LIBCMTD ref: 00007FF751ABCFDD
                                                                                                                                                                                                                                                                                                                    • Part of subcall function 00007FF751ABCF20: shared_ptr.LIBCMTD ref: 00007FF751ABD013
                                                                                                                                                                                                                                                                                                                    • Part of subcall function 00007FF751ABCF20: Concurrency::details::WorkQueue::IsStructuredEmpty.LIBCMTD ref: 00007FF751ABD0AE
                                                                                                                                                                                                                                                                                                                  • Concurrency::details::WorkQueue::IsStructuredEmpty.LIBCMTD ref: 00007FF751AA57AE
                                                                                                                                                                                                                                                                                                                    • Part of subcall function 00007FF751A61F00: Concurrency::details::WorkQueue::IsStructuredEmpty.LIBCMTD ref: 00007FF751A61F1D
                                                                                                                                                                                                                                                                                                                    • Part of subcall function 00007FF751ABC510: shared_ptr.LIBCMTD ref: 00007FF751ABC585
                                                                                                                                                                                                                                                                                                                    • Part of subcall function 00007FF751ABC510: shared_ptr.LIBCMTD ref: 00007FF751ABC60E
                                                                                                                                                                                                                                                                                                                    • Part of subcall function 00007FF751ABC510: Concurrency::details::WorkQueue::IsStructuredEmpty.LIBCMTD ref: 00007FF751ABC810
                                                                                                                                                                                                                                                                                                                    • Part of subcall function 00007FF751AF5130: RegCreateKeyW.ADVAPI32 ref: 00007FF751AF5167
                                                                                                                                                                                                                                                                                                                    • Part of subcall function 00007FF751AF5130: RegQueryValueExW.KERNEL32 ref: 00007FF751AF51B2
                                                                                                                                                                                                                                                                                                                    • Part of subcall function 00007FF751AF5130: RegCloseKey.ADVAPI32 ref: 00007FF751AF51C1
                                                                                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                                                                                  • {"app": {"widget":{"savedPosition": {"x": %d, "y": %d}}}}, xrefs: 00007FF751AA5ADE
                                                                                                                                                                                                                                                                                                                  • {"app" : { "init" : {"guid":"%ws","cache_folder_path":"%ws", "engine_version":"%ws", "windows_version":"%ws", "locale_layout":"%ws, xrefs: 00007FF751AA55EB
                                                                                                                                                                                                                                                                                                                  • widgetInfo, xrefs: 00007FF751AA596E
                                                                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                                                                  • Source File: 0000000C.00000002.3060241232.00007FF751A41000.00000020.00000001.01000000.00000014.sdmp, Offset: 00007FF751A40000, based on PE: true
                                                                                                                                                                                                                                                                                                                  • Associated: 0000000C.00000002.3060132073.00007FF751A40000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 0000000C.00000002.3060819819.00007FF751C94000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 0000000C.00000002.3061160990.00007FF751CDA000.00000004.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 0000000C.00000002.3061264071.00007FF751CDB000.00000008.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 0000000C.00000002.3061350002.00007FF751CF0000.00000004.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 0000000C.00000002.3061425831.00007FF751CF2000.00000008.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 0000000C.00000002.3061583034.00007FF751CF6000.00000004.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 0000000C.00000002.3061583034.00007FF751D00000.00000004.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 0000000C.00000002.3061749541.00007FF751D03000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_12_2_7ff751a40000_PcAppStore.jbxd
                                                                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                                                                  • API ID: Concurrency::details::EmptyQueue::StructuredWork$shared_ptr$Char_traitsCloseCreateQueryValuetype_info::_name_internal_method
                                                                                                                                                                                                                                                                                                                  • String ID: widgetInfo${"app" : { "init" : {"guid":"%ws","cache_folder_path":"%ws", "engine_version":"%ws", "windows_version":"%ws", "locale_layout":"%ws${"app": {"widget":{"savedPosition": {"x": %d, "y": %d}}}}
                                                                                                                                                                                                                                                                                                                  • API String ID: 2877627145-1185860185
                                                                                                                                                                                                                                                                                                                  • Opcode ID: adbb3f3008c15c10de4387aa394d37eeae8c1f7087b7913ebd25ecae8e60c277
                                                                                                                                                                                                                                                                                                                  • Instruction ID: e26342b6a659a1a68a519329ede6428b55f187cab2aade00beef9ab108a677d8
                                                                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: adbb3f3008c15c10de4387aa394d37eeae8c1f7087b7913ebd25ecae8e60c277
                                                                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: DDF19F36609FC595DAB1AB55E4847EAB3A4FBC8780F804126DACC83B6DEF78C554CB40
                                                                                                                                                                                                                                                                                                                  Function 00007FF751ABC050 Relevance: 7.2, APIs: 3, Strings: 1, Instructions: 197COMMONLIBRARYCODE
                                                                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                                                                    • Part of subcall function 00007FF751A61730: char_traits.LIBCPMTD ref: 00007FF751A6175D
                                                                                                                                                                                                                                                                                                                  • Concurrency::task_continuation_context::task_continuation_context.LIBCPMTD ref: 00007FF751ABC1F9
                                                                                                                                                                                                                                                                                                                  • Concurrency::task_continuation_context::task_continuation_context.LIBCPMTD ref: 00007FF751ABC337
                                                                                                                                                                                                                                                                                                                  • Concurrency::task_continuation_context::task_continuation_context.LIBCPMTD ref: 00007FF751ABC35F
                                                                                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                                                                                  • ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789+/, xrefs: 00007FF751ABC06E
                                                                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                                                                  • Source File: 0000000C.00000002.3060241232.00007FF751A41000.00000020.00000001.01000000.00000014.sdmp, Offset: 00007FF751A40000, based on PE: true
                                                                                                                                                                                                                                                                                                                  • Associated: 0000000C.00000002.3060132073.00007FF751A40000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 0000000C.00000002.3060819819.00007FF751C94000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 0000000C.00000002.3061160990.00007FF751CDA000.00000004.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 0000000C.00000002.3061264071.00007FF751CDB000.00000008.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 0000000C.00000002.3061350002.00007FF751CF0000.00000004.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 0000000C.00000002.3061425831.00007FF751CF2000.00000008.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 0000000C.00000002.3061583034.00007FF751CF6000.00000004.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 0000000C.00000002.3061583034.00007FF751D00000.00000004.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 0000000C.00000002.3061749541.00007FF751D03000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_12_2_7ff751a40000_PcAppStore.jbxd
                                                                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                                                                  • API ID: Concurrency::task_continuation_context::task_continuation_context$char_traits
                                                                                                                                                                                                                                                                                                                  • String ID: ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789+/
                                                                                                                                                                                                                                                                                                                  • API String ID: 3112460731-1713319389
                                                                                                                                                                                                                                                                                                                  • Opcode ID: 4a557945276a94b73618b24ffe9fd5ce582dccbc2ee59a9c7af974f30f154e1c
                                                                                                                                                                                                                                                                                                                  • Instruction ID: f85bb50e63d1950a1bcb559d20b0bb68ca5f10618dc08935c8b9d420c1b595db
                                                                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 4a557945276a94b73618b24ffe9fd5ce582dccbc2ee59a9c7af974f30f154e1c
                                                                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: DA914D6260C69086E725DB58E05673AF2A0F7C8709F541236E7CE86BADDB7CD941CF04
                                                                                                                                                                                                                                                                                                                  Function 00007FF751ABA1A0 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 147COMMON
                                                                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                                                                  • Source File: 0000000C.00000002.3060241232.00007FF751A41000.00000020.00000001.01000000.00000014.sdmp, Offset: 00007FF751A40000, based on PE: true
                                                                                                                                                                                                                                                                                                                  • Associated: 0000000C.00000002.3060132073.00007FF751A40000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 0000000C.00000002.3060819819.00007FF751C94000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 0000000C.00000002.3061160990.00007FF751CDA000.00000004.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 0000000C.00000002.3061264071.00007FF751CDB000.00000008.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 0000000C.00000002.3061350002.00007FF751CF0000.00000004.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 0000000C.00000002.3061425831.00007FF751CF2000.00000008.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 0000000C.00000002.3061583034.00007FF751CF6000.00000004.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 0000000C.00000002.3061583034.00007FF751D00000.00000004.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 0000000C.00000002.3061749541.00007FF751D03000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_12_2_7ff751a40000_PcAppStore.jbxd
                                                                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                                                                  • API ID: Concurrency::details::$Affinity::operator!=EmptyHardwareQueue::StructuredWorkshared_ptr
                                                                                                                                                                                                                                                                                                                  • String ID: /
                                                                                                                                                                                                                                                                                                                  • API String ID: 842898399-2043925204
                                                                                                                                                                                                                                                                                                                  • Opcode ID: 41f4fedc6ee462524bbeaff1e58f607a02b75445d87b12e09fb51b2f8b58bfd5
                                                                                                                                                                                                                                                                                                                  • Instruction ID: ab903fe9ee6614358b83a306d7958f3cebb72fcb4437625d7044c13f5c69e366
                                                                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 41f4fedc6ee462524bbeaff1e58f607a02b75445d87b12e09fb51b2f8b58bfd5
                                                                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 3861402250DAC295D762EBA0E4906FFE764FBD5341FC44132E2CD82AAEDE6CD905CB50
                                                                                                                                                                                                                                                                                                                  Function 00007FF751B197E0 Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 135COMMON
                                                                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                                                                    • Part of subcall function 00007FF751A61730: char_traits.LIBCPMTD ref: 00007FF751A6175D
                                                                                                                                                                                                                                                                                                                    • Part of subcall function 00007FF751ABD120: type_info::_name_internal_method.LIBCMTD ref: 00007FF751ABD1D1
                                                                                                                                                                                                                                                                                                                    • Part of subcall function 00007FF751ABD120: Concurrency::details::WorkQueue::IsStructuredEmpty.LIBCMTD ref: 00007FF751ABD20C
                                                                                                                                                                                                                                                                                                                    • Part of subcall function 00007FF751ABD120: shared_ptr.LIBCMTD ref: 00007FF751ABD248
                                                                                                                                                                                                                                                                                                                    • Part of subcall function 00007FF751A620A0: _WChar_traits.LIBCPMTD ref: 00007FF751A620CD
                                                                                                                                                                                                                                                                                                                    • Part of subcall function 00007FF751ABCF20: type_info::_name_internal_method.LIBCMTD ref: 00007FF751ABCFB0
                                                                                                                                                                                                                                                                                                                    • Part of subcall function 00007FF751ABCF20: Concurrency::details::WorkQueue::IsStructuredEmpty.LIBCMTD ref: 00007FF751ABCFDD
                                                                                                                                                                                                                                                                                                                    • Part of subcall function 00007FF751ABCF20: shared_ptr.LIBCMTD ref: 00007FF751ABD013
                                                                                                                                                                                                                                                                                                                    • Part of subcall function 00007FF751ABCF20: Concurrency::details::WorkQueue::IsStructuredEmpty.LIBCMTD ref: 00007FF751ABD0AE
                                                                                                                                                                                                                                                                                                                    • Part of subcall function 00007FF751B17AD0: GetWindowRect.USER32 ref: 00007FF751B17B23
                                                                                                                                                                                                                                                                                                                    • Part of subcall function 00007FF751B17AD0: GetDesktopWindow.USER32 ref: 00007FF751B17B3A
                                                                                                                                                                                                                                                                                                                    • Part of subcall function 00007FF751B17AD0: GetWindowRect.USER32 ref: 00007FF751B17B48
                                                                                                                                                                                                                                                                                                                    • Part of subcall function 00007FF751B18720: FindWindowExW.USER32 ref: 00007FF751B1886E
                                                                                                                                                                                                                                                                                                                  • GetWindowRect.USER32 ref: 00007FF751B198B5
                                                                                                                                                                                                                                                                                                                    • Part of subcall function 00007FF751AF0890: MonitorFromPoint.USER32 ref: 00007FF751AF08AE
                                                                                                                                                                                                                                                                                                                    • Part of subcall function 00007FF751A61640: Concurrency::details::WorkQueue::IsStructuredEmpty.LIBCMTD ref: 00007FF751A6165D
                                                                                                                                                                                                                                                                                                                    • Part of subcall function 00007FF751ABCC00: shared_ptr.LIBCMTD ref: 00007FF751ABCC33
                                                                                                                                                                                                                                                                                                                    • Part of subcall function 00007FF751ABCC00: shared_ptr.LIBCMTD ref: 00007FF751ABCCBC
                                                                                                                                                                                                                                                                                                                  • Concurrency::details::WorkQueue::IsStructuredEmpty.LIBCMTD ref: 00007FF751B19929
                                                                                                                                                                                                                                                                                                                    • Part of subcall function 00007FF751B18C60: SetWindowsHookExW.USER32 ref: 00007FF751B18D7C
                                                                                                                                                                                                                                                                                                                    • Part of subcall function 00007FF751B18C60: Concurrency::details::_Scheduler::_Scheduler.LIBCMTD ref: 00007FF751B18D97
                                                                                                                                                                                                                                                                                                                    • Part of subcall function 00007FF751B18C60: GetWindowRect.USER32 ref: 00007FF751B18DD6
                                                                                                                                                                                                                                                                                                                    • Part of subcall function 00007FF751B18C60: Concurrency::details::WorkQueue::IsStructuredEmpty.LIBCMTD ref: 00007FF751B18E4A
                                                                                                                                                                                                                                                                                                                    • Part of subcall function 00007FF751ABC510: shared_ptr.LIBCMTD ref: 00007FF751ABC585
                                                                                                                                                                                                                                                                                                                    • Part of subcall function 00007FF751ABC510: shared_ptr.LIBCMTD ref: 00007FF751ABC60E
                                                                                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                                                                                  • {"app": {"hide_window": "menu_search"}}, xrefs: 00007FF751B1982F
                                                                                                                                                                                                                                                                                                                  • {"app":{"menu_search":{"search_request":"", "page":"a", "top":%d,"left":%d,"bottom":%d,"right":%d},"show_window": "menu_search"}}, xrefs: 00007FF751B197F9
                                                                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                                                                  • Source File: 0000000C.00000002.3060241232.00007FF751A41000.00000020.00000001.01000000.00000014.sdmp, Offset: 00007FF751A40000, based on PE: true
                                                                                                                                                                                                                                                                                                                  • Associated: 0000000C.00000002.3060132073.00007FF751A40000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 0000000C.00000002.3060819819.00007FF751C94000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 0000000C.00000002.3061160990.00007FF751CDA000.00000004.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 0000000C.00000002.3061264071.00007FF751CDB000.00000008.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 0000000C.00000002.3061350002.00007FF751CF0000.00000004.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 0000000C.00000002.3061425831.00007FF751CF2000.00000008.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 0000000C.00000002.3061583034.00007FF751CF6000.00000004.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 0000000C.00000002.3061583034.00007FF751D00000.00000004.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 0000000C.00000002.3061749541.00007FF751D03000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_12_2_7ff751a40000_PcAppStore.jbxd
                                                                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                                                                  • API ID: Concurrency::details::EmptyQueue::StructuredWindowWorkshared_ptr$Rect$type_info::_name_internal_method$Char_traitsConcurrency::details::_DesktopFindFromHookMonitorPointSchedulerScheduler::_Windowschar_traits
                                                                                                                                                                                                                                                                                                                  • String ID: {"app": {"hide_window": "menu_search"}}${"app":{"menu_search":{"search_request":"", "page":"a", "top":%d,"left":%d,"bottom":%d,"right":%d},"show_window": "menu_search"}}
                                                                                                                                                                                                                                                                                                                  • API String ID: 2203727615-2949532883
                                                                                                                                                                                                                                                                                                                  • Opcode ID: fc1bd602e0bdc838068c6d8de7c6e133f0db759399387c0805ccc6b2fc48acfd
                                                                                                                                                                                                                                                                                                                  • Instruction ID: 3140b34c132a313e85aa6dcb98e7e845b70cb14bfb90d3f6e347a2d10dcc82cc
                                                                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: fc1bd602e0bdc838068c6d8de7c6e133f0db759399387c0805ccc6b2fc48acfd
                                                                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 6C71233261DAC585EB61EB15E4807ABF761FBC5780F846026EA8D83B6EDF6CD404CB50
                                                                                                                                                                                                                                                                                                                  Function 00007FF751A598F0 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 125COMMON
                                                                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                                                                  • Source File: 0000000C.00000002.3060241232.00007FF751A41000.00000020.00000001.01000000.00000014.sdmp, Offset: 00007FF751A40000, based on PE: true
                                                                                                                                                                                                                                                                                                                  • Associated: 0000000C.00000002.3060132073.00007FF751A40000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 0000000C.00000002.3060819819.00007FF751C94000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 0000000C.00000002.3061160990.00007FF751CDA000.00000004.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 0000000C.00000002.3061264071.00007FF751CDB000.00000008.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 0000000C.00000002.3061350002.00007FF751CF0000.00000004.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 0000000C.00000002.3061425831.00007FF751CF2000.00000008.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 0000000C.00000002.3061583034.00007FF751CF6000.00000004.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 0000000C.00000002.3061583034.00007FF751D00000.00000004.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 0000000C.00000002.3061749541.00007FF751D03000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_12_2_7ff751a40000_PcAppStore.jbxd
                                                                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                                                                  • API ID: Mailbox
                                                                                                                                                                                                                                                                                                                  • String ID: 5
                                                                                                                                                                                                                                                                                                                  • API String ID: 1763892119-2226203566
                                                                                                                                                                                                                                                                                                                  • Opcode ID: d1a05be6302ef1adced06619a6c4693c4ff0a2ceb05a716831321b3ffb0d0bd2
                                                                                                                                                                                                                                                                                                                  • Instruction ID: 4448c18bea7f9962870ac27797d6820efe6814335ed0de0039878b0ac068dc46
                                                                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: d1a05be6302ef1adced06619a6c4693c4ff0a2ceb05a716831321b3ffb0d0bd2
                                                                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: F9515E3260CAC585DB71DA55E4507ABA7A0F7C8794F840236EACD87BACDF6CC545CB10
                                                                                                                                                                                                                                                                                                                  Function 00007FF751A5F770 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 108registryCOMMON
                                                                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                                                                  • Source File: 0000000C.00000002.3060241232.00007FF751A41000.00000020.00000001.01000000.00000014.sdmp, Offset: 00007FF751A40000, based on PE: true
                                                                                                                                                                                                                                                                                                                  • Associated: 0000000C.00000002.3060132073.00007FF751A40000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 0000000C.00000002.3060819819.00007FF751C94000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 0000000C.00000002.3061160990.00007FF751CDA000.00000004.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 0000000C.00000002.3061264071.00007FF751CDB000.00000008.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 0000000C.00000002.3061350002.00007FF751CF0000.00000004.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 0000000C.00000002.3061425831.00007FF751CF2000.00000008.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 0000000C.00000002.3061583034.00007FF751CF6000.00000004.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 0000000C.00000002.3061583034.00007FF751D00000.00000004.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 0000000C.00000002.3061749541.00007FF751D03000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_12_2_7ff751a40000_PcAppStore.jbxd
                                                                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                                                                  • API ID: CloseConcurrency::scheduler_worker_creation_error::scheduler_worker_creation_errorOpen
                                                                                                                                                                                                                                                                                                                  • String ID: registry was not opened
                                                                                                                                                                                                                                                                                                                  • API String ID: 151454242-1342567452
                                                                                                                                                                                                                                                                                                                  • Opcode ID: 28b3b89d0d408cf134876b07fef041706fd394aaf7672847ef0ffdb98e8fe5f0
                                                                                                                                                                                                                                                                                                                  • Instruction ID: 30b6fb4619e51e3899eb4f7417a9be334bf5c4d37e7c8e9ac804f8864e4cbb17
                                                                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 28b3b89d0d408cf134876b07fef041706fd394aaf7672847ef0ffdb98e8fe5f0
                                                                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 5851E272A1DAC181DB61AB55E4907AAB3A0FBC5781F845026EA8D83B6EDF7CD544CB00
                                                                                                                                                                                                                                                                                                                  Function 00007FF751B08430 Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 74windowCOMMON
                                                                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                                                                  • Source File: 0000000C.00000002.3060241232.00007FF751A41000.00000020.00000001.01000000.00000014.sdmp, Offset: 00007FF751A40000, based on PE: true
                                                                                                                                                                                                                                                                                                                  • Associated: 0000000C.00000002.3060132073.00007FF751A40000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 0000000C.00000002.3060819819.00007FF751C94000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 0000000C.00000002.3061160990.00007FF751CDA000.00000004.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 0000000C.00000002.3061264071.00007FF751CDB000.00000008.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 0000000C.00000002.3061350002.00007FF751CF0000.00000004.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 0000000C.00000002.3061425831.00007FF751CF2000.00000008.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 0000000C.00000002.3061583034.00007FF751CF6000.00000004.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 0000000C.00000002.3061583034.00007FF751D00000.00000004.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 0000000C.00000002.3061749541.00007FF751D03000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_12_2_7ff751a40000_PcAppStore.jbxd
                                                                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                                                                  • API ID: Message
                                                                                                                                                                                                                                                                                                                  • String ID: 0$0
                                                                                                                                                                                                                                                                                                                  • API String ID: 2030045667-203156872
                                                                                                                                                                                                                                                                                                                  • Opcode ID: a9f40b95b1d97f6e3db5404060eb8240734f635f40f85bf6f6d21d2ff046a115
                                                                                                                                                                                                                                                                                                                  • Instruction ID: 9b3d60d668816cafb08116b22e3b7372721a8e520bb18eeaea11b881c98f78bc
                                                                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: a9f40b95b1d97f6e3db5404060eb8240734f635f40f85bf6f6d21d2ff046a115
                                                                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: CD310A36608BC89ADB61DB15E45039AB7A5F7C87D0F844435EA8D83B68EF7CC648CB00
                                                                                                                                                                                                                                                                                                                  Function 00007FF751B082E0 Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 73windowCOMMON
                                                                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                                                                  • Source File: 0000000C.00000002.3060241232.00007FF751A41000.00000020.00000001.01000000.00000014.sdmp, Offset: 00007FF751A40000, based on PE: true
                                                                                                                                                                                                                                                                                                                  • Associated: 0000000C.00000002.3060132073.00007FF751A40000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 0000000C.00000002.3060819819.00007FF751C94000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 0000000C.00000002.3061160990.00007FF751CDA000.00000004.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 0000000C.00000002.3061264071.00007FF751CDB000.00000008.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 0000000C.00000002.3061350002.00007FF751CF0000.00000004.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 0000000C.00000002.3061425831.00007FF751CF2000.00000008.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 0000000C.00000002.3061583034.00007FF751CF6000.00000004.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 0000000C.00000002.3061583034.00007FF751D00000.00000004.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 0000000C.00000002.3061749541.00007FF751D03000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_12_2_7ff751a40000_PcAppStore.jbxd
                                                                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                                                                  • API ID: Message$MonitorRect$FromInfoWindow
                                                                                                                                                                                                                                                                                                                  • String ID: 0$0
                                                                                                                                                                                                                                                                                                                  • API String ID: 3203973389-203156872
                                                                                                                                                                                                                                                                                                                  • Opcode ID: a3a7ad6391ba555381b1fefff47c0dd51c7f65b25d01255022eb656e23bd207c
                                                                                                                                                                                                                                                                                                                  • Instruction ID: a66b06708fffe9a46b230d033f149cfeb360c5049d4d8b358f3d1bf17d7a0ee8
                                                                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: a3a7ad6391ba555381b1fefff47c0dd51c7f65b25d01255022eb656e23bd207c
                                                                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: CD311636618B8886DB60DB59F49039AB7A1F7C8BC0F844026EB8D83B68DF7CC545CB10
                                                                                                                                                                                                                                                                                                                  Function 00007FF751AF12D0 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 71COMMON
                                                                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                                                                  • Source File: 0000000C.00000002.3060241232.00007FF751A41000.00000020.00000001.01000000.00000014.sdmp, Offset: 00007FF751A40000, based on PE: true
                                                                                                                                                                                                                                                                                                                  • Associated: 0000000C.00000002.3060132073.00007FF751A40000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 0000000C.00000002.3060819819.00007FF751C94000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 0000000C.00000002.3061160990.00007FF751CDA000.00000004.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 0000000C.00000002.3061264071.00007FF751CDB000.00000008.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 0000000C.00000002.3061350002.00007FF751CF0000.00000004.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 0000000C.00000002.3061425831.00007FF751CF2000.00000008.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 0000000C.00000002.3061583034.00007FF751CF6000.00000004.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 0000000C.00000002.3061583034.00007FF751D00000.00000004.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 0000000C.00000002.3061749541.00007FF751D03000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_12_2_7ff751a40000_PcAppStore.jbxd
                                                                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                                                                  • API ID: Concurrency::details::_CriticalHandleLock::_ReentrantScoped_lockScoped_lock::~_type_info::_name_internal_method
                                                                                                                                                                                                                                                                                                                  • String ID: <U+%.4X>
                                                                                                                                                                                                                                                                                                                  • API String ID: 1503085150-1919636860
                                                                                                                                                                                                                                                                                                                  • Opcode ID: 9f8edb505c6b24d55d4046de6346a3aba11068398206772b8fb3e91ddca80153
                                                                                                                                                                                                                                                                                                                  • Instruction ID: 75f57e4afa1f9ad3d14eeb42a41411867e5510ccfa6de84a54656cc19b0d52d0
                                                                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 9f8edb505c6b24d55d4046de6346a3aba11068398206772b8fb3e91ddca80153
                                                                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 1431692261DA8481D761EB51E4506AEF7A0FBC5781F840133F6CD82BAEDFBCD5048B50
                                                                                                                                                                                                                                                                                                                  Function 00007FF751AA92C0 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 62COMMON
                                                                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                                                                  • Source File: 0000000C.00000002.3060241232.00007FF751A41000.00000020.00000001.01000000.00000014.sdmp, Offset: 00007FF751A40000, based on PE: true
                                                                                                                                                                                                                                                                                                                  • Associated: 0000000C.00000002.3060132073.00007FF751A40000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 0000000C.00000002.3060819819.00007FF751C94000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 0000000C.00000002.3061160990.00007FF751CDA000.00000004.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 0000000C.00000002.3061264071.00007FF751CDB000.00000008.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 0000000C.00000002.3061350002.00007FF751CF0000.00000004.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 0000000C.00000002.3061425831.00007FF751CF2000.00000008.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 0000000C.00000002.3061583034.00007FF751CF6000.00000004.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 0000000C.00000002.3061583034.00007FF751D00000.00000004.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 0000000C.00000002.3061749541.00007FF751D03000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_12_2_7ff751a40000_PcAppStore.jbxd
                                                                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                                                                  • API ID: System$Metrics$FromInfoMonitorParametersPoint
                                                                                                                                                                                                                                                                                                                  • String ID: (
                                                                                                                                                                                                                                                                                                                  • API String ID: 865970660-3887548279
                                                                                                                                                                                                                                                                                                                  • Opcode ID: 5ff0c5ffe6fb3237ba708af2a68d56a8e465281eaca45f9b254bbb1fbca6caef
                                                                                                                                                                                                                                                                                                                  • Instruction ID: d42d431cddd4f1f4e49958b130e44b2d126609933b4b71c88c04bb87faecf751
                                                                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 5ff0c5ffe6fb3237ba708af2a68d56a8e465281eaca45f9b254bbb1fbca6caef
                                                                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: FA31A13281C6818AE3629F65A04056EF7B1FBC4745F88913AE68E43B88DFADD441CF60
                                                                                                                                                                                                                                                                                                                  Function 00007FF751B080B0 Relevance: 7.0, APIs: 3, Strings: 1, Instructions: 26COMMON
                                                                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                                                                  • Source File: 0000000C.00000002.3060241232.00007FF751A41000.00000020.00000001.01000000.00000014.sdmp, Offset: 00007FF751A40000, based on PE: true
                                                                                                                                                                                                                                                                                                                  • Associated: 0000000C.00000002.3060132073.00007FF751A40000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 0000000C.00000002.3060819819.00007FF751C94000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 0000000C.00000002.3061160990.00007FF751CDA000.00000004.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 0000000C.00000002.3061264071.00007FF751CDB000.00000008.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 0000000C.00000002.3061350002.00007FF751CF0000.00000004.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 0000000C.00000002.3061425831.00007FF751CF2000.00000008.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 0000000C.00000002.3061583034.00007FF751CF6000.00000004.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 0000000C.00000002.3061583034.00007FF751D00000.00000004.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 0000000C.00000002.3061749541.00007FF751D03000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_12_2_7ff751a40000_PcAppStore.jbxd
                                                                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                                                                  • API ID: MonitorRect$FromInfoWindow
                                                                                                                                                                                                                                                                                                                  • String ID: (
                                                                                                                                                                                                                                                                                                                  • API String ID: 2740140340-3887548279
                                                                                                                                                                                                                                                                                                                  • Opcode ID: 7f8331d92bd973ae0f7df71c34f05916bfb6a9790f406889d835db762a6acc0f
                                                                                                                                                                                                                                                                                                                  • Instruction ID: b2ea3e7d47797e5e83a005591e4736054f63484523b80622d35a9374d810a89f
                                                                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 7f8331d92bd973ae0f7df71c34f05916bfb6a9790f406889d835db762a6acc0f
                                                                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 8AF0F476619AC495D760DB00F84425AA770F7C8795F948531EACD43B2CDF7CD59ACB00
                                                                                                                                                                                                                                                                                                                  Function 00007FF751AF86B0 Relevance: 6.2, APIs: 4, Instructions: 245COMMONLIBRARYCODE
                                                                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                                                                  • Source File: 0000000C.00000002.3060241232.00007FF751A41000.00000020.00000001.01000000.00000014.sdmp, Offset: 00007FF751A40000, based on PE: true
                                                                                                                                                                                                                                                                                                                  • Associated: 0000000C.00000002.3060132073.00007FF751A40000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 0000000C.00000002.3060819819.00007FF751C94000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 0000000C.00000002.3061160990.00007FF751CDA000.00000004.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 0000000C.00000002.3061264071.00007FF751CDB000.00000008.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 0000000C.00000002.3061350002.00007FF751CF0000.00000004.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 0000000C.00000002.3061425831.00007FF751CF2000.00000008.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 0000000C.00000002.3061583034.00007FF751CF6000.00000004.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 0000000C.00000002.3061583034.00007FF751D00000.00000004.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 0000000C.00000002.3061749541.00007FF751D03000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_12_2_7ff751a40000_PcAppStore.jbxd
                                                                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                                                                  • API ID: swap
                                                                                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                                                                                  • API String ID: 630424929-0
                                                                                                                                                                                                                                                                                                                  • Opcode ID: e374f7a473c3300c94156717ac132d77bcf868041467c9a10156608cb52f24c1
                                                                                                                                                                                                                                                                                                                  • Instruction ID: 678036e7a2a8af70642a4dc30890f965e1abde31b44b7e5699d1a52589aa8c93
                                                                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: e374f7a473c3300c94156717ac132d77bcf868041467c9a10156608cb52f24c1
                                                                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: CCD13B6660EAC080EB71EB56E850BAEA760FBC5B84F444227DACD47B5ECE7CC444CB54
                                                                                                                                                                                                                                                                                                                  Function 00007FF751A617E0 Relevance: 6.2, APIs: 4, Instructions: 208COMMONLIBRARYCODE
                                                                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                                                                  • Concurrency::details::WorkQueue::IsStructuredEmpty.LIBCMTD ref: 00007FF751A61812
                                                                                                                                                                                                                                                                                                                  • Concurrency::details::WorkQueue::IsStructuredEmpty.LIBCMTD ref: 00007FF751A619D3
                                                                                                                                                                                                                                                                                                                  • Concurrency::details::WorkQueue::IsStructuredEmpty.LIBCMTD ref: 00007FF751A619E8
                                                                                                                                                                                                                                                                                                                    • Part of subcall function 00007FF751AA1F90: Concurrency::details::WorkQueue::IsStructuredEmpty.LIBCMTD ref: 00007FF751AA1F9E
                                                                                                                                                                                                                                                                                                                    • Part of subcall function 00007FF751AA1F90: _Max_value.LIBCPMTD ref: 00007FF751AA1FC3
                                                                                                                                                                                                                                                                                                                    • Part of subcall function 00007FF751AA1F90: _Min_value.LIBCPMTD ref: 00007FF751AA1FF1
                                                                                                                                                                                                                                                                                                                  • Concurrency::details::WorkQueue::IsStructuredEmpty.LIBCMTD ref: 00007FF751A61B27
                                                                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                                                                  • Source File: 0000000C.00000002.3060241232.00007FF751A41000.00000020.00000001.01000000.00000014.sdmp, Offset: 00007FF751A40000, based on PE: true
                                                                                                                                                                                                                                                                                                                  • Associated: 0000000C.00000002.3060132073.00007FF751A40000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 0000000C.00000002.3060819819.00007FF751C94000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 0000000C.00000002.3061160990.00007FF751CDA000.00000004.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 0000000C.00000002.3061264071.00007FF751CDB000.00000008.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 0000000C.00000002.3061350002.00007FF751CF0000.00000004.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 0000000C.00000002.3061425831.00007FF751CF2000.00000008.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 0000000C.00000002.3061583034.00007FF751CF6000.00000004.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 0000000C.00000002.3061583034.00007FF751D00000.00000004.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 0000000C.00000002.3061749541.00007FF751D03000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_12_2_7ff751a40000_PcAppStore.jbxd
                                                                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                                                                  • API ID: Concurrency::details::EmptyQueue::StructuredWork$Max_valueMin_value
                                                                                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                                                                                  • API String ID: 348937374-0
                                                                                                                                                                                                                                                                                                                  • Opcode ID: 8dbadb46e226161c76ad0ca5890d8e2b1b4bfa56f76820bd6f6ebe2f35c7ada5
                                                                                                                                                                                                                                                                                                                  • Instruction ID: 1587d5eca3ecff0f99203bfeac17e524df8948935f29e8a912b7d6c473592960
                                                                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 8dbadb46e226161c76ad0ca5890d8e2b1b4bfa56f76820bd6f6ebe2f35c7ada5
                                                                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 17B10B2260DBC585DB61EB56E4507AAE7A0FBC8B84F444036EACD83B6EDF6CD5408B50
                                                                                                                                                                                                                                                                                                                  Function 00007FF751AA5340 Relevance: 6.1, APIs: 4, Instructions: 144COMMON
                                                                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                                                                  • Source File: 0000000C.00000002.3060241232.00007FF751A41000.00000020.00000001.01000000.00000014.sdmp, Offset: 00007FF751A40000, based on PE: true
                                                                                                                                                                                                                                                                                                                  • Associated: 0000000C.00000002.3060132073.00007FF751A40000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 0000000C.00000002.3060819819.00007FF751C94000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 0000000C.00000002.3061160990.00007FF751CDA000.00000004.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 0000000C.00000002.3061264071.00007FF751CDB000.00000008.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 0000000C.00000002.3061350002.00007FF751CF0000.00000004.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 0000000C.00000002.3061425831.00007FF751CF2000.00000008.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 0000000C.00000002.3061583034.00007FF751CF6000.00000004.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 0000000C.00000002.3061583034.00007FF751D00000.00000004.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 0000000C.00000002.3061749541.00007FF751D03000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_12_2_7ff751a40000_PcAppStore.jbxd
                                                                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                                                                  • API ID: fpos
                                                                                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                                                                                  • API String ID: 1083263101-0
                                                                                                                                                                                                                                                                                                                  • Opcode ID: 7212718c8189264a22e1d4b207af8c158cf7fa866dcb4ec05213a3107386f276
                                                                                                                                                                                                                                                                                                                  • Instruction ID: 4914b82cbb13ab5fba85869d4850dfde123dd7149ea924fae55ed072dc17f606
                                                                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 7212718c8189264a22e1d4b207af8c158cf7fa866dcb4ec05213a3107386f276
                                                                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 4E61622291CA8182E761AB69E44072EF7A0F7C4795F580132EBDD87BADCF6CD440CB54
                                                                                                                                                                                                                                                                                                                  Function 00007FF751AFB1F0 Relevance: 6.1, APIs: 4, Instructions: 135COMMON
                                                                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                                                                  • Source File: 0000000C.00000002.3060241232.00007FF751A41000.00000020.00000001.01000000.00000014.sdmp, Offset: 00007FF751A40000, based on PE: true
                                                                                                                                                                                                                                                                                                                  • Associated: 0000000C.00000002.3060132073.00007FF751A40000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 0000000C.00000002.3060819819.00007FF751C94000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 0000000C.00000002.3061160990.00007FF751CDA000.00000004.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 0000000C.00000002.3061264071.00007FF751CDB000.00000008.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 0000000C.00000002.3061350002.00007FF751CF0000.00000004.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 0000000C.00000002.3061425831.00007FF751CF2000.00000008.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 0000000C.00000002.3061583034.00007FF751CF6000.00000004.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 0000000C.00000002.3061583034.00007FF751D00000.00000004.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 0000000C.00000002.3061749541.00007FF751D03000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_12_2_7ff751a40000_PcAppStore.jbxd
                                                                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                                                                  • API ID: Concurrency::details::EmptyIs_slash_oper::operatorQueue::StructuredWorkstd::_
                                                                                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                                                                                  • API String ID: 569396444-0
                                                                                                                                                                                                                                                                                                                  • Opcode ID: dca2863bb0d31823470c62ce4da163b5e8033268ce4ad2345e35431b3534f5a9
                                                                                                                                                                                                                                                                                                                  • Instruction ID: 9ded1dbeab3a85f76cd3b79d36892ccf95bfa088b28bb6eaecb447f081bf33f9
                                                                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: dca2863bb0d31823470c62ce4da163b5e8033268ce4ad2345e35431b3534f5a9
                                                                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 7C612A2661DA8281DB51EB55E0907AFA7A0EBC4781F841033FA8E47BADDE7CD546CB10
                                                                                                                                                                                                                                                                                                                  Function 00007FF751A8E510 Relevance: 6.1, APIs: 4, Instructions: 131COMMON
                                                                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                                                                  • Source File: 0000000C.00000002.3060241232.00007FF751A41000.00000020.00000001.01000000.00000014.sdmp, Offset: 00007FF751A40000, based on PE: true
                                                                                                                                                                                                                                                                                                                  • Associated: 0000000C.00000002.3060132073.00007FF751A40000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 0000000C.00000002.3060819819.00007FF751C94000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 0000000C.00000002.3061160990.00007FF751CDA000.00000004.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 0000000C.00000002.3061264071.00007FF751CDB000.00000008.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 0000000C.00000002.3061350002.00007FF751CF0000.00000004.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 0000000C.00000002.3061425831.00007FF751CF2000.00000008.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 0000000C.00000002.3061583034.00007FF751CF6000.00000004.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 0000000C.00000002.3061583034.00007FF751D00000.00000004.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 0000000C.00000002.3061749541.00007FF751D03000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_12_2_7ff751a40000_PcAppStore.jbxd
                                                                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                                                                  • API ID: ListSafe$Affinity::operator!=Concurrency::details::Hardwaretype_info::_name_internal_method
                                                                                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                                                                                  • API String ID: 4237630332-0
                                                                                                                                                                                                                                                                                                                  • Opcode ID: 74640d0e43e839bc978c1a4b91f538d6104313d2e7796fc40a8d64271499aa87
                                                                                                                                                                                                                                                                                                                  • Instruction ID: d19ae316cc85cd27661905bff1cfd6dab3f1e3519acc8ccb80ac05c737ef0d60
                                                                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 74640d0e43e839bc978c1a4b91f538d6104313d2e7796fc40a8d64271499aa87
                                                                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 7861D272A0DBC595DB61AB55E4807EAB3A0FBC9780F504022EACD83B6EDF6CC555CB40
                                                                                                                                                                                                                                                                                                                  Function 00007FF751A87590 Relevance: 6.1, APIs: 4, Instructions: 111COMMON
                                                                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                                                                  • Source File: 0000000C.00000002.3060241232.00007FF751A41000.00000020.00000001.01000000.00000014.sdmp, Offset: 00007FF751A40000, based on PE: true
                                                                                                                                                                                                                                                                                                                  • Associated: 0000000C.00000002.3060132073.00007FF751A40000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 0000000C.00000002.3060819819.00007FF751C94000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 0000000C.00000002.3061160990.00007FF751CDA000.00000004.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 0000000C.00000002.3061264071.00007FF751CDB000.00000008.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 0000000C.00000002.3061350002.00007FF751CF0000.00000004.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 0000000C.00000002.3061425831.00007FF751CF2000.00000008.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 0000000C.00000002.3061583034.00007FF751CF6000.00000004.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 0000000C.00000002.3061583034.00007FF751D00000.00000004.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 0000000C.00000002.3061749541.00007FF751D03000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_12_2_7ff751a40000_PcAppStore.jbxd
                                                                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                                                                  • API ID: ListSafe$Affinity::operator!=Concurrency::details::Hardwaretype_info::_name_internal_method
                                                                                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                                                                                  • API String ID: 4237630332-0
                                                                                                                                                                                                                                                                                                                  • Opcode ID: 9306202388f6828a7c01ef5949dc893110afa130bf2777e4e34a09d5696adc46
                                                                                                                                                                                                                                                                                                                  • Instruction ID: 2f7cd478aeed57e990d066072b2ccb4e2a2e41e31a67b7dae1c5478ea814fb0c
                                                                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 9306202388f6828a7c01ef5949dc893110afa130bf2777e4e34a09d5696adc46
                                                                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 4F51F272A0CBC582EB62AB55E44079BB3A4FB88384F804122E6CD47B5EDF7CC5158B50
                                                                                                                                                                                                                                                                                                                  Function 00007FF751C286C0 Relevance: 6.1, APIs: 4, Instructions: 94COMMON
                                                                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                                                                  • Source File: 0000000C.00000002.3060241232.00007FF751A41000.00000020.00000001.01000000.00000014.sdmp, Offset: 00007FF751A40000, based on PE: true
                                                                                                                                                                                                                                                                                                                  • Associated: 0000000C.00000002.3060132073.00007FF751A40000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 0000000C.00000002.3060819819.00007FF751C94000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 0000000C.00000002.3061160990.00007FF751CDA000.00000004.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 0000000C.00000002.3061264071.00007FF751CDB000.00000008.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 0000000C.00000002.3061350002.00007FF751CF0000.00000004.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 0000000C.00000002.3061425831.00007FF751CF2000.00000008.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 0000000C.00000002.3061583034.00007FF751CF6000.00000004.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 0000000C.00000002.3061583034.00007FF751D00000.00000004.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 0000000C.00000002.3061749541.00007FF751D03000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_12_2_7ff751a40000_PcAppStore.jbxd
                                                                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                                                                  • API ID: Concurrency::details::Concurrency::task_continuation_context::task_continuation_contextEmptyQueue::SendStructuredWorkinet_addr
                                                                                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                                                                                  • API String ID: 3659562701-0
                                                                                                                                                                                                                                                                                                                  • Opcode ID: e24764ae641b1e846e5a65355a7545725f9b6933a50b2db4eb81e89fccfbacf0
                                                                                                                                                                                                                                                                                                                  • Instruction ID: 59638eed6ada1057b034ba1c60f70bbf067c4bda4739d9064444c61b812c870c
                                                                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: e24764ae641b1e846e5a65355a7545725f9b6933a50b2db4eb81e89fccfbacf0
                                                                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 2141F432609AC185DB60EB20F4813AEA7A5FBC4781F944132E6CD83BAEDF6CD555CB50
                                                                                                                                                                                                                                                                                                                  Function 00007FF751AF54D0 Relevance: 6.1, APIs: 4, Instructions: 78registryCOMMON
                                                                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                                                                  • Source File: 0000000C.00000002.3060241232.00007FF751A41000.00000020.00000001.01000000.00000014.sdmp, Offset: 00007FF751A40000, based on PE: true
                                                                                                                                                                                                                                                                                                                  • Associated: 0000000C.00000002.3060132073.00007FF751A40000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 0000000C.00000002.3060819819.00007FF751C94000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 0000000C.00000002.3061160990.00007FF751CDA000.00000004.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 0000000C.00000002.3061264071.00007FF751CDB000.00000008.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 0000000C.00000002.3061350002.00007FF751CF0000.00000004.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 0000000C.00000002.3061425831.00007FF751CF2000.00000008.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 0000000C.00000002.3061583034.00007FF751CF6000.00000004.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 0000000C.00000002.3061583034.00007FF751D00000.00000004.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 0000000C.00000002.3061749541.00007FF751D03000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_12_2_7ff751a40000_PcAppStore.jbxd
                                                                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                                                                  • API ID: Close$CreateValue
                                                                                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                                                                                  • API String ID: 1009429713-0
                                                                                                                                                                                                                                                                                                                  • Opcode ID: 9c307824b4b970c6f2053c18befca1c7b90f3d0a61b7ccd04ee7ce106311f408
                                                                                                                                                                                                                                                                                                                  • Instruction ID: 6b336fdbe82941b8896456459ba8420772d900044441f15362a4c84fcbb0e640
                                                                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 9c307824b4b970c6f2053c18befca1c7b90f3d0a61b7ccd04ee7ce106311f408
                                                                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 6D314C62A1CA8182E751EB65F451A6FE7A0FBC1781F541032F6CE83A6DCF6DD405CB50
                                                                                                                                                                                                                                                                                                                  Function 00007FF751B114D0 Relevance: 6.1, APIs: 4, Instructions: 69COMMON
                                                                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                                                                  • Source File: 0000000C.00000002.3060241232.00007FF751A41000.00000020.00000001.01000000.00000014.sdmp, Offset: 00007FF751A40000, based on PE: true
                                                                                                                                                                                                                                                                                                                  • Associated: 0000000C.00000002.3060132073.00007FF751A40000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 0000000C.00000002.3060819819.00007FF751C94000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 0000000C.00000002.3061160990.00007FF751CDA000.00000004.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 0000000C.00000002.3061264071.00007FF751CDB000.00000008.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 0000000C.00000002.3061350002.00007FF751CF0000.00000004.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 0000000C.00000002.3061425831.00007FF751CF2000.00000008.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 0000000C.00000002.3061583034.00007FF751CF6000.00000004.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 0000000C.00000002.3061583034.00007FF751D00000.00000004.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 0000000C.00000002.3061749541.00007FF751D03000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_12_2_7ff751a40000_PcAppStore.jbxd
                                                                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                                                                  • API ID: std::ios_base::good$Concurrency::details::_CriticalHandleLock::_ReentrantScoped_lockScoped_lock::~_
                                                                                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                                                                                  • API String ID: 1863006881-0
                                                                                                                                                                                                                                                                                                                  • Opcode ID: 7e46a795dbc43c888aeb26d6ffcfde4d8d3f552e83135d10a67bbc421860b402
                                                                                                                                                                                                                                                                                                                  • Instruction ID: 61ceb396bc7f5a3f23053e502ecff643a2ed71a79530554a0ec7b408513c7285
                                                                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 7e46a795dbc43c888aeb26d6ffcfde4d8d3f552e83135d10a67bbc421860b402
                                                                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 23313D6291DA8191DB51AB65E4805AEE3A4FBC5381F941432EACE83B6DDF6CC405CB50
                                                                                                                                                                                                                                                                                                                  Function 00007FF751AB1B10 Relevance: 6.1, APIs: 4, Instructions: 59COMMON
                                                                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                                                                  • Source File: 0000000C.00000002.3060241232.00007FF751A41000.00000020.00000001.01000000.00000014.sdmp, Offset: 00007FF751A40000, based on PE: true
                                                                                                                                                                                                                                                                                                                  • Associated: 0000000C.00000002.3060132073.00007FF751A40000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 0000000C.00000002.3060819819.00007FF751C94000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 0000000C.00000002.3061160990.00007FF751CDA000.00000004.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 0000000C.00000002.3061264071.00007FF751CDB000.00000008.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 0000000C.00000002.3061350002.00007FF751CF0000.00000004.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 0000000C.00000002.3061425831.00007FF751CF2000.00000008.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 0000000C.00000002.3061583034.00007FF751CF6000.00000004.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 0000000C.00000002.3061583034.00007FF751D00000.00000004.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 0000000C.00000002.3061749541.00007FF751D03000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_12_2_7ff751a40000_PcAppStore.jbxd
                                                                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                                                                  • API ID: Lockitstd::_$Lockit::_Lockit::~_$Getfacetstd::locale::_
                                                                                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                                                                                  • API String ID: 228209623-0
                                                                                                                                                                                                                                                                                                                  • Opcode ID: f0f836a760725e8d7f634036dee90e4beff405c21b335a93600479bdb4a82438
                                                                                                                                                                                                                                                                                                                  • Instruction ID: 55addd4a744aa9c07fe71533513c76cfc0d4778dcd1026dafa6ae7ffd926224f
                                                                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: f0f836a760725e8d7f634036dee90e4beff405c21b335a93600479bdb4a82438
                                                                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: F8214D2291DA8581DB21FB55F48066AF3A0FBC47A1F981232F68E43BADDE7CD540CB10
                                                                                                                                                                                                                                                                                                                  Function 00007FF751AB1C20 Relevance: 6.1, APIs: 4, Instructions: 59COMMON
                                                                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                                                                  • Source File: 0000000C.00000002.3060241232.00007FF751A41000.00000020.00000001.01000000.00000014.sdmp, Offset: 00007FF751A40000, based on PE: true
                                                                                                                                                                                                                                                                                                                  • Associated: 0000000C.00000002.3060132073.00007FF751A40000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 0000000C.00000002.3060819819.00007FF751C94000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 0000000C.00000002.3061160990.00007FF751CDA000.00000004.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 0000000C.00000002.3061264071.00007FF751CDB000.00000008.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 0000000C.00000002.3061350002.00007FF751CF0000.00000004.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 0000000C.00000002.3061425831.00007FF751CF2000.00000008.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 0000000C.00000002.3061583034.00007FF751CF6000.00000004.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 0000000C.00000002.3061583034.00007FF751D00000.00000004.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 0000000C.00000002.3061749541.00007FF751D03000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_12_2_7ff751a40000_PcAppStore.jbxd
                                                                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                                                                  • API ID: Lockitstd::_$Lockit::_Lockit::~_$Getfacetstd::locale::_
                                                                                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                                                                                  • API String ID: 228209623-0
                                                                                                                                                                                                                                                                                                                  • Opcode ID: ffc4a972124950b4c3104a41a6cc087931638b398ab2111ad55e3608b8c22478
                                                                                                                                                                                                                                                                                                                  • Instruction ID: a881260c89299bbaa65a8ef80e330d8ae50e73f82b9d857667b2c86dad58d201
                                                                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: ffc4a972124950b4c3104a41a6cc087931638b398ab2111ad55e3608b8c22478
                                                                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 9C213E2291DA8581DB51FB55F48066AF3A0FBC47A1F981132F68E43BADDE7CD540CB10
                                                                                                                                                                                                                                                                                                                  Function 00007FF751AD5C70 Relevance: 6.1, APIs: 4, Instructions: 59COMMON
                                                                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                                                                  • Source File: 0000000C.00000002.3060241232.00007FF751A41000.00000020.00000001.01000000.00000014.sdmp, Offset: 00007FF751A40000, based on PE: true
                                                                                                                                                                                                                                                                                                                  • Associated: 0000000C.00000002.3060132073.00007FF751A40000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 0000000C.00000002.3060819819.00007FF751C94000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 0000000C.00000002.3061160990.00007FF751CDA000.00000004.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 0000000C.00000002.3061264071.00007FF751CDB000.00000008.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 0000000C.00000002.3061350002.00007FF751CF0000.00000004.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 0000000C.00000002.3061425831.00007FF751CF2000.00000008.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 0000000C.00000002.3061583034.00007FF751CF6000.00000004.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 0000000C.00000002.3061583034.00007FF751D00000.00000004.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 0000000C.00000002.3061749541.00007FF751D03000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_12_2_7ff751a40000_PcAppStore.jbxd
                                                                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                                                                  • API ID: Lockitstd::_$Lockit::_Lockit::~_$Getfacetstd::locale::_
                                                                                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                                                                                  • API String ID: 228209623-0
                                                                                                                                                                                                                                                                                                                  • Opcode ID: 7f36f74f1cc2277e531ecd8ffbfcc52f17ce81f531ee348e0a35af13a6128da6
                                                                                                                                                                                                                                                                                                                  • Instruction ID: c462fe4784d25e1555109937d248710fe0e7b1327a071a16984f55d121690746
                                                                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 7f36f74f1cc2277e531ecd8ffbfcc52f17ce81f531ee348e0a35af13a6128da6
                                                                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 5A214D2291DA8581DB51EB55E48066AF3B0FBC47A1F941232F6DE43BADDE7CC444CB10
                                                                                                                                                                                                                                                                                                                  Function 00007FF751AD5B60 Relevance: 6.1, APIs: 4, Instructions: 59COMMON
                                                                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                                                                  • Source File: 0000000C.00000002.3060241232.00007FF751A41000.00000020.00000001.01000000.00000014.sdmp, Offset: 00007FF751A40000, based on PE: true
                                                                                                                                                                                                                                                                                                                  • Associated: 0000000C.00000002.3060132073.00007FF751A40000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 0000000C.00000002.3060819819.00007FF751C94000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 0000000C.00000002.3061160990.00007FF751CDA000.00000004.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 0000000C.00000002.3061264071.00007FF751CDB000.00000008.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 0000000C.00000002.3061350002.00007FF751CF0000.00000004.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 0000000C.00000002.3061425831.00007FF751CF2000.00000008.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 0000000C.00000002.3061583034.00007FF751CF6000.00000004.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 0000000C.00000002.3061583034.00007FF751D00000.00000004.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 0000000C.00000002.3061749541.00007FF751D03000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_12_2_7ff751a40000_PcAppStore.jbxd
                                                                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                                                                  • API ID: Lockitstd::_$Lockit::_Lockit::~_$Getfacetstd::locale::_
                                                                                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                                                                                  • API String ID: 228209623-0
                                                                                                                                                                                                                                                                                                                  • Opcode ID: 1cb73c1493c947b01b438afa6cd00dfe135304ad2e81f5a331452bc6012cda04
                                                                                                                                                                                                                                                                                                                  • Instruction ID: 38386af31d2720d608cbace36f64d9d0edb29c7f743799cfa6a41045f3d1fb5d
                                                                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 1cb73c1493c947b01b438afa6cd00dfe135304ad2e81f5a331452bc6012cda04
                                                                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: A7212D2291DA8581DB51AB65E48056AF3A0FBC47A1FA81232F68E43BADDF7CD540CB10
                                                                                                                                                                                                                                                                                                                  Function 00007FF751AB1D30 Relevance: 6.1, APIs: 4, Instructions: 59COMMON
                                                                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                                                                  • Source File: 0000000C.00000002.3060241232.00007FF751A41000.00000020.00000001.01000000.00000014.sdmp, Offset: 00007FF751A40000, based on PE: true
                                                                                                                                                                                                                                                                                                                  • Associated: 0000000C.00000002.3060132073.00007FF751A40000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 0000000C.00000002.3060819819.00007FF751C94000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 0000000C.00000002.3061160990.00007FF751CDA000.00000004.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 0000000C.00000002.3061264071.00007FF751CDB000.00000008.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 0000000C.00000002.3061350002.00007FF751CF0000.00000004.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 0000000C.00000002.3061425831.00007FF751CF2000.00000008.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 0000000C.00000002.3061583034.00007FF751CF6000.00000004.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 0000000C.00000002.3061583034.00007FF751D00000.00000004.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 0000000C.00000002.3061749541.00007FF751D03000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_12_2_7ff751a40000_PcAppStore.jbxd
                                                                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                                                                  • API ID: Lockitstd::_$Lockit::_Lockit::~_$Getfacetstd::locale::_
                                                                                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                                                                                  • API String ID: 228209623-0
                                                                                                                                                                                                                                                                                                                  • Opcode ID: 9897d63a2910752e489b357ac4054806c290e44d62d90780deb4985dc466d1a6
                                                                                                                                                                                                                                                                                                                  • Instruction ID: cc1d02d9dcb8abc795ed69261405da401b0760bc73318e56a52ffe73cbb8390a
                                                                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 9897d63a2910752e489b357ac4054806c290e44d62d90780deb4985dc466d1a6
                                                                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: B2213E2291DA8581DB51FB55F48066AF3A0FBC47A1F941232F68E43BADDE7CD950CB10
                                                                                                                                                                                                                                                                                                                  Function 00007FF751AD5D80 Relevance: 6.1, APIs: 4, Instructions: 59COMMON
                                                                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                                                                  • Source File: 0000000C.00000002.3060241232.00007FF751A41000.00000020.00000001.01000000.00000014.sdmp, Offset: 00007FF751A40000, based on PE: true
                                                                                                                                                                                                                                                                                                                  • Associated: 0000000C.00000002.3060132073.00007FF751A40000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 0000000C.00000002.3060819819.00007FF751C94000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 0000000C.00000002.3061160990.00007FF751CDA000.00000004.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 0000000C.00000002.3061264071.00007FF751CDB000.00000008.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 0000000C.00000002.3061350002.00007FF751CF0000.00000004.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 0000000C.00000002.3061425831.00007FF751CF2000.00000008.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 0000000C.00000002.3061583034.00007FF751CF6000.00000004.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 0000000C.00000002.3061583034.00007FF751D00000.00000004.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 0000000C.00000002.3061749541.00007FF751D03000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_12_2_7ff751a40000_PcAppStore.jbxd
                                                                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                                                                  • API ID: Lockitstd::_$Lockit::_Lockit::~_$Getfacetstd::locale::_
                                                                                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                                                                                  • API String ID: 228209623-0
                                                                                                                                                                                                                                                                                                                  • Opcode ID: 6428aebd78669578355f07eed9a68587b179815211e9fca7f68be3dc17501fbb
                                                                                                                                                                                                                                                                                                                  • Instruction ID: e888e896c6a68613473434ca383d4ec09a679a148a5302ea9e67234514a2447b
                                                                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 6428aebd78669578355f07eed9a68587b179815211e9fca7f68be3dc17501fbb
                                                                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 0A214C32919A8581DB51BB65E48066AF3A0FBC47A1F985232F69E03BADDE7CD440CB10
                                                                                                                                                                                                                                                                                                                  Function 00007FF751A5E310 Relevance: 6.1, APIs: 4, Instructions: 59COMMON
                                                                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                                                                  • Source File: 0000000C.00000002.3060241232.00007FF751A41000.00000020.00000001.01000000.00000014.sdmp, Offset: 00007FF751A40000, based on PE: true
                                                                                                                                                                                                                                                                                                                  • Associated: 0000000C.00000002.3060132073.00007FF751A40000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 0000000C.00000002.3060819819.00007FF751C94000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 0000000C.00000002.3061160990.00007FF751CDA000.00000004.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 0000000C.00000002.3061264071.00007FF751CDB000.00000008.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 0000000C.00000002.3061350002.00007FF751CF0000.00000004.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 0000000C.00000002.3061425831.00007FF751CF2000.00000008.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 0000000C.00000002.3061583034.00007FF751CF6000.00000004.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 0000000C.00000002.3061583034.00007FF751D00000.00000004.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 0000000C.00000002.3061749541.00007FF751D03000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_12_2_7ff751a40000_PcAppStore.jbxd
                                                                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                                                                  • API ID: Lockitstd::_$Lockit::_Lockit::~_$Getfacetstd::locale::_
                                                                                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                                                                                  • API String ID: 228209623-0
                                                                                                                                                                                                                                                                                                                  • Opcode ID: 13a129b861442c476aa8d6daa1001e5ad88053abcd9e539a57d9e763036b0e27
                                                                                                                                                                                                                                                                                                                  • Instruction ID: b9cd8071bbf370d38fbe855a7d899f066920865bc656a029ca588799cbbc03c6
                                                                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 13a129b861442c476aa8d6daa1001e5ad88053abcd9e539a57d9e763036b0e27
                                                                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: D3214D3291DA8581DB21AB15E49066AF7A0FBC47A1F941132F69E03BAEDE7CC540CB10
                                                                                                                                                                                                                                                                                                                  Function 00007FF751A5E200 Relevance: 6.1, APIs: 4, Instructions: 59COMMON
                                                                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                                                                  • Source File: 0000000C.00000002.3060241232.00007FF751A41000.00000020.00000001.01000000.00000014.sdmp, Offset: 00007FF751A40000, based on PE: true
                                                                                                                                                                                                                                                                                                                  • Associated: 0000000C.00000002.3060132073.00007FF751A40000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 0000000C.00000002.3060819819.00007FF751C94000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 0000000C.00000002.3061160990.00007FF751CDA000.00000004.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 0000000C.00000002.3061264071.00007FF751CDB000.00000008.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 0000000C.00000002.3061350002.00007FF751CF0000.00000004.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 0000000C.00000002.3061425831.00007FF751CF2000.00000008.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 0000000C.00000002.3061583034.00007FF751CF6000.00000004.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 0000000C.00000002.3061583034.00007FF751D00000.00000004.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 0000000C.00000002.3061749541.00007FF751D03000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_12_2_7ff751a40000_PcAppStore.jbxd
                                                                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                                                                  • API ID: Lockitstd::_$Lockit::_Lockit::~_$Getfacetstd::locale::_
                                                                                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                                                                                  • API String ID: 228209623-0
                                                                                                                                                                                                                                                                                                                  • Opcode ID: 7ea64c418f244af4647fc8c3c666b947af49a294f935aeff23ff938cde07c558
                                                                                                                                                                                                                                                                                                                  • Instruction ID: 07e1cc03378b7fc02c1aaea06be28369d5f060b67aba780fd17e4d001789738f
                                                                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 7ea64c418f244af4647fc8c3c666b947af49a294f935aeff23ff938cde07c558
                                                                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 56216D2291DA8581DB21FB55E48066EF3A0FBC47A1F981232F68E43BADDE7CC540CB10
                                                                                                                                                                                                                                                                                                                  Function 00007FF751A5E420 Relevance: 6.1, APIs: 4, Instructions: 59COMMON
                                                                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                                                                  • Source File: 0000000C.00000002.3060241232.00007FF751A41000.00000020.00000001.01000000.00000014.sdmp, Offset: 00007FF751A40000, based on PE: true
                                                                                                                                                                                                                                                                                                                  • Associated: 0000000C.00000002.3060132073.00007FF751A40000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 0000000C.00000002.3060819819.00007FF751C94000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 0000000C.00000002.3061160990.00007FF751CDA000.00000004.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 0000000C.00000002.3061264071.00007FF751CDB000.00000008.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 0000000C.00000002.3061350002.00007FF751CF0000.00000004.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 0000000C.00000002.3061425831.00007FF751CF2000.00000008.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 0000000C.00000002.3061583034.00007FF751CF6000.00000004.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 0000000C.00000002.3061583034.00007FF751D00000.00000004.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 0000000C.00000002.3061749541.00007FF751D03000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_12_2_7ff751a40000_PcAppStore.jbxd
                                                                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                                                                  • API ID: Lockitstd::_$Lockit::_Lockit::~_$Getfacetstd::locale::_
                                                                                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                                                                                  • API String ID: 228209623-0
                                                                                                                                                                                                                                                                                                                  • Opcode ID: 6ad57b4930199d51ee3f6609d6da7d3ba4b43852d7831413da4ab061590ed2c7
                                                                                                                                                                                                                                                                                                                  • Instruction ID: fbd6bdfe88e3e1dbe6ad6c149e50f06170422022b5858f0d4735c96e31ce8351
                                                                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 6ad57b4930199d51ee3f6609d6da7d3ba4b43852d7831413da4ab061590ed2c7
                                                                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 76216F2291DA8581DB21FB65E49066AF7A0FBC47A5F941132F68E43BAEDE7CC440CB10
                                                                                                                                                                                                                                                                                                                  Function 00007FF751AF53C0 Relevance: 6.1, APIs: 4, Instructions: 56registryCOMMON
                                                                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                                                                  • Source File: 0000000C.00000002.3060241232.00007FF751A41000.00000020.00000001.01000000.00000014.sdmp, Offset: 00007FF751A40000, based on PE: true
                                                                                                                                                                                                                                                                                                                  • Associated: 0000000C.00000002.3060132073.00007FF751A40000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 0000000C.00000002.3060819819.00007FF751C94000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 0000000C.00000002.3061160990.00007FF751CDA000.00000004.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 0000000C.00000002.3061264071.00007FF751CDB000.00000008.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 0000000C.00000002.3061350002.00007FF751CF0000.00000004.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 0000000C.00000002.3061425831.00007FF751CF2000.00000008.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 0000000C.00000002.3061583034.00007FF751CF6000.00000004.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 0000000C.00000002.3061583034.00007FF751D00000.00000004.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 0000000C.00000002.3061749541.00007FF751D03000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_12_2_7ff751a40000_PcAppStore.jbxd
                                                                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                                                                  • API ID: Close$CreateValue
                                                                                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                                                                                  • API String ID: 1009429713-0
                                                                                                                                                                                                                                                                                                                  • Opcode ID: dbcb0bff2dbfb494f9c0c4a53583224a0bc73b81318fb6081f35984ec2acdf80
                                                                                                                                                                                                                                                                                                                  • Instruction ID: 5e2eea1c46860f3b3a2fb68a7efe347f5615e89a0598e35b27209afda396a27d
                                                                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: dbcb0bff2dbfb494f9c0c4a53583224a0bc73b81318fb6081f35984ec2acdf80
                                                                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 62210862A1CA8182D751EB26E49162FF7A0FBC1782F541036FACE47A6ECF6DD404CB50
                                                                                                                                                                                                                                                                                                                  Function 00007FF751B0C010 Relevance: 6.0, APIs: 4, Instructions: 46threadCOMMON
                                                                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                                                                  • Source File: 0000000C.00000002.3060241232.00007FF751A41000.00000020.00000001.01000000.00000014.sdmp, Offset: 00007FF751A40000, based on PE: true
                                                                                                                                                                                                                                                                                                                  • Associated: 0000000C.00000002.3060132073.00007FF751A40000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 0000000C.00000002.3060819819.00007FF751C94000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 0000000C.00000002.3061160990.00007FF751CDA000.00000004.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 0000000C.00000002.3061264071.00007FF751CDB000.00000008.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 0000000C.00000002.3061350002.00007FF751CF0000.00000004.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 0000000C.00000002.3061425831.00007FF751CF2000.00000008.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 0000000C.00000002.3061583034.00007FF751CF6000.00000004.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 0000000C.00000002.3061583034.00007FF751D00000.00000004.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 0000000C.00000002.3061749541.00007FF751D03000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_12_2_7ff751a40000_PcAppStore.jbxd
                                                                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                                                                  • API ID: Cpp_errorThrow_std::_$CurrentThread
                                                                                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                                                                                  • API String ID: 2261580123-0
                                                                                                                                                                                                                                                                                                                  • Opcode ID: d56992a9b9a1a9221ef1b757d41bd129c07f49de2a635e9e3199ffa93a75b6a2
                                                                                                                                                                                                                                                                                                                  • Instruction ID: 848647329dff9fda35ab3728bb9b0d3ce8d013abbcbc66f875f2be12d508404e
                                                                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: d56992a9b9a1a9221ef1b757d41bd129c07f49de2a635e9e3199ffa93a75b6a2
                                                                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: F401C062A0868957E750B221D4103BB9292FBC9381FC85475EA8D43BDEEDADE841C720
                                                                                                                                                                                                                                                                                                                  Function 00007FF751A836C0 Relevance: 6.0, APIs: 4, Instructions: 42COMMON
                                                                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                                                                  • Source File: 0000000C.00000002.3060241232.00007FF751A41000.00000020.00000001.01000000.00000014.sdmp, Offset: 00007FF751A40000, based on PE: true
                                                                                                                                                                                                                                                                                                                  • Associated: 0000000C.00000002.3060132073.00007FF751A40000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 0000000C.00000002.3060819819.00007FF751C94000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 0000000C.00000002.3061160990.00007FF751CDA000.00000004.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 0000000C.00000002.3061264071.00007FF751CDB000.00000008.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 0000000C.00000002.3061350002.00007FF751CF0000.00000004.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 0000000C.00000002.3061425831.00007FF751CF2000.00000008.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 0000000C.00000002.3061583034.00007FF751CF6000.00000004.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 0000000C.00000002.3061583034.00007FF751D00000.00000004.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 0000000C.00000002.3061749541.00007FF751D03000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_12_2_7ff751a40000_PcAppStore.jbxd
                                                                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                                                                  • API ID: Func_class
                                                                                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                                                                                  • API String ID: 1670654298-0
                                                                                                                                                                                                                                                                                                                  • Opcode ID: 9da71fbd4f1469cd5a0bb3932a51f51a1aa5024e825af8f4bb279ec7c27efa9b
                                                                                                                                                                                                                                                                                                                  • Instruction ID: e5506c4539f1797b3970934f99d1618ca0599eb7885f53f01ae361852e6c390b
                                                                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 9da71fbd4f1469cd5a0bb3932a51f51a1aa5024e825af8f4bb279ec7c27efa9b
                                                                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 59113D22A0DA4190EB11F756E85142EE3B0EFC5BC1F944032EA8D87B6EDE6CD4018B50
                                                                                                                                                                                                                                                                                                                  Function 00007FF751B17860 Relevance: 6.0, APIs: 4, Instructions: 31COMMONLIBRARYCODE
                                                                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                                                                  • Concurrency::details::WorkQueue::IsStructuredEmpty.LIBCMTD ref: 00007FF751B1788B
                                                                                                                                                                                                                                                                                                                  • Concurrency::details::WorkQueue::IsStructuredEmpty.LIBCMTD ref: 00007FF751B1789A
                                                                                                                                                                                                                                                                                                                  • Concurrency::details::WorkQueue::IsStructuredEmpty.LIBCMTD ref: 00007FF751B178BB
                                                                                                                                                                                                                                                                                                                  • Concurrency::details::WorkQueue::IsStructuredEmpty.LIBCMTD ref: 00007FF751B178C5
                                                                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                                                                  • Source File: 0000000C.00000002.3060241232.00007FF751A41000.00000020.00000001.01000000.00000014.sdmp, Offset: 00007FF751A40000, based on PE: true
                                                                                                                                                                                                                                                                                                                  • Associated: 0000000C.00000002.3060132073.00007FF751A40000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 0000000C.00000002.3060819819.00007FF751C94000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 0000000C.00000002.3061160990.00007FF751CDA000.00000004.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 0000000C.00000002.3061264071.00007FF751CDB000.00000008.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 0000000C.00000002.3061350002.00007FF751CF0000.00000004.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 0000000C.00000002.3061425831.00007FF751CF2000.00000008.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 0000000C.00000002.3061583034.00007FF751CF6000.00000004.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 0000000C.00000002.3061583034.00007FF751D00000.00000004.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 0000000C.00000002.3061749541.00007FF751D03000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_12_2_7ff751a40000_PcAppStore.jbxd
                                                                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                                                                  • API ID: Concurrency::details::EmptyQueue::StructuredWork
                                                                                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                                                                                  • API String ID: 1865873047-0
                                                                                                                                                                                                                                                                                                                  • Opcode ID: aa193d5666c3389cbece5290b5dd601305dcd2c7dd580d20048e0f9eb2ed7bf3
                                                                                                                                                                                                                                                                                                                  • Instruction ID: 02eec3295e36f0e3a702f17522cd11e1d44a5bf4fb5709122ad9914abf5535e1
                                                                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: aa193d5666c3389cbece5290b5dd601305dcd2c7dd580d20048e0f9eb2ed7bf3
                                                                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: F0010222A1CA8181DB01BB91F49142FE360FBC07A5F840032FA9D87A6ECFECD5458B50
                                                                                                                                                                                                                                                                                                                  Function 00007FF751C17880 Relevance: 6.0, APIs: 4, Instructions: 31COMMONLIBRARYCODE
                                                                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                                                                  • Concurrency::details::WorkQueue::IsStructuredEmpty.LIBCMTD ref: 00007FF751C178AB
                                                                                                                                                                                                                                                                                                                  • Concurrency::details::WorkQueue::IsStructuredEmpty.LIBCMTD ref: 00007FF751C178BA
                                                                                                                                                                                                                                                                                                                  • Concurrency::details::WorkQueue::IsStructuredEmpty.LIBCMTD ref: 00007FF751C178DB
                                                                                                                                                                                                                                                                                                                  • Concurrency::details::WorkQueue::IsStructuredEmpty.LIBCMTD ref: 00007FF751C178E5
                                                                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                                                                  • Source File: 0000000C.00000002.3060241232.00007FF751A41000.00000020.00000001.01000000.00000014.sdmp, Offset: 00007FF751A40000, based on PE: true
                                                                                                                                                                                                                                                                                                                  • Associated: 0000000C.00000002.3060132073.00007FF751A40000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 0000000C.00000002.3060819819.00007FF751C94000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 0000000C.00000002.3061160990.00007FF751CDA000.00000004.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 0000000C.00000002.3061264071.00007FF751CDB000.00000008.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 0000000C.00000002.3061350002.00007FF751CF0000.00000004.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 0000000C.00000002.3061425831.00007FF751CF2000.00000008.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 0000000C.00000002.3061583034.00007FF751CF6000.00000004.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 0000000C.00000002.3061583034.00007FF751D00000.00000004.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 0000000C.00000002.3061749541.00007FF751D03000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_12_2_7ff751a40000_PcAppStore.jbxd
                                                                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                                                                  • API ID: Concurrency::details::EmptyQueue::StructuredWork
                                                                                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                                                                                  • API String ID: 1865873047-0
                                                                                                                                                                                                                                                                                                                  • Opcode ID: 689a3325f978614085837f0cb748a2082981501fac2238d24ff5dba16fc2c277
                                                                                                                                                                                                                                                                                                                  • Instruction ID: 9abb712c4491d000904278d4d869a5139be5ec7ab7edd637212b83d004eb4fff
                                                                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 689a3325f978614085837f0cb748a2082981501fac2238d24ff5dba16fc2c277
                                                                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: A9010262A1CA8182DB01BB91E49142EE360FBC07A5F840032FA9D86B6ECFECD5448B50
                                                                                                                                                                                                                                                                                                                  Function 00007FF751AE8450 Relevance: 6.0, APIs: 4, Instructions: 25COMMONLIBRARYCODE
                                                                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                                                                  • Source File: 0000000C.00000002.3060241232.00007FF751A41000.00000020.00000001.01000000.00000014.sdmp, Offset: 00007FF751A40000, based on PE: true
                                                                                                                                                                                                                                                                                                                  • Associated: 0000000C.00000002.3060132073.00007FF751A40000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 0000000C.00000002.3060819819.00007FF751C94000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 0000000C.00000002.3061160990.00007FF751CDA000.00000004.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 0000000C.00000002.3061264071.00007FF751CDB000.00000008.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 0000000C.00000002.3061350002.00007FF751CF0000.00000004.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 0000000C.00000002.3061425831.00007FF751CF2000.00000008.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 0000000C.00000002.3061583034.00007FF751CF6000.00000004.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 0000000C.00000002.3061583034.00007FF751D00000.00000004.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 0000000C.00000002.3061749541.00007FF751D03000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_12_2_7ff751a40000_PcAppStore.jbxd
                                                                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                                                                  • API ID: Concurrency::details::EmptyQueue::StructuredWorkswap
                                                                                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                                                                                  • API String ID: 3764174498-0
                                                                                                                                                                                                                                                                                                                  • Opcode ID: 4a8987ae17be91b618b1240d6dfa5933c1b2f50df3e389c5972829a0110ca365
                                                                                                                                                                                                                                                                                                                  • Instruction ID: f550286a219777ac40d4cee1e63ac6be5f9796515664d4243ad7f08f3b47ea01
                                                                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 4a8987ae17be91b618b1240d6dfa5933c1b2f50df3e389c5972829a0110ca365
                                                                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 62F01726A0CA8581CA20EB55F45502FE7A0FBC9BC9F944136EACC47B2ECE7CC2518B10
                                                                                                                                                                                                                                                                                                                  Function 00007FF751A815D0 Relevance: 5.6, APIs: 2, Strings: 1, Instructions: 350COMMON
                                                                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                                                                  • Source File: 0000000C.00000002.3060241232.00007FF751A41000.00000020.00000001.01000000.00000014.sdmp, Offset: 00007FF751A40000, based on PE: true
                                                                                                                                                                                                                                                                                                                  • Associated: 0000000C.00000002.3060132073.00007FF751A40000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 0000000C.00000002.3060819819.00007FF751C94000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 0000000C.00000002.3061160990.00007FF751CDA000.00000004.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 0000000C.00000002.3061264071.00007FF751CDB000.00000008.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 0000000C.00000002.3061350002.00007FF751CF0000.00000004.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 0000000C.00000002.3061425831.00007FF751CF2000.00000008.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 0000000C.00000002.3061583034.00007FF751CF6000.00000004.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 0000000C.00000002.3061583034.00007FF751D00000.00000004.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 0000000C.00000002.3061749541.00007FF751D03000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_12_2_7ff751a40000_PcAppStore.jbxd
                                                                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                                                                  • API ID: Mpunctstd::ios_base::width
                                                                                                                                                                                                                                                                                                                  • String ID: @
                                                                                                                                                                                                                                                                                                                  • API String ID: 1954291571-2766056989
                                                                                                                                                                                                                                                                                                                  • Opcode ID: d560c029998a2b240088d10c20916916d7662cdfa0470219d39e9bd338f95e10
                                                                                                                                                                                                                                                                                                                  • Instruction ID: 5bf1fea7bd8aa8747fafa80408d14e9de489eed2c02c1b4a65728c3c4859ef07
                                                                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: d560c029998a2b240088d10c20916916d7662cdfa0470219d39e9bd338f95e10
                                                                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: FE02283260DAC985EB71AB51E8947EBA361F7C8781F840432DA8D83B6DDEBCC545CB40
                                                                                                                                                                                                                                                                                                                  Function 00007FF751A41E80 Relevance: 5.5, APIs: 1, Strings: 2, Instructions: 243COMMON
                                                                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                                                                    • Part of subcall function 00007FF751A61F00: Concurrency::details::WorkQueue::IsStructuredEmpty.LIBCMTD ref: 00007FF751A61F1D
                                                                                                                                                                                                                                                                                                                  • std::_Fac_node::_Fac_node.LIBCPMTD ref: 00007FF751A42389
                                                                                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                                                                  • Source File: 0000000C.00000002.3060241232.00007FF751A41000.00000020.00000001.01000000.00000014.sdmp, Offset: 00007FF751A40000, based on PE: true
                                                                                                                                                                                                                                                                                                                  • Associated: 0000000C.00000002.3060132073.00007FF751A40000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 0000000C.00000002.3060819819.00007FF751C94000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 0000000C.00000002.3061160990.00007FF751CDA000.00000004.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 0000000C.00000002.3061264071.00007FF751CDB000.00000008.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 0000000C.00000002.3061350002.00007FF751CF0000.00000004.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 0000000C.00000002.3061425831.00007FF751CF2000.00000008.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 0000000C.00000002.3061583034.00007FF751CF6000.00000004.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 0000000C.00000002.3061583034.00007FF751D00000.00000004.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 0000000C.00000002.3061749541.00007FF751D03000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_12_2_7ff751a40000_PcAppStore.jbxd
                                                                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                                                                  • API ID: Concurrency::details::EmptyFac_nodeFac_node::_Queue::StructuredWorkstd::_
                                                                                                                                                                                                                                                                                                                  • String ID: $@
                                                                                                                                                                                                                                                                                                                  • API String ID: 3399187363-1077428164
                                                                                                                                                                                                                                                                                                                  • Opcode ID: 306b64562801912a0eb6df2f4b3041640bf5120341d5824f9f869520d3481e17
                                                                                                                                                                                                                                                                                                                  • Instruction ID: 835399d84cad8e1640d4e0b8cb48df3242bdc3cba1b1f07a4874d02452f2ce43
                                                                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 306b64562801912a0eb6df2f4b3041640bf5120341d5824f9f869520d3481e17
                                                                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 60D1E172609AC695DBB1AB50E4907EAB3A4F7C8381F805036D68D43B6DEFBDC548CB40
                                                                                                                                                                                                                                                                                                                  Function 00007FF751A452B0 Relevance: 5.5, APIs: 1, Strings: 2, Instructions: 225COMMON
                                                                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                                                                    • Part of subcall function 00007FF751A61F00: Concurrency::details::WorkQueue::IsStructuredEmpty.LIBCMTD ref: 00007FF751A61F1D
                                                                                                                                                                                                                                                                                                                  • std::_Fac_node::_Fac_node.LIBCPMTD ref: 00007FF751A45729
                                                                                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                                                                  • Source File: 0000000C.00000002.3060241232.00007FF751A41000.00000020.00000001.01000000.00000014.sdmp, Offset: 00007FF751A40000, based on PE: true
                                                                                                                                                                                                                                                                                                                  • Associated: 0000000C.00000002.3060132073.00007FF751A40000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 0000000C.00000002.3060819819.00007FF751C94000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 0000000C.00000002.3061160990.00007FF751CDA000.00000004.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 0000000C.00000002.3061264071.00007FF751CDB000.00000008.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 0000000C.00000002.3061350002.00007FF751CF0000.00000004.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 0000000C.00000002.3061425831.00007FF751CF2000.00000008.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 0000000C.00000002.3061583034.00007FF751CF6000.00000004.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 0000000C.00000002.3061583034.00007FF751D00000.00000004.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 0000000C.00000002.3061749541.00007FF751D03000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_12_2_7ff751a40000_PcAppStore.jbxd
                                                                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                                                                  • API ID: Concurrency::details::EmptyFac_nodeFac_node::_Queue::StructuredWorkstd::_
                                                                                                                                                                                                                                                                                                                  • String ID: $@
                                                                                                                                                                                                                                                                                                                  • API String ID: 3399187363-1077428164
                                                                                                                                                                                                                                                                                                                  • Opcode ID: 83870a164fc9d027ebc732c8d1275c7903a0604efaaf75061084e787f537d52c
                                                                                                                                                                                                                                                                                                                  • Instruction ID: a5c300ecaba908acacd71e34f999f1d2f2bc2b1318febe83474ac7d1862f3e2f
                                                                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 83870a164fc9d027ebc732c8d1275c7903a0604efaaf75061084e787f537d52c
                                                                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 6DC1C472A09AC191EB71AB50E4907EBB364FBC4381F845132E68D43A5DEFBCD549CB50
                                                                                                                                                                                                                                                                                                                  Function 00007FF751A43DA0 Relevance: 5.5, APIs: 1, Strings: 2, Instructions: 225COMMON
                                                                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                                                                    • Part of subcall function 00007FF751A61F00: Concurrency::details::WorkQueue::IsStructuredEmpty.LIBCMTD ref: 00007FF751A61F1D
                                                                                                                                                                                                                                                                                                                  • std::_Fac_node::_Fac_node.LIBCPMTD ref: 00007FF751A44219
                                                                                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                                                                  • Source File: 0000000C.00000002.3060241232.00007FF751A41000.00000020.00000001.01000000.00000014.sdmp, Offset: 00007FF751A40000, based on PE: true
                                                                                                                                                                                                                                                                                                                  • Associated: 0000000C.00000002.3060132073.00007FF751A40000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 0000000C.00000002.3060819819.00007FF751C94000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 0000000C.00000002.3061160990.00007FF751CDA000.00000004.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 0000000C.00000002.3061264071.00007FF751CDB000.00000008.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 0000000C.00000002.3061350002.00007FF751CF0000.00000004.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 0000000C.00000002.3061425831.00007FF751CF2000.00000008.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 0000000C.00000002.3061583034.00007FF751CF6000.00000004.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 0000000C.00000002.3061583034.00007FF751D00000.00000004.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 0000000C.00000002.3061749541.00007FF751D03000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_12_2_7ff751a40000_PcAppStore.jbxd
                                                                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                                                                  • API ID: Concurrency::details::EmptyFac_nodeFac_node::_Queue::StructuredWorkstd::_
                                                                                                                                                                                                                                                                                                                  • String ID: $@
                                                                                                                                                                                                                                                                                                                  • API String ID: 3399187363-1077428164
                                                                                                                                                                                                                                                                                                                  • Opcode ID: e7110aafcb15d8c36a50dbe30497b8d7cf60e4abbd3d8efa15352f3bf62525ac
                                                                                                                                                                                                                                                                                                                  • Instruction ID: 36e213d92a3751c44bd61c91beb5d4ec81e24e99a33c9ed372f6f95c70250060
                                                                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: e7110aafcb15d8c36a50dbe30497b8d7cf60e4abbd3d8efa15352f3bf62525ac
                                                                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 23C1C372A09AC191DB72AB50E4907EBB364FBC4381F845132E68D43A6DEFBCD549CB50
                                                                                                                                                                                                                                                                                                                  Function 00007FF751C238E0 Relevance: 5.4, APIs: 1, Strings: 2, Instructions: 179COMMON
                                                                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                                                                    • Part of subcall function 00007FF751A620A0: _WChar_traits.LIBCPMTD ref: 00007FF751A620CD
                                                                                                                                                                                                                                                                                                                    • Part of subcall function 00007FF751ABCF20: type_info::_name_internal_method.LIBCMTD ref: 00007FF751ABCFB0
                                                                                                                                                                                                                                                                                                                    • Part of subcall function 00007FF751ABCF20: Concurrency::details::WorkQueue::IsStructuredEmpty.LIBCMTD ref: 00007FF751ABCFDD
                                                                                                                                                                                                                                                                                                                    • Part of subcall function 00007FF751ABCF20: shared_ptr.LIBCMTD ref: 00007FF751ABD013
                                                                                                                                                                                                                                                                                                                    • Part of subcall function 00007FF751ABCF20: Concurrency::details::WorkQueue::IsStructuredEmpty.LIBCMTD ref: 00007FF751ABD0AE
                                                                                                                                                                                                                                                                                                                  • bool_.LIBCPMTD ref: 00007FF751C23B4C
                                                                                                                                                                                                                                                                                                                    • Part of subcall function 00007FF751C23670: UnDecorator::getVbTableType.LIBCMTD ref: 00007FF751C23866
                                                                                                                                                                                                                                                                                                                    • Part of subcall function 00007FF751ABC510: shared_ptr.LIBCMTD ref: 00007FF751ABC585
                                                                                                                                                                                                                                                                                                                    • Part of subcall function 00007FF751ABC510: shared_ptr.LIBCMTD ref: 00007FF751ABC60E
                                                                                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                                                                  • Source File: 0000000C.00000002.3060241232.00007FF751A41000.00000020.00000001.01000000.00000014.sdmp, Offset: 00007FF751A40000, based on PE: true
                                                                                                                                                                                                                                                                                                                  • Associated: 0000000C.00000002.3060132073.00007FF751A40000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 0000000C.00000002.3060819819.00007FF751C94000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 0000000C.00000002.3061160990.00007FF751CDA000.00000004.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 0000000C.00000002.3061264071.00007FF751CDB000.00000008.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 0000000C.00000002.3061350002.00007FF751CF0000.00000004.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 0000000C.00000002.3061425831.00007FF751CF2000.00000008.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 0000000C.00000002.3061583034.00007FF751CF6000.00000004.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 0000000C.00000002.3061583034.00007FF751D00000.00000004.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 0000000C.00000002.3061749541.00007FF751D03000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_12_2_7ff751a40000_PcAppStore.jbxd
                                                                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                                                                  • API ID: shared_ptr$Concurrency::details::EmptyQueue::StructuredWork$Char_traitsDecorator::getTableTypebool_type_info::_name_internal_method
                                                                                                                                                                                                                                                                                                                  • String ID: _add$pcdetails
                                                                                                                                                                                                                                                                                                                  • API String ID: 1858049618-3206784105
                                                                                                                                                                                                                                                                                                                  • Opcode ID: 56b283dd58af2f55471ad84f9348d795f79bab0426ea1838041da08596dcb09d
                                                                                                                                                                                                                                                                                                                  • Instruction ID: 70899952e3f5660fa2f6c5f04f0cca9991426347c02b9697b0a6ffd3f81a660d
                                                                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 56b283dd58af2f55471ad84f9348d795f79bab0426ea1838041da08596dcb09d
                                                                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 98912572A0DAC291DB61AB51E4807EAB360FBC5341F945032E6CD83B6EDF6DD544CB50
                                                                                                                                                                                                                                                                                                                  Function 00007FF751AADE20 Relevance: 5.4, APIs: 1, Strings: 2, Instructions: 156synchronizationCOMMON
                                                                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                                                                    • Part of subcall function 00007FF751A620A0: _WChar_traits.LIBCPMTD ref: 00007FF751A620CD
                                                                                                                                                                                                                                                                                                                    • Part of subcall function 00007FF751ABCF20: type_info::_name_internal_method.LIBCMTD ref: 00007FF751ABCFB0
                                                                                                                                                                                                                                                                                                                    • Part of subcall function 00007FF751ABCF20: Concurrency::details::WorkQueue::IsStructuredEmpty.LIBCMTD ref: 00007FF751ABCFDD
                                                                                                                                                                                                                                                                                                                    • Part of subcall function 00007FF751ABCF20: shared_ptr.LIBCMTD ref: 00007FF751ABD013
                                                                                                                                                                                                                                                                                                                    • Part of subcall function 00007FF751ABCF20: Concurrency::details::WorkQueue::IsStructuredEmpty.LIBCMTD ref: 00007FF751ABD0AE
                                                                                                                                                                                                                                                                                                                    • Part of subcall function 00007FF751AE9670: SHQueryRecycleBinW.SHELL32 ref: 00007FF751AE969C
                                                                                                                                                                                                                                                                                                                    • Part of subcall function 00007FF751ABC510: shared_ptr.LIBCMTD ref: 00007FF751ABC585
                                                                                                                                                                                                                                                                                                                    • Part of subcall function 00007FF751ABC510: shared_ptr.LIBCMTD ref: 00007FF751ABC60E
                                                                                                                                                                                                                                                                                                                  • WaitForSingleObject.KERNEL32 ref: 00007FF751AAE126
                                                                                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                                                                  • Source File: 0000000C.00000002.3060241232.00007FF751A41000.00000020.00000001.01000000.00000014.sdmp, Offset: 00007FF751A40000, based on PE: true
                                                                                                                                                                                                                                                                                                                  • Associated: 0000000C.00000002.3060132073.00007FF751A40000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 0000000C.00000002.3060819819.00007FF751C94000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 0000000C.00000002.3061160990.00007FF751CDA000.00000004.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 0000000C.00000002.3061264071.00007FF751CDB000.00000008.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 0000000C.00000002.3061350002.00007FF751CF0000.00000004.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 0000000C.00000002.3061425831.00007FF751CF2000.00000008.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 0000000C.00000002.3061583034.00007FF751CF6000.00000004.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 0000000C.00000002.3061583034.00007FF751D00000.00000004.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 0000000C.00000002.3061749541.00007FF751D03000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_12_2_7ff751a40000_PcAppStore.jbxd
                                                                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                                                                  • API ID: shared_ptr$Concurrency::details::EmptyQueue::StructuredWork$Char_traitsObjectQueryRecycleSingleWaittype_info::_name_internal_method
                                                                                                                                                                                                                                                                                                                  • String ID: {"app": {"topbar": { "fullScreenMode": %d }}}${"app": {"topbar": { "rBinStatus": %d }}}
                                                                                                                                                                                                                                                                                                                  • API String ID: 1268438965-4283986292
                                                                                                                                                                                                                                                                                                                  • Opcode ID: dc262ca34d1428f55414c2238476a00063f7ef589410aeac2205d82f74de8c28
                                                                                                                                                                                                                                                                                                                  • Instruction ID: a9b11e121dc65cb7c28ac0d171f61f02d0efdfcd54885671baa8fda26b5e41d8
                                                                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: dc262ca34d1428f55414c2238476a00063f7ef589410aeac2205d82f74de8c28
                                                                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: D381143260DAC185DB71AB51E4907ABB7A0FBC9780F844126E6CD43B6EEF6CD548CB50
                                                                                                                                                                                                                                                                                                                  Function 00007FF751A74380 Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 125COMMON
                                                                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                                                                    • Part of subcall function 00007FF751A620A0: _WChar_traits.LIBCPMTD ref: 00007FF751A620CD
                                                                                                                                                                                                                                                                                                                    • Part of subcall function 00007FF751ABCF20: type_info::_name_internal_method.LIBCMTD ref: 00007FF751ABCFB0
                                                                                                                                                                                                                                                                                                                    • Part of subcall function 00007FF751ABCF20: Concurrency::details::WorkQueue::IsStructuredEmpty.LIBCMTD ref: 00007FF751ABCFDD
                                                                                                                                                                                                                                                                                                                    • Part of subcall function 00007FF751ABCF20: shared_ptr.LIBCMTD ref: 00007FF751ABD013
                                                                                                                                                                                                                                                                                                                    • Part of subcall function 00007FF751ABCF20: Concurrency::details::WorkQueue::IsStructuredEmpty.LIBCMTD ref: 00007FF751ABD0AE
                                                                                                                                                                                                                                                                                                                    • Part of subcall function 00007FF751ABC510: shared_ptr.LIBCMTD ref: 00007FF751ABC585
                                                                                                                                                                                                                                                                                                                    • Part of subcall function 00007FF751ABC510: shared_ptr.LIBCMTD ref: 00007FF751ABC60E
                                                                                                                                                                                                                                                                                                                  • std::bad_exception::bad_exception.LIBCMTD ref: 00007FF751A745E8
                                                                                                                                                                                                                                                                                                                    • Part of subcall function 00007FF751C4E4A4: RtlPcToFileHeader.KERNEL32(?,?,?,?,?,?,?,?,?,00007FF751A849CF), ref: 00007FF751C4E4F4
                                                                                                                                                                                                                                                                                                                    • Part of subcall function 00007FF751C4E4A4: RaiseException.KERNEL32(?,?,?,?,?,?,?,?,?,00007FF751A849CF), ref: 00007FF751C4E535
                                                                                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                                                                  • Source File: 0000000C.00000002.3060241232.00007FF751A41000.00000020.00000001.01000000.00000014.sdmp, Offset: 00007FF751A40000, based on PE: true
                                                                                                                                                                                                                                                                                                                  • Associated: 0000000C.00000002.3060132073.00007FF751A40000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 0000000C.00000002.3060819819.00007FF751C94000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 0000000C.00000002.3061160990.00007FF751CDA000.00000004.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 0000000C.00000002.3061264071.00007FF751CDB000.00000008.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 0000000C.00000002.3061350002.00007FF751CF0000.00000004.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 0000000C.00000002.3061425831.00007FF751CF2000.00000008.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 0000000C.00000002.3061583034.00007FF751CF6000.00000004.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 0000000C.00000002.3061583034.00007FF751D00000.00000004.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 0000000C.00000002.3061749541.00007FF751D03000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_12_2_7ff751a40000_PcAppStore.jbxd
                                                                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                                                                  • API ID: shared_ptr$Concurrency::details::EmptyQueue::StructuredWork$Char_traitsExceptionFileHeaderRaisestd::bad_exception::bad_exceptiontype_info::_name_internal_method
                                                                                                                                                                                                                                                                                                                  • String ID: Memory allocation error
                                                                                                                                                                                                                                                                                                                  • API String ID: 3813484266-4275684249
                                                                                                                                                                                                                                                                                                                  • Opcode ID: 186e897b9d910a20b741f4cc77f58cfc550066bd32792121e18cb763cf1e256c
                                                                                                                                                                                                                                                                                                                  • Instruction ID: 7c4d85de2e450f702cfa0cdd887acdab4b989f000a5f88790fe8c11b48298bd1
                                                                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 186e897b9d910a20b741f4cc77f58cfc550066bd32792121e18cb763cf1e256c
                                                                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: C161EA7660EAC591DBA1EB54E4807AAB3A0F7C4781F948032D68D43B6DEF7CD845CB50
                                                                                                                                                                                                                                                                                                                  Function 00007FF751C72490 Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 121COMMON
                                                                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                                                                  • Source File: 0000000C.00000002.3060241232.00007FF751A41000.00000020.00000001.01000000.00000014.sdmp, Offset: 00007FF751A40000, based on PE: true
                                                                                                                                                                                                                                                                                                                  • Associated: 0000000C.00000002.3060132073.00007FF751A40000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 0000000C.00000002.3060819819.00007FF751C94000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 0000000C.00000002.3061160990.00007FF751CDA000.00000004.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 0000000C.00000002.3061264071.00007FF751CDB000.00000008.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 0000000C.00000002.3061350002.00007FF751CF0000.00000004.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 0000000C.00000002.3061425831.00007FF751CF2000.00000008.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 0000000C.00000002.3061583034.00007FF751CF6000.00000004.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 0000000C.00000002.3061583034.00007FF751D00000.00000004.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 0000000C.00000002.3061749541.00007FF751D03000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_12_2_7ff751a40000_PcAppStore.jbxd
                                                                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                                                                  • API ID: _get_daylight$_invalid_parameter_noinfo
                                                                                                                                                                                                                                                                                                                  • String ID: ?
                                                                                                                                                                                                                                                                                                                  • API String ID: 1286766494-1684325040
                                                                                                                                                                                                                                                                                                                  • Opcode ID: 3bf7264d73f680ef49c298547a3983413cd8af9183e792b2ba81abae8d414923
                                                                                                                                                                                                                                                                                                                  • Instruction ID: 6ac53716805b0c950141c199702f3632ca9ef11ac5c7a2f5131eb70c83087700
                                                                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 3bf7264d73f680ef49c298547a3983413cd8af9183e792b2ba81abae8d414923
                                                                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 0C417B92A1828242FB61A725E411379D790EF80BA5FA84239EE5F06ADDDFFED441C710
                                                                                                                                                                                                                                                                                                                  Function 00007FF751AE9FD0 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 90COMMON
                                                                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                                                                    • Part of subcall function 00007FF751AF4AF0: Concurrency::cancellation_token::_FromImpl.LIBCPMTD ref: 00007FF751AF4B1D
                                                                                                                                                                                                                                                                                                                    • Part of subcall function 00007FF751AF4AF0: Concurrency::cancellation_token::_FromImpl.LIBCPMTD ref: 00007FF751AF4B55
                                                                                                                                                                                                                                                                                                                    • Part of subcall function 00007FF751A61730: char_traits.LIBCPMTD ref: 00007FF751A6175D
                                                                                                                                                                                                                                                                                                                  • Concurrency::details::WorkQueue::IsStructuredEmpty.LIBCMTD ref: 00007FF751AEA15E
                                                                                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                                                                  • Source File: 0000000C.00000002.3060241232.00007FF751A41000.00000020.00000001.01000000.00000014.sdmp, Offset: 00007FF751A40000, based on PE: true
                                                                                                                                                                                                                                                                                                                  • Associated: 0000000C.00000002.3060132073.00007FF751A40000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 0000000C.00000002.3060819819.00007FF751C94000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 0000000C.00000002.3061160990.00007FF751CDA000.00000004.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 0000000C.00000002.3061264071.00007FF751CDB000.00000008.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 0000000C.00000002.3061350002.00007FF751CF0000.00000004.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 0000000C.00000002.3061425831.00007FF751CF2000.00000008.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 0000000C.00000002.3061583034.00007FF751CF6000.00000004.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 0000000C.00000002.3061583034.00007FF751D00000.00000004.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 0000000C.00000002.3061749541.00007FF751D03000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_12_2_7ff751a40000_PcAppStore.jbxd
                                                                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                                                                  • API ID: Concurrency::cancellation_token::_FromImpl$Concurrency::details::EmptyQueue::StructuredWorkchar_traits
                                                                                                                                                                                                                                                                                                                  • String ID: parse error$parse_error
                                                                                                                                                                                                                                                                                                                  • API String ID: 3940763495-1820534363
                                                                                                                                                                                                                                                                                                                  • Opcode ID: ca63e6ba91fd54379fac058529a05d5706702b1dec5948f6316bee7e4c982e4d
                                                                                                                                                                                                                                                                                                                  • Instruction ID: 645ec12fc1b9bd23388a9f90759e9a52a6750f0ffdacfec6a31fb84b373415c0
                                                                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: ca63e6ba91fd54379fac058529a05d5706702b1dec5948f6316bee7e4c982e4d
                                                                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: B841E072A09BC595DBA1EB55E4806DAB3A4FBC5384F804022EACD83B6DDF7CD549CB40
                                                                                                                                                                                                                                                                                                                  Function 00007FF751B10300 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 74COMMON
                                                                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                                                                    • Part of subcall function 00007FF751A620A0: _WChar_traits.LIBCPMTD ref: 00007FF751A620CD
                                                                                                                                                                                                                                                                                                                    • Part of subcall function 00007FF751ABCF20: type_info::_name_internal_method.LIBCMTD ref: 00007FF751ABCFB0
                                                                                                                                                                                                                                                                                                                    • Part of subcall function 00007FF751ABCF20: Concurrency::details::WorkQueue::IsStructuredEmpty.LIBCMTD ref: 00007FF751ABCFDD
                                                                                                                                                                                                                                                                                                                    • Part of subcall function 00007FF751ABCF20: shared_ptr.LIBCMTD ref: 00007FF751ABD013
                                                                                                                                                                                                                                                                                                                    • Part of subcall function 00007FF751ABCF20: Concurrency::details::WorkQueue::IsStructuredEmpty.LIBCMTD ref: 00007FF751ABD0AE
                                                                                                                                                                                                                                                                                                                    • Part of subcall function 00007FF751ABC510: shared_ptr.LIBCMTD ref: 00007FF751ABC585
                                                                                                                                                                                                                                                                                                                    • Part of subcall function 00007FF751ABC510: shared_ptr.LIBCMTD ref: 00007FF751ABC60E
                                                                                                                                                                                                                                                                                                                  • Concurrency::details::_CriticalNonReentrantLock::_Scoped_lock::~_Scoped_lock.LIBCMTD ref: 00007FF751B103D6
                                                                                                                                                                                                                                                                                                                  • HandleT.LIBCPMTD ref: 00007FF751B103E5
                                                                                                                                                                                                                                                                                                                    • Part of subcall function 00007FF751B10290: OpenProcess.KERNEL32(?,?,?,?,?,?,?,?,00007FF751B10432), ref: 00007FF751B102B9
                                                                                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                                                                  • Source File: 0000000C.00000002.3060241232.00007FF751A41000.00000020.00000001.01000000.00000014.sdmp, Offset: 00007FF751A40000, based on PE: true
                                                                                                                                                                                                                                                                                                                  • Associated: 0000000C.00000002.3060132073.00007FF751A40000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 0000000C.00000002.3060819819.00007FF751C94000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 0000000C.00000002.3061160990.00007FF751CDA000.00000004.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 0000000C.00000002.3061264071.00007FF751CDB000.00000008.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 0000000C.00000002.3061350002.00007FF751CF0000.00000004.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 0000000C.00000002.3061425831.00007FF751CF2000.00000008.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 0000000C.00000002.3061583034.00007FF751CF6000.00000004.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 0000000C.00000002.3061583034.00007FF751D00000.00000004.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 0000000C.00000002.3061749541.00007FF751D03000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_12_2_7ff751a40000_PcAppStore.jbxd
                                                                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                                                                  • API ID: shared_ptr$Concurrency::details::EmptyQueue::StructuredWork$Char_traitsConcurrency::details::_CriticalHandleLock::_OpenProcessReentrantScoped_lockScoped_lock::~_type_info::_name_internal_method
                                                                                                                                                                                                                                                                                                                  • String ID: NW_store.exe
                                                                                                                                                                                                                                                                                                                  • API String ID: 131083509-3827304589
                                                                                                                                                                                                                                                                                                                  • Opcode ID: 5b8b2ccfbe1ef2afd3a45e6e70b1591183354dd73eef98c7d08bed70d8566cb2
                                                                                                                                                                                                                                                                                                                  • Instruction ID: 0721197ab67b2e493b8803614690199cde9c0ac4e8d1bca21569884f0fc6bf0e
                                                                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 5b8b2ccfbe1ef2afd3a45e6e70b1591183354dd73eef98c7d08bed70d8566cb2
                                                                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: D441F73260DA8185EB60EB55E4807AAB7A1FBC4385F941132E68D83B6EDF7CD544CB50
                                                                                                                                                                                                                                                                                                                  Function 00007FF751ADC690 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 60COMMON
                                                                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                                                                  • GetUserDefaultUILanguage.KERNEL32 ref: 00007FF751ADC6BE
                                                                                                                                                                                                                                                                                                                  • LCIDToLocaleName.KERNEL32 ref: 00007FF751ADC6DD
                                                                                                                                                                                                                                                                                                                    • Part of subcall function 00007FF751A620A0: _WChar_traits.LIBCPMTD ref: 00007FF751A620CD
                                                                                                                                                                                                                                                                                                                    • Part of subcall function 00007FF751ABCF20: type_info::_name_internal_method.LIBCMTD ref: 00007FF751ABCFB0
                                                                                                                                                                                                                                                                                                                    • Part of subcall function 00007FF751ABCF20: Concurrency::details::WorkQueue::IsStructuredEmpty.LIBCMTD ref: 00007FF751ABCFDD
                                                                                                                                                                                                                                                                                                                    • Part of subcall function 00007FF751ABCF20: shared_ptr.LIBCMTD ref: 00007FF751ABD013
                                                                                                                                                                                                                                                                                                                    • Part of subcall function 00007FF751ABCF20: Concurrency::details::WorkQueue::IsStructuredEmpty.LIBCMTD ref: 00007FF751ABD0AE
                                                                                                                                                                                                                                                                                                                    • Part of subcall function 00007FF751ABC510: shared_ptr.LIBCMTD ref: 00007FF751ABC585
                                                                                                                                                                                                                                                                                                                    • Part of subcall function 00007FF751ABC510: shared_ptr.LIBCMTD ref: 00007FF751ABC60E
                                                                                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                                                                  • Source File: 0000000C.00000002.3060241232.00007FF751A41000.00000020.00000001.01000000.00000014.sdmp, Offset: 00007FF751A40000, based on PE: true
                                                                                                                                                                                                                                                                                                                  • Associated: 0000000C.00000002.3060132073.00007FF751A40000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 0000000C.00000002.3060819819.00007FF751C94000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 0000000C.00000002.3061160990.00007FF751CDA000.00000004.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 0000000C.00000002.3061264071.00007FF751CDB000.00000008.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 0000000C.00000002.3061350002.00007FF751CF0000.00000004.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 0000000C.00000002.3061425831.00007FF751CF2000.00000008.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 0000000C.00000002.3061583034.00007FF751CF6000.00000004.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 0000000C.00000002.3061583034.00007FF751D00000.00000004.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 0000000C.00000002.3061749541.00007FF751D03000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_12_2_7ff751a40000_PcAppStore.jbxd
                                                                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                                                                  • API ID: shared_ptr$Concurrency::details::EmptyQueue::StructuredWork$Char_traitsDefaultLanguageLocaleNameUsertype_info::_name_internal_method
                                                                                                                                                                                                                                                                                                                  • String ID: unknown
                                                                                                                                                                                                                                                                                                                  • API String ID: 3795742680-2904991687
                                                                                                                                                                                                                                                                                                                  • Opcode ID: 176a8be313db28d693b74fcf57ed1962fbc18161cf3f7116ca40eb7d9eb6e358
                                                                                                                                                                                                                                                                                                                  • Instruction ID: 212d8673869ff5cb0ae38bda52ea25a85a5bdb33a8fb16bf6648adfcf1f12655
                                                                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 176a8be313db28d693b74fcf57ed1962fbc18161cf3f7116ca40eb7d9eb6e358
                                                                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: B8311672A1CA8192EB61EB50E4516AAB760FBC5385F841132E68D83A6DDF6CD504CB10
                                                                                                                                                                                                                                                                                                                  Function 00007FF751A78220 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 57synchronizationCOMMON
                                                                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                                                                    • Part of subcall function 00007FF751A620A0: _WChar_traits.LIBCPMTD ref: 00007FF751A620CD
                                                                                                                                                                                                                                                                                                                    • Part of subcall function 00007FF751ABCF20: type_info::_name_internal_method.LIBCMTD ref: 00007FF751ABCFB0
                                                                                                                                                                                                                                                                                                                    • Part of subcall function 00007FF751ABCF20: Concurrency::details::WorkQueue::IsStructuredEmpty.LIBCMTD ref: 00007FF751ABCFDD
                                                                                                                                                                                                                                                                                                                    • Part of subcall function 00007FF751ABCF20: shared_ptr.LIBCMTD ref: 00007FF751ABD013
                                                                                                                                                                                                                                                                                                                    • Part of subcall function 00007FF751ABCF20: Concurrency::details::WorkQueue::IsStructuredEmpty.LIBCMTD ref: 00007FF751ABD0AE
                                                                                                                                                                                                                                                                                                                    • Part of subcall function 00007FF751A61F00: Concurrency::details::WorkQueue::IsStructuredEmpty.LIBCMTD ref: 00007FF751A61F1D
                                                                                                                                                                                                                                                                                                                  • OpenEventW.KERNEL32 ref: 00007FF751A782D9
                                                                                                                                                                                                                                                                                                                  • WaitForSingleObject.KERNEL32 ref: 00007FF751A78304
                                                                                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                                                                  • Source File: 0000000C.00000002.3060241232.00007FF751A41000.00000020.00000001.01000000.00000014.sdmp, Offset: 00007FF751A40000, based on PE: true
                                                                                                                                                                                                                                                                                                                  • Associated: 0000000C.00000002.3060132073.00007FF751A40000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 0000000C.00000002.3060819819.00007FF751C94000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 0000000C.00000002.3061160990.00007FF751CDA000.00000004.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 0000000C.00000002.3061264071.00007FF751CDB000.00000008.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 0000000C.00000002.3061350002.00007FF751CF0000.00000004.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 0000000C.00000002.3061425831.00007FF751CF2000.00000008.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 0000000C.00000002.3061583034.00007FF751CF6000.00000004.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 0000000C.00000002.3061583034.00007FF751D00000.00000004.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 0000000C.00000002.3061749541.00007FF751D03000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_12_2_7ff751a40000_PcAppStore.jbxd
                                                                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                                                                  • API ID: Concurrency::details::EmptyQueue::StructuredWork$Char_traitsEventObjectOpenSingleWaitshared_ptrtype_info::_name_internal_method
                                                                                                                                                                                                                                                                                                                  • String ID: ClosingEvent
                                                                                                                                                                                                                                                                                                                  • API String ID: 3785236153-2998232585
                                                                                                                                                                                                                                                                                                                  • Opcode ID: d6469b99e84acb90a6f80a7a6da07ef33f7a9bc7368188412c4097667b8e7bcb
                                                                                                                                                                                                                                                                                                                  • Instruction ID: bec91b850843d43560051f77cca3923f2bc3a58e92987bbfb8a35ab86fa2bd25
                                                                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: d6469b99e84acb90a6f80a7a6da07ef33f7a9bc7368188412c4097667b8e7bcb
                                                                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 5421493290DA8182E751EB60E4416ABF3A1FBC4381F944032F68D42B6EEFBCD545CB50
                                                                                                                                                                                                                                                                                                                  Function 00007FF751C4E4A4 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 44COMMONLIBRARYCODE
                                                                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                                                                  • RtlPcToFileHeader.KERNEL32(?,?,?,?,?,?,?,?,?,00007FF751A849CF), ref: 00007FF751C4E4F4
                                                                                                                                                                                                                                                                                                                  • RaiseException.KERNEL32(?,?,?,?,?,?,?,?,?,00007FF751A849CF), ref: 00007FF751C4E535
                                                                                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                                                                  • Source File: 0000000C.00000002.3060241232.00007FF751A41000.00000020.00000001.01000000.00000014.sdmp, Offset: 00007FF751A40000, based on PE: true
                                                                                                                                                                                                                                                                                                                  • Associated: 0000000C.00000002.3060132073.00007FF751A40000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 0000000C.00000002.3060819819.00007FF751C94000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 0000000C.00000002.3061160990.00007FF751CDA000.00000004.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 0000000C.00000002.3061264071.00007FF751CDB000.00000008.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 0000000C.00000002.3061350002.00007FF751CF0000.00000004.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 0000000C.00000002.3061425831.00007FF751CF2000.00000008.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 0000000C.00000002.3061583034.00007FF751CF6000.00000004.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 0000000C.00000002.3061583034.00007FF751D00000.00000004.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 0000000C.00000002.3061749541.00007FF751D03000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_12_2_7ff751a40000_PcAppStore.jbxd
                                                                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                                                                  • API ID: ExceptionFileHeaderRaise
                                                                                                                                                                                                                                                                                                                  • String ID: csm
                                                                                                                                                                                                                                                                                                                  • API String ID: 2573137834-1018135373
                                                                                                                                                                                                                                                                                                                  • Opcode ID: 56beb57652567ab338aa47cfdaf872af7e7583d000d37913309e3066719c2a0e
                                                                                                                                                                                                                                                                                                                  • Instruction ID: 5a5963df2a64ed3d18af26562358f49d5668ba607b873fce4b6de10c5b296561
                                                                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 56beb57652567ab338aa47cfdaf872af7e7583d000d37913309e3066719c2a0e
                                                                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 36115E72A08B4182EB209F15F400269B7E1FB88B95F694230EB8D07B58EF7DD551C740
                                                                                                                                                                                                                                                                                                                  Function 00007FF751C29900 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 40COMMON
                                                                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                                                                  • Concurrency::details::WorkQueue::IsStructuredEmpty.LIBCMTD ref: 00007FF751C29922
                                                                                                                                                                                                                                                                                                                    • Part of subcall function 00007FF751C2B870: std::bad_exception::bad_exception.LIBCMTD ref: 00007FF751C2B87C
                                                                                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                                                                  • Source File: 0000000C.00000002.3060241232.00007FF751A41000.00000020.00000001.01000000.00000014.sdmp, Offset: 00007FF751A40000, based on PE: true
                                                                                                                                                                                                                                                                                                                  • Associated: 0000000C.00000002.3060132073.00007FF751A40000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 0000000C.00000002.3060819819.00007FF751C94000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 0000000C.00000002.3061160990.00007FF751CDA000.00000004.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 0000000C.00000002.3061264071.00007FF751CDB000.00000008.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 0000000C.00000002.3061350002.00007FF751CF0000.00000004.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 0000000C.00000002.3061425831.00007FF751CF2000.00000008.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 0000000C.00000002.3061583034.00007FF751CF6000.00000004.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 0000000C.00000002.3061583034.00007FF751D00000.00000004.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 0000000C.00000002.3061749541.00007FF751D03000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_12_2_7ff751a40000_PcAppStore.jbxd
                                                                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                                                                  • API ID: Concurrency::details::EmptyQueue::StructuredWorkstd::bad_exception::bad_exception
                                                                                                                                                                                                                                                                                                                  • String ID: invalid stoi argument$stoi argument out of range
                                                                                                                                                                                                                                                                                                                  • API String ID: 3956409420-1606216832
                                                                                                                                                                                                                                                                                                                  • Opcode ID: 023460094e2f72f060304ae90fa989643da481b370c4abab66ad1a21242d7b2d
                                                                                                                                                                                                                                                                                                                  • Instruction ID: 0d53357557385fa4df412af1707f56e841cef310bd25b9f58f34901d8ed623d8
                                                                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 023460094e2f72f060304ae90fa989643da481b370c4abab66ad1a21242d7b2d
                                                                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 471119B2629A8586D750EB15E48026EB7A0F7C4794F981031FACE43B69DFBDD540CB10
                                                                                                                                                                                                                                                                                                                  Function 00007FF751AF2120 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 35COMMON
                                                                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                                                                    • Part of subcall function 00007FF751AF4EF0: shared_ptr.LIBCMTD ref: 00007FF751AF4EFE
                                                                                                                                                                                                                                                                                                                  • GetErrorInfo.OLEAUT32(?,?,?,?,?,?,00007FF751AD8900), ref: 00007FF751AF2192
                                                                                                                                                                                                                                                                                                                    • Part of subcall function 00007FF751AD57A0: __crt_scoped_stack_ptr.LIBCPMTD ref: 00007FF751AD57DA
                                                                                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                                                                  • Source File: 0000000C.00000002.3060241232.00007FF751A41000.00000020.00000001.01000000.00000014.sdmp, Offset: 00007FF751A40000, based on PE: true
                                                                                                                                                                                                                                                                                                                  • Associated: 0000000C.00000002.3060132073.00007FF751A40000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 0000000C.00000002.3060819819.00007FF751C94000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 0000000C.00000002.3061160990.00007FF751CDA000.00000004.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 0000000C.00000002.3061264071.00007FF751CDB000.00000008.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 0000000C.00000002.3061350002.00007FF751CF0000.00000004.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 0000000C.00000002.3061425831.00007FF751CF2000.00000008.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 0000000C.00000002.3061583034.00007FF751CF6000.00000004.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 0000000C.00000002.3061583034.00007FF751D00000.00000004.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 0000000C.00000002.3061749541.00007FF751D03000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_12_2_7ff751a40000_PcAppStore.jbxd
                                                                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                                                                  • API ID: ErrorInfo__crt_scoped_stack_ptrshared_ptr
                                                                                                                                                                                                                                                                                                                  • String ID: RoOriginateLanguageException$combase.dll
                                                                                                                                                                                                                                                                                                                  • API String ID: 1999312203-3996158991
                                                                                                                                                                                                                                                                                                                  • Opcode ID: 882b61e8927fd3346411a4aabb38e811a77c026460feb1edd5a95c1035009321
                                                                                                                                                                                                                                                                                                                  • Instruction ID: a6873a59ff9666035a8ac3edd7be4ff5cc35169bad7983666e47d319233e713e
                                                                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 882b61e8927fd3346411a4aabb38e811a77c026460feb1edd5a95c1035009321
                                                                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 6401A162A18A4281DB11FBA4E4510AEE321FF90385FD48437E58D0666EDEBDD219CB60
                                                                                                                                                                                                                                                                                                                  Function 00007FF751A83C50 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 26COMMON
                                                                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                                                                  • Concurrency::details::_Schedule_chore.LIBCPMT ref: 00007FF751A83C61
                                                                                                                                                                                                                                                                                                                    • Part of subcall function 00007FF751C2D6B8: GetModuleHandleExW.KERNEL32 ref: 00007FF751C2D6A0
                                                                                                                                                                                                                                                                                                                    • Part of subcall function 00007FF751C2D6B8: SubmitThreadpoolWork.KERNEL32 ref: 00007FF751C2D6A9
                                                                                                                                                                                                                                                                                                                    • Part of subcall function 00007FF751C2D6B8: CreateThreadpoolWork.KERNEL32 ref: 00007FF751C2D6CE
                                                                                                                                                                                                                                                                                                                  • std::bad_exception::bad_exception.LIBCMTD ref: 00007FF751A83CA7
                                                                                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                                                                  • Source File: 0000000C.00000002.3060241232.00007FF751A41000.00000020.00000001.01000000.00000014.sdmp, Offset: 00007FF751A40000, based on PE: true
                                                                                                                                                                                                                                                                                                                  • Associated: 0000000C.00000002.3060132073.00007FF751A40000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 0000000C.00000002.3060819819.00007FF751C94000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 0000000C.00000002.3061160990.00007FF751CDA000.00000004.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 0000000C.00000002.3061264071.00007FF751CDB000.00000008.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 0000000C.00000002.3061350002.00007FF751CF0000.00000004.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 0000000C.00000002.3061425831.00007FF751CF2000.00000008.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 0000000C.00000002.3061583034.00007FF751CF6000.00000004.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 0000000C.00000002.3061583034.00007FF751D00000.00000004.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  • Associated: 0000000C.00000002.3061749541.00007FF751D03000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_12_2_7ff751a40000_PcAppStore.jbxd
                                                                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                                                                  • API ID: ThreadpoolWork$Concurrency::details::_CreateHandleModuleSchedule_choreSubmitstd::bad_exception::bad_exception
                                                                                                                                                                                                                                                                                                                  • String ID: Fail to schedule the chore!
                                                                                                                                                                                                                                                                                                                  • API String ID: 2088802962-3313369819
                                                                                                                                                                                                                                                                                                                  • Opcode ID: 7f6338c185a128a8326c690564878fbd159c8fc359815570377b04cb2a3a9318
                                                                                                                                                                                                                                                                                                                  • Instruction ID: 58c56a10ad1e857b018131dc680d7832dfc40cac73337e65a24d365adb7fe05a
                                                                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 7f6338c185a128a8326c690564878fbd159c8fc359815570377b04cb2a3a9318
                                                                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: E8F0816191CB4691EB20FB11E044769F361FF80745FD90431E58E02A9DDFBCD108C710